Finding what the site didn't mean to show you.
Think you know content discovery? Every challenge below hides one endpoint that exists on the server but is linked from nowhere.
The challenges are drawn from real pentest findings, trimmed and reshaped to fit a CTF. They assume you already know your way around an HTTP fuzzer.
1. Find the endpoint. Each challenge hides exactly one path somewhere inside its /chalN/ URL tree. Fuzz the tree and identify which response property separates the hit from the misses.
2. Submit to claim your flag. Take the path you found to the verification page and submit it. A correct path is exchanged for the flag, formatted flag{...}.
The rules of engagement: No challenge page gives anything away — everything you need to solve all seven is on this page.