Applicants Challenge 2025
Hi there,
As in the past three years, we’ve created a new CTF again this year – now already in its fourth edition – and would like to invite you to join the fun once more. The goal of the challenge is, as always, to simulate a realistic attack on the IT infrastructure of a fictitious company – greetings from Kurt’s Maultaschenfabrikle. This time, there are whispers that the company might be branching out... maybe sponsoring a metal festival somewhere near Ulm? Who knows
Compared to last year’s challenge, this year’s CTF once again includes the Lateral Movement and Extra Miles categories – but instead of sheer quantity, we’ve focused on fewer, more in-depth challenges. So while there might be less on the surface, what’s there packs a punch. Oh, and new this year: we’ve introduced First Bloods and a few extra trophies for particularly creative, fast, or stubborn solvers. So if you're into glory (or just like shiny things), keep your eyes open. And don’t worry: we still don’t expect anyone to solve everything completely - so no pressure at all
As always, our goal is to identify talented folks for our red team. But even if you’re not currently looking for an opportunity, you’re still very welcome to participate – and if you manage to rack up at least 4501 points, we’ll happily send you some exclusive swag (check the “Rating” section for details). If you can’t wait to dive in, the challenge introduction is waiting for you right here.
And just a heads-up: we’ll try to contact promising participants using the email address you provide. If
you’d prefer to reach out to us directly (or don’t want to enter your email upfront), feel free to contact
us at aiyc@code-white.com. Just don’t forget to include your CTF username when you do. Also,
if you run into any issues, have feedback, or just want to share your thoughts – even if you're not
interested in a
job with us – you're very welcome to drop us a line as well.
Rating
| Points | Rank | Possible Reaction |
|---|---|---|
| 0000 - 1500 | You are still in warm-up mode, right? | |
| 1501 - 3000 | Nice try! Keep practicing and you'll get there. | |
| 3001 - 4000 | Good effort! Let's talk about your experience. | |
| 4001 - 4500 | Impressive! Let's skip the first two dialog partners and let us know if you want to talk directly to our CEO. | |
| 4501 - 5000 | Outstanding! Here's your contract- just sign here and there, please (just kidding, but your chances just got a lot higher). This score also earns you a Swag package! | |
| 5001 - 6750 | Incredible! Not only do you get a contract, but also free drinks with the challenge creator and a Swag package. |
Rules
- Feel free to utilize any tools or techniques you are familiar with.
- However, please remember that this is a shared environment, so refrain from spoiling the experience for other participants.
- While discussing the challenge and sharing the scoreboard URL is permitted, please avoid leaking any solutions, hints, or technical details.
- It is strictly prohibited to engage in any destructive attacks such as DDoS, file deletion or trying to brute-force the flag submission.
- If you believe that brute-force is the only way to proceed, you are completely mistaken. However, a password spraying attack is more efficient and viable.
- Please ensure that if you place files on a disk during your exploitation/post-exploitation phase, kindly delete them afterwards to prevent potential spoilers for other players.
- There is no specific order you have to solve the challenges. It is essential to see the big picture, and as you are aware, enumeration is the key!
- TL;DR: Don't be a jerk!
Constraints
- The environment will automatically reset itself between 4:00 - 4:30 AM German time.
- All flags follow the format:
FLAG{CHALLENGE_NAME#MD5SUM}
Let's assume the name of the challenge is FooBar, for example:FLAG{FooBar#47755cd7c589206f9f46b8c0da88ea15} - Flags are typically accessible only to the
rootorAdministratoror similar users and are commonly located within the/root/home folder or on the Administrator Desktop.
Status
Curious if a challenge is currently online or experiencing downtime? You don’t have to guess – simply check here and you’ll always see the live status.
Let's go
Please read the challenge introduction text here.