Red team

Root-Me Web server challenges

Green team
Blue team
Purple team
Indigo team
Broomstick Brief
Ty Myrddin

Initializing search

Red team

Fox stealth. Raccoon grit. Squirrel-level entitlement.
Fox stealth. Raccoon grit. Squirrel-level entitlement.

Root-Me Web server challenges¶

Root Me Web Client challenges

Test skills with:

Insecure code management
Directory traversal
File upload: null byte
PHP assert()
PHP Filters
PHP Register globals
JWT Introduction
JWT (not) revoked token
JWT weak secret
Python: Server-side Template Injection Introduction
Command injection: filter bypass
Java: Server-side Template Injection (SSTI)
Local file inclusion
Local file inclusion: double encoding
PHP preg_replace
PHP type juggling
SQL injection: authentication
SQL injection: string
XSLT code execution
PHP path truncation
PHP serialisation
SQL injection: numeric
SQL injection: routed
SQL truncation
XPath injection: authentication
SQL injection: time-based

Last update: 2025-07-28 11:18

Previous CSRF: zero protection

Next Insecure code management

© Copyright 2025, TyMyrddin.

Created using Sphinx 7.2.6. and Sphinx-Immaterial

Made with love in the Unseen University, 2025, with a forest garden fostered by /ut7