logo
Red wilds
Root-Me Web client challenges
  • Privacy greenhouse
  • Defence blues
  • Purple crossroads
  • Indigo observatory
  • Contact
Initializing search
    • Unseen University Power & Light Co.
    • The Scarlet Semaphore
    • Myrddin’s menagerie
    • In: Where the falcons and foxes roam
      • A canopy of apple-blossom
        • Field notes from the fragrant branches of web app exploitation
        • Web application attack runbooks
        • Web application attack playbooks
        • Portswigger Academy labs: Controlled burn
        • Root-me: Orchard foraging
          • Root-Me Web client challenges
            • HTML disabled buttons
            • Javascript authentication
            • Javascript source
            • Javascript native code
            • XSS stored 1
            • CSP bypass inline
            • CSRF: zero protection
          • Root-Me Web client challenges
            • HTML disabled buttons
            • Javascript authentication
            • Javascript source
            • Javascript native code
            • XSS stored 1
            • CSP bypass inline
            • CSRF: zero protection
          • Root-Me Web server challenges
        • Petals and pentesting priorities
      • Social engineering
      • Where wild boars plough through endpoints
      • Wolverines do not ask for permissions
      • Riches in the ground
      • The device is just the keyring
      • Poking physics with network packets
    • Through: Where the raccoons burrow and rummage
    • Out: Where squirrels swipe the crown jewels

    Root-Me Web client challenges¶

    Root Me Web Client challenges

    Puzzle with:

    • HTML disabled buttons
    • Javascript authentication
    • Javascript source
    • Javascript native code
    • XSS stored 1
    • CSP bypass inline
    • CSRF: zero protection
    2026-03-25 22:33
    © Copyright 2025, TyMyrddin.
    Created using Sphinx 7.2.6. and Sphinx-Immaterial

    Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7