Falcons CIC — Web CTF
Pick a challenge. Each page is intentionally vulnerable and contains a unique flag.
Warmup • Info Disclosure
Preflight
Easy • Hidden Files
Shadow Vault
Medium • DOM XSS
Mirror Bite
Medium • Open Redirect
Side Path
Medium • Insecure JWT
Paper Seal
Medium • Misconfigured CORS
Open Skies
Hard • XXE
Hungry Parser
Hard • Exposed .git
Buried Logs
Hard • Source Map Leak
Unmasked Map
Medium • Clickjacking
Glass Switch
Medium • Obfuscated JavaScript
Knotted Tongue
Medium • Steganography
Painted Echo
Easy • Weak Crypto
Phantom Key
Hard • Mixed Content
Rusty Gate
Medium • Puzzle Chain
Crumb Compass
Medium • CSS Exfil
Silk Gossip
Easy • Logic Flaw
Costume Check
Medium • Cache Trick
Stale Ink
Easy • Encoding Maze
Babel Tower
Rules: Educational only; be gentle; stay within these paths.