{"title":"CTF Challenge","description":"","products":[{"product_id":"poisoned-gate-10d","title":"Poisoned Gate","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003ePoison AI models to bypass automated access controls\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190518895,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-poisoned-gate_e1bbc058-f422-4a86-ad65-858dd119ef6d.png?v=1784297468"},{"product_id":"chain-intel-10d","title":"Chain Intel","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge focuses on AI supply chain reconnaissance using OSINT and human-centric intelligence. Participants identify key AI personnel and pivot across platforms like professional networks and repositories to uncover exposed development artifacts. By correlating data, they extract sensitive model details, highlighting risks from human error and public exposure.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190617199,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-chain.png?v=1784297471"},{"product_id":"factory-zero-chain-of-compromise-10d","title":"Factory Zero: Chain of Compromise","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge focuses on a multi-stage compromise of an operational technology environment involving chained industrial systems. Participants must perform network reconnaissance, exploit Modbus-controlled devices, abuse industrial logic, and execute lateral movement across multiple OT assets to reach critical infrastructure and retrieve the final flag.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190649967,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-intelfactory.png?v=1784297472"},{"product_id":"superman-10d","title":"Superman","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge demonstrates network scanning, web application credential guessing, gaining initial SSH access with compromised credentials, and performing Linux privilege escalation by exploiting the \"Sudo\" vulnerability \"CVE-2021-3156\" (heap-based buffer overflow).\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190682735,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-supermanz.png?v=1784297475"},{"product_id":"zsoft-10d","title":"Zsoft","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge requires participants to perform network scanning and web enumeration to identify a SQL Injection vulnerability, use SQLmap to extract database credentials including hashed passwords, crack the password hash, gain user-level SSH access, and then perform a sudo privilege escalation using a `nano` shell escaping technique to achieve root access and retrieve the flag.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190715503,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-softpowah_ef14bfb1-992f-43c7-9b60-6f1d04226e32.png?v=1784297477"},{"product_id":"powah-10d","title":"Powah","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge involves performing web enumeration to extract RDP credentials, gaining initial RDP access to a Windows server, and exploiting the MS16-032 vulnerability for privilege escalation to achieve administrative access.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190748271,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-softpowah.png?v=1784297480"},{"product_id":"hidden-10d","title":"Hidden","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge requires performing SMB enumeration, identifying hidden data via Alternate Data Streams (ADS), extracting credentials, and using Evil-WinRM to gain administrative access on a Windows system to retrieve the root flag.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190781039,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-hiddenghost.png?v=1784297482"},{"product_id":"ghost-render-10d","title":"Ghost Render","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge involves scanning and enumerating a web app to find a SQL injection in a login form. Use SQLmap to extract admin credentials, access the app, then exploit an SSTI flaw in a CSV feature to execute commands, gain a reverse shell, and retrieve the flag.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190846575,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-rendersharing_287b54db-6dbc-4eab-ad20-770438e8e8b4.png?v=1784297484"},{"product_id":"sharing-10d","title":"Sharing","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge demonstrates network scanning, web server identification of Rejetto Http File Server, and exploiting a Remote Code Execution (RCE) vulnerability using Metasploit to gain a Meterpreter session and administrative access on a Windows target.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190879343,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-rendersharing.png?v=1784297487"},{"product_id":"runner-10d","title":"Runner","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge requires web enumeration to retrieve an encrypted archive, password cracking using \"crunch\" and \"fcrackzip\" with a hint, and applying binary reverse engineering techniques with IDA Pro to identify a specific input for a program to reveal a hidden flag.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190912111,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-runnerlibrary.png?v=1784297489"},{"product_id":"library-10d","title":"Library","description":"\u003cp\u003eThis challenge involves combining multiple offensive security techniques to compromise a Windows system. Participants must perform password hash cracking, enumerate SMB shares to uncover sensitive information, exploit SQL injection vulnerabilities, and leverage credential-based attacks to gain administrative access and ultimately retrieve the hidden flag.\u003c\/p\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190944879,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-runnerlibrary_01b747bd-e58a-4210-b967-1e9aee88e0ca.png?v=1784297490"},{"product_id":"ranskey-10d","title":"Ranskey","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge demonstrates malware analysis and reverse engineering techniques to identify Jigsaw ransomware, extract its encryption key, and utilize a specialized decryptor to recover encrypted files.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841190977647,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-ranskey.png?v=1784297493"},{"product_id":"chromecracker-10d","title":"ChromeCracker","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eRecover encrypted Chrome passwords from Windows forensic artifacts.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841191010415,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-chromecracker.png?v=1784297495"},{"product_id":"agent-10d","title":"Agent","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge combines network forensic analysis with binary reverse engineering. It requires participants to analyze a captured network traffic file (\".pcapng\") using Wireshark to discover credentials, gain initial access via SSH, and then reverse engineer a modified ELF binary with Radare2 to find a password for privilege escalation.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841191043183,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-agentoscar.png?v=1784297497"},{"product_id":"oscar-10d","title":"Oscar","description":"\u003cdiv class=\"mb-md-4 mb-2 cyberq-lab__header__descritption col-lg-8 col-12 m-auto\"\u003e\n\u003cp class=\"mb-0\"\u003eThis challenge demonstrates expertise in web and WordPress exploitation, network scanning, and traffic analysis to gather information on targets. It involves applying techniques such as sudoer loophole exploitation, privilege escalation, and password-cracking methods. Additionally, it focuses on identifying and exploiting system misconfigurations to assess vulnerabilities.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"CodeRed","offers":[{"title":"Default Title","offer_id":53841191141487,"sku":null,"price":0.0,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0588\/7934\/4751\/files\/ctf-agentoscar_fbb8952d-a938-42d3-8109-e0598b18bbec.png?v=1784297499"}],"url":"https:\/\/coderedpro.com\/collections\/ctf-challenge.oembed","provider":"CodeRed","version":"1.0","type":"link"}