Applicants Challenge 2023


Hi there,

This year, we have created a new CTF and would like to invite you to participate once again. The objective of the challenge is to simulate a realistic attack on the IT infrastructure of a fictitious company. In comparison to last year's challenge, this year's CTF has a broader scope, and we assure you it won't be too easy. We don't even expect anyone to solve all the challenges completely :-P, so no pressure at all :>.

Our goal is to identify qualified candidates to join our red team. However, even if you're not currently interested in this exciting position, you are still welcome to participate (and we'll be delighted to offer some swag if you score at least 3500 points). For those who can't wait, you can find the challenge introduction text here.

Please note that we will make an effort to contact promising participants using the email address you provide. If you prefer to contact us directly (or if you'd rather not disclose your email address upfront), you can reach us at aiyc@code-white.com. In such cases, please remember to include your CTF username.

Rating

Points Possible Reaction
0 - 2500 You are still in warm-up mode, right?
2501 - 4000 Let's talk
4001 - 5000 Let's skip the first two dialog partners.
We are sending you directly to the CEO.
5001 - 5500 Here's your contract, just sign here and there, please.
This score also grants you some free drinks with the challenge creator.

Rules

  • Feel free to utilize any tools or techniques you are familiar with.
  • However, please remember that this is a shared environment, so refrain from spoiling the experience for other participants.
  • While discussing the challenge and sharing the scoreboard URL is permitted, please avoid leaking any solutions, hints, or technical details.
  • It is strictly prohibited to engage in any destructive attacks such as DDoS, file deletion or trying to brute-force the flag submission.
  • If you believe that brute-force is the only way to proceed, you are completely mistaken. However, a password spraying attack is more efficient and viable.
  • Please ensure that if you place files on a disk during your exploitation/post-exploitation phase, kindly delete them afterwards to prevent potential spoilers for other players.
  • There is no specific order you have to solve the challenges. It is essential to see the big picture, and as you are aware, enumeration is the key!
  • TL;DR: Don't be a jerk!

Constraints

  • The environment will automatically reset itself at 4:00 AM German time.
  • All flags follow the format
    [[FLAG_CATEGORY_MD5_First-letter-of-the-challenge-name]]
    Let's assume the name of the challenge is Foo Bar, for example:
    [[FLAG_POST-EXPLOITATION_a27a2990ea0c04841c29b85ee6533adb_FB]]
    [[FLAG_INITIAL-ACCESS_65d82149eb8806edb33827f44d15cba9_FB]] or
    [[FLAG_RECON_5ffe2389aebdf0f5301666ecdd00d6d4_FB]]
  • Flags are typically accessible only to the root or Administrator user and are commonly located within the /root/ home folder or on the Administrator Desktop.

Let's go

Please read the challenge introduction text here.