./perfect-product/ ├── Dockerfile ├── flag.txt └── src ├── app.js ├── package.json ├── package-lock.json ├── readflag ├── readflag.c ├── static │ └── img └── views ├── index.ejs └── product.ejs There is a flag.txt file and binary of "readflag". # Dockerfile FROM debian:sid ENV NODE_ENV "production" RUN apt update && \ apt install -y curl && \ curl -sL https://deb.nodesource.com/setup_18.x | bash..

./challenge/ ├── challenge │ ├── app.py │ ├── poc.py │ ├── poc.sh │ ├── static │ └── templates │ └── index.html ├── docker-compose.yml └── Dockerfile version: '3' services: shop: build: . container_name: aquatic_delights ports: - "8080:8080" environment: - FLAG=justCTF{here_should_be_a_flag} restart: always You can see flag in docker-compose.yml. There are only few codes to check out. Let's see ..

This Chall is well-known type of XSS Challenge. ./web_extra-safe-security-layers/ ├── docker-compose.yml ├── Dockerfile └── src ├── app.js ├── bot.js ├── flag.txt ├── package.json ├── public │ ├── admin_background.png │ └── background.png └── templates └── index.ejs It gives that this chall has 5 safety layer through remark. These remarks confused me, even if this chall was not that hard. Just I..