Monthly CTF challenges

Active challenges

Hardware monitor - Dojo #44

Active

Ruby

Until: Sep 21, 2025

arrow_forward

Description

We were recently hired to perform an authorized pentest and we were given access to their custom application that monitors the hardware usage for their server. It seems we can run custom backup scripts with our current authorization role. That seems interesting... right?

Archived challenges

BlackHat challenge - Hide and seek

Description

Do you want to play hide and seek? That wasn't really a question, I'm already hidden and took your flag with me. I've even covered all traces so good luck finding me! 😉🚩

Dojo #43 - CCTV Manager

Description

During a pentest, we discovered a rare custom Linux distro running a CCTV management program that seems to be stuck in a boot process. If we can upload a custom firmware, we should be able to get a remote code execution (RCE) on the CCTV. We leave the rest to you.

Dojo #42 - Hex Color Palette

Description

No description for this challenge

Dojo #41 - Ruby treasure

Description

We're a new development team and we're big fans of Ruby in all its forms. To kick things off, we've launched our brand new online shop: **Ruby treasure**, where we offer our finest fake Ruby jewellery. We've hired some of the best developers around, so feel free to try hacking us - if you dare.

Dojo #40 - Hacker profile

Description

Use only JSON to build your hacker profile. The developer claims their application is fully secure. Prove them wrong by reading the `flag.txt` file on the server.

Description

A new website offers free “phishing” sites, grab yours before it's too late!

Dojo #38 - Xmas wishlist

Description

Santa has been busy in recent years. Now you can submit your very own wishlist in TOML format on his new website! Can you make your wish come true?

Dojo #37 - Hacker forum

Description

A hacking forum has appeared on the internet and is about to go viral. However, it seems that a 0-day has been discovered in the forum, can you exploit it?

Halloween Special - Spooky Party Invitation

Description

Dojo #36 - Shell escape

Description

A friend of yours has created a web application that allows you to check the availability of your locally hosted services. He assured you that it is secure and even allowed you to run it as a test user! Prove him wrong by reading the `flag.txt` file on the server. ~ _The flag can be found in the file: `/tmp/flag.txt`_

Description

The chatroom where all hackers used to hang out was found to contain a serious 0-day vulnerability. There is still no official explanation of how the vulnerability can be exploited, can you figure it out?

Dojo #34 - AI Image Generator

Description

A new tool has recently been published, designed to generate beautiful AI images based on your given prompt. We have also made sure that it works to upload files if the prompt is in XML format! **Will you be able to find the flag?**

Dojo #33 - Windows 12

Description

We've had the honor of trying out a new computer in the office! Seems we got a nice welcome message when we started the computer, wonder what else there is to find?

Dojo #32 - Security Panel

Description

During a security test, you discovered an unusual administration panel that appears to allow modification of the server's security settings. Could it also provide a way to obtain a flag?

Dojo #31 - Coffee shop

Description

The coffee shop has gone well so far, only one too strong espresso was handed out. I bet that's because we didn't use our own special coffee beans. Anyway, make a review and don't forget to take advantage of our new feature allowing escape characters! ~ _The flag can be found in the enviroment variable: `FLAG`._

Dojo #30 - Terminal isolation

Description

Break free from the isolation, get a [**R**emote **C**ode **E**xecution (RCE)](https://www.cloudflare.com/learning/security/what-is-remote-code-execution/) and steal the flag!