Welcome, security enthusiast! You’ve found the challenge page.
The Hunt
There are 5 flags hidden across this website. Each one tests a different skill:
- Web Reconnaissance - Understanding common files
- Source Code Analysis - Reading what’s in front of you
- Security Standards - Knowing where to look for security info
- Directory Enumeration - Finding what’s not linked
- Encoding & Obfuscation - Decryption and decoding
Flag Format
All flags follow this format: flag{...}
Rules
- No brute forcing or DoS attacks
- No automated scanning tools (be respectful)
- Use standard web reconnaissance techniques
- Think like a penetration tester
Hints
- Start with the basics: robots.txt, security.txt
- View source on every page (including this one!)
- Hidden files exist
- All flags are encoded - use the decoder below
- There are multiple flags on this page
- Check HTML comments, data attributes, and hidden elements
Scoreboard
Found all 5? Email me at KevinKessler@ProtonMail.com with:
- All 5 flags
- Brief description of where you found each one
- Your name/handle (optional, for recognition)
First 10 people to find all flags will be listed on the hall of fame!
Why This Exists
This challenge demonstrates:
- Common OSINT techniques
- Web application reconnaissance
- Attention to detail
- Security awareness
It’s also a fun way to engage with the security community!
Current Status: Challenge Active
Difficulty: Beginner to Intermediate
Estimated Time: 20-45 minutes
Good luck, and happy hunting!
Flag Decoder
Found an encoded string? Decode it here: