Target from: CTF Playground

Intermediate, Non rootable, Timed

inject / 0.0.0.0

3: Flags (2:app, env)
1: Service
1,310 pts
Avg. headshot: 253 minutes

inJect: Terminal based log viewing service at your disposal
#headshot

Level 20 / Master Hax0r

0xdragonh4ck0S / 65th Place

3: Flags found
1: Service discovered
660 pts
4 minutes

Top 3 HACKGDL CTF 2026 🥉 Top 4 AHAU CTF 2025 ✨ Top 34 HACKMEX 2025 ✨

Everyone speaks about escaping user input to avoid injections but if you are a developer trying to actually implement a protection like this you are on your own.

The developer of this application, had all the good intentions, he even used some suggested solutions from stackoverflow.com... and we all know how well that usually goes.

To start the challenge connect with nc 10.0.14.25 1337. Your timer starts from the first time you connect to the service.

53 Headshots (newer first)

Lychi3, 0xdragonh4ck0S, NegaRequiem, g1ggl3r, XNOEX, nudim, s1ngle, Astralis, TheRealFredP3D, NImporteQui, hackercon101, Touchme, Ckabos, alamillo, akdangerous, katto, c0nfirm, echoOne, Sid110307
karpik, Atlantica, doofyr, hazy, cavca2012, darklordbnl, Pablo977, jaxafed, antonioban, 4rl4dn4, uApocryphon, No0ne, noother, AskTaimoor, Twelve, D1ie3z, novena, vicky5, srrequiem, bas1c, Sev7en, ddr4ramm, Tr1s, PufferOverflow, Grosik, Pegasus, hitmanalharbi, Muzec, biba22, ElleuchX1, g0rchy

2 Writeups by:

antonioban (en) 2 - Nicehackercon101 (en) Not rated!

Activity Stream

Latest activity on the platform

0xdragonh4ck0S managed to headshot [inject], in 4 minutes, 12 days ago
0xdragonh4ck0S Got the flag of inject for 150 points, 12 days ago
0xdragonh4ck0S Got the env flag of inject for 250 points, 12 days ago
0xdragonh4ck0S Got the flag of inject for 250 points, 12 days ago
0xdragonh4ck0S Is getting started with inject for 10 points, 12 days ago