Applicants Challenge 2024
Hi there,
As in the past two years, we have created a new CTF this year and would like to invite you to participate once again. The objective of the
challenge is to simulate a realistic attack on the IT infrastructure of a fictitious company - Greetings from Kurt's Maultaschenfabrikle ;).
Compared to last year's challenge, this year's CTF has a broader scope - we've added two new categories (Lateral Movement and Extra
Miles), and we assure you it won't be too easy. We don't even expect anyone to solve all the challenges completely :-P, so no pressure at
all :>.
Our goal is to identify qualified candidates to join our red team. However,
even if you're not currently interested in this exciting position, you are still welcome to participate (and we'll be delighted to
offer some swag if you score at least 4500 points). For those who can't wait, you can find the challenge introduction text
here.
Please note that we will make an effort to contact promising participants using the email address you provide. If you prefer to
contact us directly (or if you'd rather not disclose your email address upfront), you can reach us at
aiyc@code-white.com. In such cases, please
remember to include your CTF username.
Rating
Points | Possible Reaction |
---|---|
0000 - 1500 | You are still in warm-up mode, right? |
1501 - 2000 | Nice try! Keep practicing and you'll get there. |
2001 - 4000 | Good effort! Let's talk about your experience. |
4001 - 5000 | Impressive! Let's skip the first two dialog partners. We are sending you directly to the CEO. |
5001 - 6050 | Outstanding! Here's your contract, just sign here and there, please. This score also grants you a Swag packet. |
6051 - 8500 | Incredible! Not only do you get a contract, but also free drinks with the challenge creator and a Swag packet. |
Rules
- Feel free to utilize any tools or techniques you are familiar with.
- However, please remember that this is a shared environment, so refrain from spoiling the experience for other participants.
- While discussing the challenge and sharing the scoreboard URL is permitted, please avoid leaking any solutions, hints, or technical details.
- It is strictly prohibited to engage in any destructive attacks such as DDoS, file deletion or trying to brute-force the flag submission.
- If you believe that brute-force is the only way to proceed, you are completely mistaken. However, a password spraying attack is more efficient and viable.
- Please ensure that if you place files on a disk during your exploitation/post-exploitation phase, kindly delete them afterwards to prevent potential spoilers for other players.
- There is no specific order you have to solve the challenges. It is essential to see the big picture, and as you are aware, enumeration is the key!
- TL;DR: Don't be a jerk!
Constraints
- The environment will automatically reset itself between 4:00 - 4:30 AM German time.
- All flags follow the format:
FLAG{CHALLENGE_NAME#MD5SUM}
Let's assume the name of the challenge is FooBar, for example:FLAG{FooBar#47755cd7c589206f9f46b8c0da88ea15}
- Flags are typically accessible only to the
root
orAdministrator
or similar users and are commonly located within the/root/
home folder or on the Administrator Desktop.
Let's go
Please read the challenge introduction text here.