Hey everybody!
Looking to further hone your web app pentesting skillz? Then you will enjoy this week’s challenge release. We staggered the difficulty levels so there is something for beginners and for advanced folks.
For screenshots and descriptions of this week’s additions, see below.
Good luck and have fun!
The Cyber Range Team
![A woman exploring the digital web.](https://www.antisyphontraining.com/wp-content/uploads/2023/10/corvus_le_crow_a_digital_web_9b17f9ac-4767-4a9a-a10b-1973886d51b7-1.png)
P.S. If you’re not already signed up for the BHIS Antisyphon Cyber Range, the following page has screenshots, info, and, of course, a link where you can sign up and join in the fun:
![We are a company that fully believes that the customer is always right. This is such a core value to our company that we have extended this belief to the clients that access our site! We hope everyone can see how much we care about our clients. Have a great day!](https://www.antisyphontraining.com/wp-content/uploads/2023/10/9295-clients-always-right.png)
![The itsy bitsy spider climbed up the website. Down came the shells and washed the spider out... !](https://www.antisyphontraining.com/wp-content/uploads/2023/10/9316-spider.png)
![We've deployed a fairly simple program that can take input and display its hash in a number of different formats. It's available on both Windows and Linux. Get down in the weeds and see if you can understand how it works. You may want go beyond static analysis on this one. Try connecting it to a debugger (using default debugger settings!) and watch what requests it makes - I bet there will be a flag waiting.](https://www.antisyphontraining.com/wp-content/uploads/2023/10/9330-web-inspection.png)
![Joey has a policy against people stealing his cookies, so he doesn't need to use secure coding practices on his blog, right? See if you can bypass his policy and compromise his session.](https://www.antisyphontraining.com/wp-content/uploads/2023/10/9165-cookie-stealing.png)