| Challenge Name | Description | Hint |
|---|---|---|
| apache-logs | There is suspicion that an external host was able to access a sensitive file accidentally placed in one of the company website's directories. | Which directory types should sensitive files not be placed in? |
| seigwards-secrets | Seigward has been storing his secrets on his website for decades. Hasn't failed him yet. | Where can you find a website's code? |
| Challenge Name | Description | Hint |
|---|---|---|
| buster | Check out my new site, it has lots of cool pages! | What do HTTP response codes actually mean? |
| heres-my-password | We have a list of 500 users (males, females, and pets) and one password. Log-in with the proper credentials for the flag. | This is not intended to require manual brute force. What are some other types of brute force methods? |
| road-not-taken | You've reached a fork in the road! Choose the right path to find your way to the flag. Start here: https://jerseyctf-road-not-taken.chals.io/ | Recent CVEs may help you find your way. |
| flag-vault | I'm very organized. I even keep all of my flags neatly organized in a database! But, these are my flags! You don't have access to them... or do you? Start here: jerseyctf-flag-vault.chals.io | What is the most common type of database? |
| Challenge Name | Description | Hint |
|---|---|---|
| cookie-factory | Here at Granny's Old-Fashioned Home-Baked Cookie Factory, we pride ourselves on our cookies AND security being the best in the business. Start here: https://jerseyctf-cookie-factory.chals.io/ | No hints. |