Web Exploitation
Web exploitation covers a wide range of attacks against websites and web APIs. You'll learn to inspect client-side code, manipulate cookies and sessions, inject malicious SQL queries, and abuse server-side rendering. These techniques map directly to real-world vulnerabilities tracked in the OWASP Top 10.
- 1
Source Code and Developer Tools
Browser developer tools are the first weapon in a web hacker's arsenal. Flags can hide in HTML comments, JavaScript source files, or CSS. The Includes and Inspect HTML challenges are classics that teach you to never trust that what you see in the browser is the whole picture.
- 2
Cookies and Session Manipulation
HTTP is stateless, so web applications use cookies to remember who you are between requests. Cookies are just text, and if an application trusts them without validation, you can forge admin tokens, manipulate user roles, or hijack sessions. Always check what data sits in your browser's cookie jar.
- 3
Enumeration and Hidden Endpoints
Web applications often expose more than the developer intended. A robots.txt can point you to hidden admin paths, JS files may reference internal APIs, and directory traversal can leak restricted files. The head-dump challenge is a great example of information leakage through an unprotected endpoint.
- 4
SQL Injection
SQL injection is one of the oldest and most prevalent web vulnerabilities. When user input is concatenated directly into a database query, an attacker can escape the intended context and execute arbitrary SQL. These challenges cover both classic SQL injection and the NoSQL variant in MongoDB.
- 5
Server-Side Injection
Server-Side Template Injection (SSTI) occurs when user input is embedded directly into a template engine like Jinja2 or Twig. Unlike reflected XSS, SSTI runs on the server and can lead to remote code execution. Understanding template syntax is key to spotting where evaluation happens.