Applicants Challenge 2024


Hi there,

As in the past two years, we have created a new CTF this year and would like to invite you to participate once again. The objective of the challenge is to simulate a realistic attack on the IT infrastructure of a fictitious company - Greetings from Kurt's Maultaschenfabrikle ;). Compared to last year's challenge, this year's CTF has a broader scope - we've added two new categories (Lateral Movement and Extra Miles), and we assure you it won't be too easy. We don't even expect anyone to solve all the challenges completely :-P, so no pressure at all :>.

Our goal is to identify qualified candidates to join our red team. However, even if you're not currently interested in this exciting position, you are still welcome to participate (and we'll be delighted to offer some swag if you score at least 5001 points (see "Rating")). For those who can't wait, you can find the challenge introduction text here.

Please note that we will make an effort to contact promising participants using the email address you provide. If you prefer to contact us directly (or if you'd rather not disclose your email address upfront), you can reach us at aiyc@code-white.com. In such cases, please remember to include your CTF username.

Rating

Points Possible Reaction
0000 - 1500 You are still in warm-up mode, right?
1501 - 2000 Nice try! Keep practicing and you'll get there.
2001 - 4000 Good effort! Let's talk about your experience.
4001 - 5000 Impressive! Let's skip the first two dialog partners and let us know if you want to talk directly to our CEO.
5001 - 6050 Outstanding! Here's your contract— just sign here and there, please (just kidding, but your chances just got a lot higher). This score also earns you a Swag package!
6051 - 8500 Incredible! Not only do you get a contract, but also free drinks with the challenge creator and a Swag packet.

Rules

  • Feel free to utilize any tools or techniques you are familiar with.
  • However, please remember that this is a shared environment, so refrain from spoiling the experience for other participants.
  • While discussing the challenge and sharing the scoreboard URL is permitted, please avoid leaking any solutions, hints, or technical details.
  • It is strictly prohibited to engage in any destructive attacks such as DDoS, file deletion or trying to brute-force the flag submission.
  • If you believe that brute-force is the only way to proceed, you are completely mistaken. However, a password spraying attack is more efficient and viable.
  • Please ensure that if you place files on a disk during your exploitation/post-exploitation phase, kindly delete them afterwards to prevent potential spoilers for other players.
  • There is no specific order you have to solve the challenges. It is essential to see the big picture, and as you are aware, enumeration is the key!
  • TL;DR: Don't be a jerk!

Constraints

  • The environment will automatically reset itself between 4:00 - 4:30 AM German time.
  • All flags follow the format: FLAG{CHALLENGE_NAME#MD5SUM}
    Let's assume the name of the challenge is FooBar, for example:
    FLAG{FooBar#47755cd7c589206f9f46b8c0da88ea15}
  • Flags are typically accessible only to the root or Administrator or similar users and are commonly located within the /root/ home folder or on the Administrator Desktop.

Let's go

Please read the challenge introduction text here.