Capture the flags

Find all 5 flags hidden within this small website. All of them can be classified as "Web" tasks. The flag format is CTF{some text here}.


By using this website you accept the following rules:

  1. There's no need to brute force anything here so please, don't. Just use your 🧠
  2. Unless you want to participate in Heroku's bug bounty there's no need to perform any infrastructure hacking.
  3. If you find any functional issues on the website let me know. There are no brownie points for pointing out it's ugly though, I know ;)


  1. This one is basically free, nothing to add here.
  2. 🤖 shall not pass
  3. A blue puppet who also loves sweet buttery pastries
  4. There's an endpoint at /api/v2/users, I wonder what info it may hold. They say they migrated from the old version so you can't see the admin account anymore.
  5. Sometimes you just don't GET it.