Root-Me/CRLF·20ptsCRLF — Root-MeChallenge CRLF on HTTP plumbing and template engines.Webhard#web#root-me#hardMay 26, 2026
Root-Me/API - Mass Assignment·20ptsAPI - Mass Assignment — Root-MeChallenge API - Mass Assignment on HTTP plumbing and template engines.Webhard#web#root-me#hardMay 26, 2026
Root-Me/File upload - Double extensions·20ptsFile upload - Double extensions — Root-MeFor File upload - Double extensions, the backend trusts headers and cookies too much.Webhard#web#root-me#hardMay 26, 2026
Root-Me/HTTP - Directory indexing·15ptsHTTP - Directory indexing — Root-MeServer-side web task HTTP - Directory indexing.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/Nginx - Alias Misconfiguration·15ptsNginx - Alias Misconfiguration — Root-MeFor Nginx - Alias Misconfiguration, the backend trusts headers and cookies too much.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/API - Broken Access·15ptsAPI - Broken Access — Root-MeServer-side web task API - Broken Access.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/HTTP - POST·15ptsHTTP - POST — Root-MeServer-side web task HTTP - POST.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/Backup file·15ptsBackup file — Root-MeServer-side web task Backup file.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/HTTP - Open redirect·10ptsHTTP - Open redirect — Root-MeServer-side web task HTTP - Open redirect.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/PHP - Command Injection·10ptsPHP - Command Injection — Root-MeServer-side web task PHP - Command Injection.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Weak password·10ptsWeak password — Root-MeFor Weak password, the backend trusts headers and cookies too much.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTTP - IP restriction bypass·10ptsHTTP - IP restriction bypass — Root-MeFor HTTP - IP restriction bypass, the backend trusts headers and cookies too much.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTML - Source code·5ptsHTML - Source code — Root-MeFor HTML - Source code, the backend trusts headers and cookies too much.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/XSS DOM Based - Introduction·35ptsXSS DOM Based - Introduction — Root-MeWeb client notes for XSS DOM Based - Introduction: XSS variants, CSP bypass narratives, and chaining a UI flaw with an API call the server should have rejected..Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/CSRF 0 protection·35ptsCSRF 0 protection — Root-MeClient-side web challenge CSRF 0 protection.Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/CSP Bypass - Inline code·35ptsCSP Bypass - Inline code — Root-MeFor CSP Bypass - Inline code, the attack surface lives in front-end validation.Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/AST - Deobfuscation·35ptsAST - Deobfuscation — Root-MeClient-side web challenge AST - Deobfuscation.Webinsane#web#root-me#insaneMay 26, 2026
Root-Me/XSS - Stored 1·30ptsXSS - Stored 1 — Root-MeWeb client notes for XSS - Stored 1: XSS variants, CSP bypass narratives, and chaining a UI flaw with an API call the server should have rejected..Webhard#web#root-me#hardMay 26, 2026
Root-Me/Javascript - Obfuscation 3·30ptsJavascript - Obfuscation 3 — Root-MeClient-side web challenge Javascript - Obfuscation 3.Webhard#web#root-me#hardMay 26, 2026
Root-Me/Javascript - Webpack·15ptsJavascript - Webpack — Root-MeFor Javascript - Webpack, the attack surface lives in front-end validation.Webmedium#web#root-me#mediumMay 26, 2026
Root-Me/Javascript - Obfuscation 1·10ptsJavascript - Obfuscation 1 — Root-MeFor Javascript - Obfuscation 1, the attack surface lives in front-end validation.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Authentication 2·10ptsJavascript - Authentication 2 — Root-MeClient-side web challenge Javascript - Authentication 2.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Source·5ptsJavascript - Source — Root-MeClient-side web challenge Javascript - Source.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/Javascript - Authentication·5ptsJavascript - Authentication — Root-MeClient-side web challenge Javascript - Authentication.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/HTML - disabled buttons·5ptsHTML - disabled buttons — Root-MeClient-side web challenge HTML - disabled buttons.Webeasy#web#root-me#easyMay 26, 2026
Root-Me/PNG - Least Significant Bit·30ptsPNG - Least Significant Bit — Root-MeChallenge PNG - Least Significant Bit: layered images and subtle LSB patterns.Forensicshard#root-me#hard#forensicsMay 26, 2026
Root-Me/Crypt-art·25ptsCrypt-art — Root-MeChallenge Crypt-art: layered images and subtle LSB patterns.Forensicshard#root-me#hard#forensicsMay 26, 2026
Root-Me/PDF - Embedded·25ptsPDF - Embedded — Root-MeStego task PDF - Embedded hiding data in media and metadata.Forensicshard#root-me#hard#forensicsMay 26, 2026
Root-Me/EXIF - Thumbnail·20ptsEXIF - Thumbnail — Root-MeChallenge EXIF - Thumbnail: layered images and subtle LSB patterns.Forensicsmedium#root-me#medium#forensicsMay 26, 2026
Root-Me/WAV - Spectral analysis·20ptsWAV - Spectral analysis — Root-MeChallenge WAV - Spectral analysis: layered images and subtle LSB patterns.Forensicsmedium#root-me#medium#forensicsMay 26, 2026
Root-Me/Yellow dots·15ptsYellow dots — Root-MeStego task Yellow dots hiding data in media and metadata.Forensicsmedium#root-me#medium#forensicsMay 26, 2026
Root-Me/Poem from Space·15ptsPoem from Space — Root-MeChallenge Poem from Space: layered images and subtle LSB patterns.Forensicsmedium#root-me#medium#forensicsMay 26, 2026
Root-Me/Twitter Secret Messages·10ptsTwitter Secret Messages — Root-MeOn Twitter Secret Messages, files look innocent at first glance.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/Steganomobile·10ptsSteganomobile — Root-MeOn Steganomobile, files look innocent at first glance.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/Dot and next line·10ptsDot and next line — Root-MeChallenge Dot and next line: layered images and subtle LSB patterns.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/EXIF - Metadata·5ptsEXIF - Metadata — Root-MeOn EXIF - Metadata, files look innocent at first glance.Forensicseasy#root-me#easy#forensicsMay 26, 2026
Root-Me/Root them·35ptsRoot them — Root-MeOn Root them, the path crosses web, network, and host layers.Miscinsane#root-me#misc#insaneMay 26, 2026
Root-Me/Windows - Zerologon·35ptsWindows - Zerologon — Root-MeScenario Windows - Zerologon reads like a small enterprise lab.Miscinsane#root-me#misc#insaneMay 26, 2026
Root-Me/PyRat Auction·30ptsPyRat Auction — Root-MeOn PyRat Auction, the path crosses web, network, and host layers.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Breaking Root-Me like it's 2020·30ptsBreaking Root-Me like it's 2020 — Root-MeScenario Breaking Root-Me like it's 2020 reads like a small enterprise lab.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/The h@ckers l4b·25ptsThe h@ckers l4b — Root-MeRealistic scenario The h@ckers l4b blending multiple weak services.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Windows - ASRepRoast·25ptsWindows - ASRepRoast — Root-MeOn Windows - ASRepRoast, the path crosses web, network, and host layers.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/P0wn3d·20ptsP0wn3d — Root-MeRealistic scenario P0wn3d blending multiple weak services.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/Windows - Kerberoast·20ptsWindows - Kerberoast — Root-MeOn Windows - Kerberoast, the path crosses web, network, and host layers.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/End Droid·15ptsEnd Droid — Root-MeOn End Droid, the path crosses web, network, and host layers.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/It happens, sometimes·10ptsIt happens, sometimes — Root-MeRealistic scenario It happens, sometimes blending multiple weak services.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/Deep Learning - Captcha·40ptsDeep Learning - Captcha — Root-MeWalkthrough for Deep Learning - Captcha: data structure tradeoffs, boundary cases, and how to derive the expected output without leaking full contest automation code..Miscinsane#root-me#misc#insaneMay 26, 2026
Root-Me/Apprentice Scraper·35ptsApprentice Scraper — Root-MeProgramming puzzle Apprentice Scraper focused on algorithmic constraints.Miscinsane#root-me#misc#insaneMay 26, 2026
Root-Me/Various encodings·30ptsVarious encodings — Root-MeProgramming puzzle Various encodings focused on algorithmic constraints.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Second degree polynomial solver·25ptsSecond degree polynomial solver — Root-MeProgramming puzzle Second degree polynomial solver focused on algorithmic constraints.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/ELF x64 - Shellcoding - Sheep warmup·25ptsELF x64 - Shellcoding - Sheep warmup — Root-MeFor ELF x64 - Shellcoding - Sheep warmup, the task tests API misuse and race windows.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/Deep Learning - Introduction·20ptsDeep Learning - Introduction — Root-MeWalkthrough for Deep Learning - Introduction: data structure tradeoffs, boundary cases, and how to derive the expected output without leaking full contest automation code..Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/CAPTCHA me if you can·20ptsCAPTCHA me if you can — Root-MeProgramming puzzle CAPTCHA me if you can focused on algorithmic constraints.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/Mathematic progression·20ptsMathematic progression — Root-MeFor Mathematic progression, the task tests API misuse and race windows.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/TCP - Uncompress Me·15ptsTCP - Uncompress Me — Root-MeWalkthrough for TCP - Uncompress Me: data structure tradeoffs, boundary cases, and how to derive the expected output without leaking full contest automation code..Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/TCP - The Roman wheel·10ptsTCP - The Roman wheel — Root-MeProgramming puzzle TCP - The Roman wheel focused on algorithmic constraints.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TCP - Encoded string·10ptsTCP - Encoded string — Root-MeProgramming puzzle TCP - Encoded string focused on algorithmic constraints.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TCP - Back to school·5ptsTCP - Back to school — Root-MeWalkthrough for TCP - Back to school: data structure tradeoffs, boundary cases, and how to derive the expected output without leaking full contest automation code..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/HTTP - DNS Rebinding·25ptsHTTP - DNS Rebinding — Root-MeNetwork challenge HTTP - DNS Rebinding: packet captures and protocol oddities.Mischard#root-me#misc#hardMay 26, 2026
Root-Me/RF - Key Fixed Code·15ptsRF - Key Fixed Code — Root-MeNetwork challenge RF - Key Fixed Code: packet captures and protocol oddities.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/Data extraction·20ptsData extraction — Root-MeFor Data extraction, traffic analysis reveals a covert channel.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/POP - APOP·15ptsPOP - APOP — Root-MeWalkthrough for POP - APOP — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/RF - FM Transmission·15ptsRF - FM Transmission — Root-MeNetwork challenge RF - FM Transmission: packet captures and protocol oddities.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/SIP - authentication·15ptsSIP - authentication — Root-MeNetwork challenge SIP - authentication: packet captures and protocol oddities.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/LDAP - null bind·15ptsLDAP - null bind — Root-MeNetwork challenge LDAP - null bind: packet captures and protocol oddities.Miscmedium#root-me#misc#mediumMay 26, 2026
Root-Me/NTLM - Authentication·10ptsNTLM - Authentication — Root-MeWalkthrough for NTLM - Authentication — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/Kerberos - Authentication·10ptsKerberos - Authentication — Root-MeWalkthrough for Kerberos - Authentication — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/DNS - zone transfert·10ptsDNS - zone transfert — Root-MeFor DNS - zone transfert, traffic analysis reveals a covert channel.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/CISCO - password·10ptsCISCO - password — Root-MeWalkthrough for CISCO - password — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/ETHERNET - frame·5ptsETHERNET - frame — Root-MeFor ETHERNET - frame, traffic analysis reveals a covert channel.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/TELNET - authentication·5ptsTELNET - authentication — Root-MeNetwork challenge TELNET - authentication: packet captures and protocol oddities.Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/FTP - authentication·5ptsFTP - authentication — Root-MeWalkthrough for FTP - authentication — routing quirks, protocol state confusion, and turning a man-in-the-middle vantage into actionable host intelligence..Misceasy#root-me#easy#miscMay 26, 2026
Root-Me/DNS exfiltration·30ptsDNS exfiltration — Root-MeForensics scenario DNS exfiltration with disk and memory artifacts.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Logs analysis - web attack·25ptsLogs analysis - web attack — Root-MeOn Logs analysis - web attack, investigators recover fragments from an image dump.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Heist of the century·25ptsHeist of the century — Root-MeForensics scenario Heist of the century with disk and memory artifacts.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Find the cat·25ptsFind the cat — Root-MeChallenge Find the cat: log triage and artifact correlation.Forensicshard#root-me#hard#forensicMay 26, 2026
Root-Me/Windows - NTDS Secret extraction·20ptsWindows - NTDS Secret extraction — Root-MeOn Windows - NTDS Secret extraction, investigators recover fragments from an image dump.Forensicsmedium#root-me#medium#forensicMay 26, 2026
Root-Me/Docker layers·20ptsDocker layers — Root-MeChallenge Docker layers: log triage and artifact correlation.Forensicsmedium#root-me#medium#forensicMay 26, 2026
Root-Me/ICMP exfiltration·20ptsICMP exfiltration — Root-MeOn ICMP exfiltration, investigators recover fragments from an image dump.Forensicsmedium#root-me#medium#forensicMay 26, 2026
Root-Me/Command & Control - level 2·15ptsCommand & Control - level 2 — Root-MeChallenge Command & Control - level 2: log triage and artifact correlation.Forensicsmedium#root-me#medium#forensicMay 26, 2026
Root-Me/Oh My Grub·15ptsOh My Grub — Root-MeOn Oh My Grub, investigators recover fragments from an image dump.Forensicsmedium#root-me#medium#forensicMay 26, 2026
Root-Me/Capture this·15ptsCapture this — Root-MeOn Capture this, investigators recover fragments from an image dump.Forensicsmedium#root-me#medium#forensicMay 26, 2026
Root-Me/Deleted file·5ptsDeleted file — Root-MeChallenge Deleted file: log triage and artifact correlation.Forensicseasy#root-me#easy#forensicMay 26, 2026
Root-Me/Encoding - Codebook·20ptsEncoding - Codebook — Root-MeCryptanalysis path for Encoding - Codebook — algebraic manipulation, small subgroup checks, and a plausible attack narrative without dumping complete secret material..Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/Circular Bit Shift·20ptsCircular Bit Shift — Root-MeFor Circular Bit Shift, ciphertext structure suggests hybrid encoding.Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/Known plaintext - XOR·20ptsKnown plaintext - XOR — Root-MeFor Known plaintext - XOR, ciphertext structure suggests hybrid encoding.Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/ELF64 - PID encryption·15ptsELF64 - PID encryption — Root-MeCrypto challenge ELF64 - PID encryption: classical cipher layers and modular arithmetic.Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/File - PKZIP·15ptsFile - PKZIP — Root-MeCrypto challenge File - PKZIP: classical cipher layers and modular arithmetic.Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/Pixel Madness·15ptsPixel Madness — Root-MeCrypto challenge Pixel Madness: classical cipher layers and modular arithmetic.Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/Monoalphabetic substitution - Caesar·15ptsMonoalphabetic substitution - Caesar — Root-MeCrypto challenge Monoalphabetic substitution - Caesar: classical cipher layers and modular arithmetic.Cryptomedium#crypto#root-me#mediumMay 26, 2026
Root-Me/CISCO - Salted Password·10ptsCISCO - Salted Password — Root-MeFor CISCO - Salted Password, ciphertext structure suggests hybrid encoding.Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Shift cipher·10ptsShift cipher — Root-MeCrypto challenge Shift cipher: classical cipher layers and modular arithmetic.Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Hash - SHA-2·5ptsHash - SHA-2 — Root-MeCryptanalysis path for Hash - SHA-2 — algebraic manipulation, small subgroup checks, and a plausible attack narrative without dumping complete secret material..Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Hash - Message Digest 5·5ptsHash - Message Digest 5 — Root-MeCryptanalysis path for Hash - Message Digest 5 — algebraic manipulation, small subgroup checks, and a plausible attack narrative without dumping complete secret material..Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Encoding - ASCII·5ptsEncoding - ASCII — Root-MeCrypto challenge Encoding - ASCII: classical cipher layers and modular arithmetic.Cryptoeasy#crypto#root-me#easyMay 26, 2026
Root-Me/Unity3D Save handling·20ptsUnity3D Save handling — Root-MeReverse-oriented cracking task Unity3D Save handling.Reverse Engineeringmedium#root-me#medium#crackingMay 26, 2026
Root-Me/APK - Flutter Debug·20ptsAPK - Flutter Debug — Root-MeOn APK - Flutter Debug, the notes explain tracing a license routine, defeating superficial packers, and extracting the comparison secret without publishing raw keys..Reverse Engineeringmedium#root-me#medium#crackingMay 26, 2026
Root-Me/ELF ARM - Basic Crackme·20ptsELF ARM - Basic Crackme — Root-MeReverse-oriented cracking task ELF ARM - Basic Crackme.Reverse Engineeringmedium#root-me#medium#crackingMay 26, 2026
Root-Me/PE DotNet - Basic Crackme·20ptsPE DotNet - Basic Crackme — Root-MeChallenge PE DotNet - Basic Crackme mixes obfuscation and anti-debug hints.Reverse Engineeringmedium#root-me#medium#crackingMay 26, 2026
Root-Me/ELF x64 - Basic KeygenMe·20ptsELF x64 - Basic KeygenMe — Root-MeOn ELF x64 - Basic KeygenMe, the notes explain tracing a license routine, defeating superficial packers, and extracting the comparison secret without publishing raw keys..Reverse Engineeringmedium#root-me#medium#crackingMay 26, 2026