Browse Scenarios

Explore 200+ hands-on cybersecurity challenges built around real-world scenarios and skills.

Showing 112 of 100 scenarios

secureArchive

MediumWeb Security

SCENARIO The Relic Archive accepts plain-text files from developers and locks them down immediately after upload. Every file that lands in the archive gets its permissions wiped, making it unreadable to anyone. The flag is already sitting in the archive, safely locked away. Your job is to make it readable again. You have nothing but a file upload form and a .txt extension requirement. Flag format: flag{} Infrastructure - Docker Container — HTTP on port 8888 Provided Files - SourceCode_secureArchive.zip (2.6 KB)

Command InjectionPhpInput ValidationSource Code ReviewUnrestricted File Upload

It takes two

MediumCryptography

A target, having previously failed to secure their data with a single weak key, has implemented a double encryption scheme using two small keys under the false assumption that it provides adequate security. You have been tasked with proving that this implementation remains highly vulnerable. OBJECTIVE analyze the given script to find cryptographic weakness, then exploit the double encryption scheme. Write a custom script to compute the cipher states, and decrypt the data to recover the plaintext flag. Flag format: FLAG{} Infrastructure: None Provided Files: Python script, ciphertext

AesEncryptionRsaBrute ForceCryptanalysis

Sacrifice

EasyOpen Source Cyber Intelligence

A rumor has gone viral about a serial killer who uses various methods, with the only shared trait among the victims being the name Alice. This urban legend became so popular that it inspired a specific song. You have been tasked with investigating this internet lore to identify the song's creator and its release date. OBJECTIVE Use open-source intelligence and search techniques to identify the producer of the song inspired by the "Alice" serial killer rumor and determine its exact publication date to retrieve the flag. Flag format: FLAG{Producer name-YYYY/MM/DD} Infrastructure: None Provided Files: None

Actionable IntelligenceScrapingReconnaissanceAdversary Profile

Smart move

MediumCryptography

An intercepted communication from a high-security server reveals the use of Elliptic Curve Cryptography for its key exchange mechanism. Intelligence suggests that the system administrator made a critical cryptographic error during the curve selection process, deploying a vulnerable curve that undermines the system's integrity. OBJECTIVE Exploit the flawed curve selection to efficiently solve the Elliptic Curve Discrete Logarithm Problem (ECDLP), decrypt the intercepted communication, and recover the hidden flag. Flag format: FLAG{} Infrastructure: None Provided Files: Python script, ciphertext

EccDigital SignatureEcdlpSssaCryptographic Failure

The calling

EasyCryptography

An intercepted communication contains a brief personal letter: "Hello, My name is Alice bob, I was born on 2002, and I work at a company called secureit, I have a cute cat named charlie". Alongside this letter, investigators found a unique cryptographic string: 6f43c1d96b72514eb3ff49e534d86333. OBJECTIVE Utilize the personally identifiable information (PII) extracted from the letter to generate a targeted wordlist, identify the hashing algorithm of the provided string, and execute an automated cracking attack to recover the hidden password. Flag format: FLAG{password} Infrastructure: None Provided Files: None

HashingMd5Brute ForcePassword CrackingCupp

Ghost Raptor

MediumOpen Source Cyber Intelligence

SCENARIO Operative, An official U.S. military account posted an image of an F-22 Raptor in the USCENTCOM AOR but kept the location secret. OSINT analysts later geolocated the base, media exposed it, and the post was deleted and reissued without the location hint. Your task: Identify the military base where the F-22 was stationed. Use any OSINT method—image forensics, terrain analysis, or media reports. We need the name. Get it. flag format: flag{XX-Xxxxxx_Xxx_Xxxx} Infrastructure - Downloadable File Provided Files - GhostRaptor.zip (526.8 KB)

Reverse Image SearchGeolocationImage AnalysisDigital FootprintingPivot

Guardian

HardBash

SCENARIO A system monitoring service is running on this machine, quietly keeping an eye on temperatures and system load. It runs as root. You do not. You land as a regular user. The path to root is somewhere in how that service works and the privileges it carries. Find it. Credentials: user:user Infrastructure - Docker Container — HTTP on port 7681 Provided Files - None

Privilege EscalationSuidEnvironment VariablesPath VariableBash Pitfalls

HealthChk

MediumWeb Security

You've been handed access to a simple health check service, submit your database connection details, get a status back. Clean. Functional. Boring, even. But somewhere beneath that mundane interface, the application is doing something far more interesting with your input than it lets on. The developers anticipated attackers. They built a filter. They felt protected. Look closer at what the application is built on, and how old it is. Look closer at what happens to your data before it ever reaches the business logic. The protection in place guards against the obvious but the obvious isn't your only path in. Your goal is a shell. The flag is waiting. Flag format: flag{}

Insecure DeserializationRceUrl EncodingSource Code ReviewInput Validation

NORTHERN TRACE

MediumOpen Source Cyber Intelligence

SCENARIO A photograph taken from the rear of a car somewhere in the UK. The license plate is visible, but several characters have been deliberately obscured. Your job is to figure out what they are, and identify the exact vehicle model in the image. Look closely, use the right tools, and work through it systematically. Submit the flag in the format: Flag{X_Y} where X is the full license plate and Y is the exact vehicle model. Infrastructure - Downloadable File Provided Files - photo.zip (476.7 KB)

Image AnalysisPublic RecordsVerificationOpen Source ToolReconnaissance

Operation Silent Whistle

MediumOpen Source Cyber Intelligence

SCENARIO A disturbing incident has come to light—an under-16 match in Russia was streamed on a major gambling website , raising serious ethical and legal concerns. The only evidence we have is a single image from the match. Your mission is to uncover the exact venue where this event took place and expose the truth behind its organization. This operation requires precision, resourcefulness, and the ability to analyze digital footprints to trace the location. The future integrity of youth sports depends on intelligence specialists like you. Submit your findings in the format: flag{Аxxxxxxxxxxx_Xxxxxxxx_Xxxxxxxxxx}. Do not fail. Infrastructure - Downloadable File Provided Files - match.zip (914.2 KB)

Image AnalysisGeolocationPublic RecordsPivotDigital Footprinting

PoisonedNote

HardWeb Security

SCENARIO A note-taking application that takes sanitization seriously. Input goes through DOMPurify, notes are stored safely, and an admin bot reviews anything reported to it. The developer is confident nothing malicious can slip through. You have full access to the source code. Read carefully how notes are stored and how they are retrieved. The sanitization works exactly as intended, but something else does not. Flag format: flag{} Infrastructure - Docker Container — HTTP on port 3000 Provided Files - PoisonedNote.zip (5.5 KB)

XssConfusion AttacksJavascriptInput ValidationSource Code Review

PoisonedNote V2

MediumWeb Security

SCENARIO A note-taking application, now with a Content Security Policy the developer is particularly proud of. XSS is still in the picture, but the CSP is standing in the way. Tight restrictions, a trusted CDN, and a nonce-based script allowlist. You have full access to the source code. Read through every endpoint carefully, and find the vulnerability Flag format: flag{} Infrastructure - Docker Container — HTTP on port 3000 Provided Files - poisonednote2.zip (5.7 KB)

XssContent Security PolicyOpen RedirectSource Code ReviewJavascript