Monday, August 31, 2015

SpyderSec CTF Challenge

Today I want to share an information security challenge with you. Coming from a Red Team perspective and participating in many CTF style competitions, I typically enjoy well thought out scenarios that make me think; like solving an elaborate puzzle. This train of thought was the basis behind the SpyderSec careers section ( which essentially is a way for like-minded individuals to engage in such a challenge either for fun or as part of the hiring process to work towards a career at SpyderSec.

To date no one has solved the challenge and based on logs and my own conversations with people there have been plenty of attempts. In order to share some more of the fun and to be able to work on the challenge offline, I am releasing a VM instance of the challenge. Just download, import into the virtual machine environment of you choosing and hack away.

Update (9-7-2015): Now hosted on VulnHub!

The virtual machine comes in an OVA format, and is a generic 32 bit CentOS Linux build with a single available service (HTTP) where the challenge resides. Feel free to enable bridged networking to have the VM automatically be assigned a DHCP address. This VM has been tested in Vmware Workstation 12 Player, and VirtualBox 4.3. I'm not going to give out any hints at this point in time as a modified version of this challenge is live on and keep in mind everything mentioned on the website (specifically this page: holds true for the VM challenge. Good luck! And feedback is always welcome.