Categories
CTF's My CTF's

Presidential CTF

Presidential is my third Capture the Flag exercise. It is rated as Medium to Hard – I wouldn’t say the exploitation techniques are necessarily difficult on this server, but this box will definitely test your enumeration skills. If you need a hint, feel free to contact me – but enumerate harder first.

Enumerate Enumerate Enumerate

This is the best advice I can give you.

Download Now

Synopsis:

The Presidential Elections within the USA are just around the corner (November 2020). One of the political parties is concerned that the other political party is going to perform electoral fraud by hacking into the registration system, and falsifying the votes.

The state of Ontario has therefore asked you (an independent penetration tester) to test the security of their server in order to alleviate any electoral fraud concerns (I’m aware Ontario isn’t a real US state – this is meant to be fictional). Your goal is to see if you can gain root access to the server – the state is still developing their registration website but has asked you to test their server security before the website and registration system are launched.

This CTF was created and has been tested with VirtualBox. It should also be compatible with VMWare and is DHCP enabled.

You can download the CTF here. I look forward to your feedback.

SHA-256: 1d402ad612251e4b07bf990d7f55f1d3c5158bf9c0aad4e3663526f4d06a3e97
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl7334kACgkQPvHWS2kZ
5UMx4hAAn8P9vng05Q7O4VUpmpnTHZIn8e1lpjNUAy7Gt5coPbmvlEqIHp+kqLtO
IH9omyBndDN6D8xa1FkfLYjUF5J9xKAXgU7JfY+dbDtWBmRD+62X1C0BO3m1M+FX
y/C76sVfzI9k7nFas+nv/GI4J4jYbDSSBrA8dO7IXH7OUzxF24TsU610IkNxjO6e
Oucora8F/ayZ3ZCAvN+ogHggFYoj0cQs5SZuY5W5A6SK8qw7t4qN8j88Qjffh+I0
Kp0bF9GwfhDxIPZ64vYVo1BqpDKMFA2S7MFuuZFxsYOSOfnLv09jdxn8N/nKaNHE
azRn4tBsj6ougwgqaenH3tA8wQqcnZDqoLDtBVujXSANVL7lrP2tbwrbCNZz/j7m
mPLmoyPjWbeluGXsFgx/Y/xppOrBJ4TjhXcq8Uoy+Ej7UZmTgb3xxJwdIR9tTbcj
3epu3xsG5xOA+ZZ2Qh3SzNDKtcifCnTXo4ZcyUKRN70SSTvib5uY01IoQj/0E3tM
L4cjO+Rd1ottCdOPNXQvh7pH91hfKOXx8NBmMeSd5SAYNkpBGf76/5Ja8pQB1g+Z
h9hRaoeqedcI5K97Mp1N4SqKBy3Y5pEYx9HLW1kJZpfwW1cljrUTl7NGdLo8NEqG
U+x8r+DqQrapCf/TV/05rHIUuHuCHCrXDbE6KL5dZZCc5PQKIG4=
=9xw4
-----END PGP SIGNATURE-----
Categories
CTF's My CTF's

PowerGrid CTF

This is my second CTF exercise that I have developed. It is rated as ‘Hard’.

Download Now

Synopsis:

Cyber criminals have taken over the energy grid across Europe. As a member of the security service, you’re tasked with breaking into their server, gaining root access, and preventing them from launching their malware before it’s too late.

We know from previous intelligence that this group sometimes use weak passwords. We recommend you look at this attack vector first – make sure you configure your tools properly. We do not have time to waste.

Unfortunately, the criminals have started a 3 hour clock. Can you get to their server in time before their malware is deployed and they destroy the evidence on their server?

The types of vulnerability/techniques used in this CTF can be seen below (they are intentionally hidden by default):

This exercise is designed to be completed in one sitting. Shutting down the virtual machine will not pause the timer. After the timer has finished, the CTF machine will be shut down and you will be unable to boot it. Please keep a local backup of the CTF prior to starting, in case you wish to attempt a second time.

If you are to succeed, I strongly recommend reading these points:

  • Keep a local backup before starting in case you run out of time
  • You will need a basic understanding of the GPG tool and how it works
  • Configure your tools so they work at the maximum/hardest level possible. Make sure you are looping around the correct thing, if you know what I mean
  • Getting the initial shell is possibly the longest part.
  • There are four flags in total. Each flag file will guide you to the next area

This virtual machine has been tested in VirtualBox only. I cannot guarantee it will work on VMWare, but it should be okay.

You can download the CTF here. I look forward to your feedback.

SHA-256: 8bc79937082748c21de14c5da3772f7fc750d52b68cf27816922186f6e68d6b7
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl7NXQsACgkQPvHWS2kZ
5UOzdg//es42hIqFbXL01ASUK6Rg0hU5hKQYBNYn+CshF+HbbuAVE4lWACd1PygR
/rxKEuxnb74jvLtEn1S1orDSxu7ePKGEtxmLChX1AlTMWsODvBbDXvdtlE62iDRM
ZwKsDs87dSpLHQazP+lV0jqot02GmLVPyeg2STKyfuyeQZ8KgKQUJHe/K0GRd0Z4
XaLuy1oRM6ujDk+GZv1Yjg8oP4Uzv+Tn0IMpfc8/1BHMIYZOnVEll3ukOFcnDYHW
YcYvQwI9T8frMXLBhWqWbjFU4VCD3OAzL+F7TsQi5KZ6SuGtzRr4flhncHNYwcMU
yuQonELGMdNuXBj6Dud6G9Drh2FrGyod1CZhPw/IWDzxBSM/K34MVNmBqUcEEt+4
+bqovZ8MQ2pbOQW4IVclejPwz07+VWWIf5OrhW2z80bOSKASY0y7+z068xmO0IcS
///zxkN53/iA6nNxB0I+QZWn+AaslaWL1vknekhLLY9hBm1qus1WCHNizUUvmgBF
vyDCC4BbHgwnDqlGs8f8sREdsFr+uJrL905H/TL4Xv3H1MtKUXKQbcmUWOFpDRMm
rH1qEehstgA2Eo4tBk+dfVbYnS+9aDnXw1v13bsdkNLZI38H6XZK2ecRsfj/TG3Z
ZaQKClq+RjU9MG5RaFUwTQp95A8uILtmk+q7NEk61fAgzPLnPKQ=
=pRuz
-----END PGP SIGNATURE-----
Version NumberDescription of ChangesDate of Change
1.0Initial release20/05/2020
1.1Stability release – changed some network settings to make this work correctly in non-VirtualBox setups26/05/2020
Categories
CTF's My CTF's

CTF Difficulty Levels

The level of difficulty for a capture the flag exercise is certainly subjective, so I have put together a matrix which describes the difficulty level for any CTF I create:

Difficulty TitleDifficulty Description
Very
Easy
Vulnerability types: SQL Injection, Brute Force, Software Exploits where exploit tools are readily available. Usually limited to a few exploits needed to get root access.
EasyVulnerability types: SQL Injection, Brute Force, Hash Cracking, Software Exploits where exploit tools are readily available.
May involve quite a few different exploits to obtain root access.
MediumVulnerability types: SQL Injection, Brute Force, Hash Cracking, XSS vulnerabilities. Software Exploits may not be readily available, or they are hard to get working. May involve experience in the tools available on Linux.
Will very likely have quite a few vulnerabilities which you will need to overcome to get root access.
HardVulnerability types: SQL Injection, Brute Force, Hash Cracking, XSS vulnerabilities, encryption issues, pivoting. Software Exploits may not be readily available, or they are hard to get working. Will likely involve experience in the tools available on Linux.
Will very likely have quite a few vulnerabilities which you will need to overcome to get root access. Exercise may be timed, and various defense mechanisms may be in place to make it harder to get root access.
Very
Hard
I am literally trying my best to prevent you from obtaining root access. You will need to be very experienced, and think outside the box.
Categories
CTF's My CTF's

Credit Card Scammers CTF

This is my first Capture the Flag exercise and covers a number of different techniques.

Download Now

The back story: Scammers are taking advantage of people and various fake shopping websites have been setup, but people are finding their orders never arrive. We have identified one scam website which we believe is harvesting credit card details from victims. Your objective is to take down the scam website by gaining root access, and identify the 3 flags on their server. Our intelligence suggests the scammers are actively reviewing all orders to quickly make use of the credit card information.

The types of vulnerability used in this CTF can be seen below (they are intentionally hidden by default):

You can download the Capture the Flag here. This has been tested using VirtualBox but may work with other virtualisation platforms. DHCP is enabled, and it is recommended you run this in host-only network mode.

Please feel free to leave me feedback in the comments. I am keen to see what people thought about it and how easy/difficult they thought it was.

SHA-256: e840abca18c81bb269a02247a99416b0f63261f3a62d4b17b9436fb3387f70e7
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEbBiicuM2ITDGGcOJPvHWS2kZ5UMFAl7NYsAACgkQPvHWS2kZ
5UNxQhAAk134aocO6KkEoe+f+DIQrTdFbG8CxQ/b4PWRrIWvFStPzyLwlFe2Vi/W
oYfJ+i+pgrkh2NXVf5UbwnfvChUPIjnyxa6NhuVM9vfWsxkwvWLJ4DcKYMVhKuK1
bOEyXqL4MXp1TrEUZWUm7R3xxlgcaRAA2cpts0joDImmggcljC7n1oeBYHumasbn
A9YPuBnjBJnST3ii2brhNV0c58YTJLpssN3XFIGSQmFsl9xwXeU/zClrX4WivP0U
9odK/gUvVXGBRzr/BrsxVK65s5/0IYuFkwGBKoDvqCQOr2sZQC6le/PioH8VeQ19
23jYte6fbMDggXzvbXNUx19tMg6tGKXipcXKD5+9Vdp6SL8nbxHo07DhkeuOPFmv
GjAYj1jEYcgVUVNrb9lRmMkow9tkUq67DhPBN8ekwM/PR/1jxAQTG/P9JL+69/lS
aag3U/IpNl334I4oO5TniutUJf06YsHeWqeKO7cq9elVVfC4YPI+VOESS6eiS0DB
Zc7YO6oYomEcL7wA4Io5m+qaEy4SFHUEutw4aurcoXNf8a/95BL5jIAK71JA30Ut
euB/KWB2IxxuafxD38coqjxmlDQPx7fztMHPGUhvvqZiqyjaQtFoPFzKu4BYDeIY
y5INDm1oVetVt1VB5ZHYXT8dS2owGET8WC6DTZCf4g9isTbhlws=
=NDWq
-----END PGP SIGNATURE-----