Capture the Flag Challenges


Foreword

This page includes an open CTF challenge and a list of previous ones along with their solutions. These are for educational purposes and provide a legal safe play area for you to hone your skills. The difficulty will vary from beginner to experienced practitioner.

Anyone should be capable of achieving the end result by determination and persistence.


Current Challenge

The goal of the challenge is to achieve root level permissions on the host and generate a flag using the files in the /root directory. Breadcrumbs have been left in a few places to help you along.

Title Difficulty Release Solution
Coming Soon Intermediate Coming Soon Coming Soon

You managed to get root? Awesome. Share a screenshot of your privileges with us on Twitter @pentestlimited. The purpose of these challenges is to provide a playground for anyone interested to practice their skills.

We welcome people willing to do comprehensive write-ups on their blogs. However, please refrain from posting until the official solution has been released so as to keep potential spoilers away from others still working on it.


Previous Challenges

The table below lists the previous challenges. Feel free to give them a try and check your working against the solutions provided. For each image there will be more than one way of chaining exploits to gain root. We settled on one for the solution. Did you enjoy the challenge? Tweet us your write up.

Title Difficulty Release Solution
BSides Edinburgh 2017 Moderate Download Solution
Securi-Tay 2017 Novice Download Solution

Instructions for setup:

The file can be loaded either into VMWare Player which is available as a free download here or Virtualbox available here. Ignore any messages you might receive about the system being unable to connect to a certain drive.

Once the VM is booted up, it should show you the IP address that was configured automatically by the VMware DHCP. This should be all the information you need to get started.