Well, I've been doing CNO dev for a while but I've never really gotten into CTF stuff.
So.. hacker one has a CTF.
Level : Trivial
Some mostly blank page. view source in chrome. I hope these aren't browser dependent. Anyway.. it loads a boring background image and has some dire warning about getting stuck. I try to navigate to other resources. I try to view the image separately incase its so huge it has stuff off the edge or has text imbedded in the jpeg. That is where the flag is. Ok. Pretty easy.
Level : Easy, Micro CMS v1
A series of pages. There is a main page with a listing of sub page titles. There is the option to view a page or create a new page. When on a page you can edit the title and body.
I create a couple pages and notice the page number is discontinuous. I manually load a couple of the missing pages and eventually stumble upon one that is different and A flag is there. This challenge has 4 flags. Problem is sorting out where each might be.
Moving on, I edit a page a bit and notice script tags get removed/scrubbed. It also supports some sort of markdown. I eventually manage some image tag XSS and get the second flag.
The third flag is XSS in the title that then gets executed on the main page in the page listing. Ok, 3/4 down.
The last flag takes quite a bit of bumbling around in the wrong area. Even with the hints, I glossed over the area with the flag but totally missed it for hours. But, I was so close, I'm sort of angry it took that long. Its a type mismatch error thing in the URL.