TL;DR
I made a CTF! You should try it! Find it on Vulnhub
foreword
So, security CTF’s are fun. A lot of fun. And can be one heck of a time sink! Checking my laptops time and realizing its 3am on a week night is normal when I get pulled into one. The frustration, the trolls, the tremendous amounts of learning is all part of the experience of a successful CTF in my opinion.
preparation
Having done a few now with varying degrees of success has inspired me to attempt to do the same. So, off I went to CTF island and came back a weekend later with “Flick”. There is no real meaning to “Flick”. In fact, the name is the result of: “What can I call it?” < insert 5u seconds > “Flick?”.
details
“Flick” aims to give you chance to learn something new. While some things may be trivial for the seasoned penetration tester by day, there may also be one or two things to learn.
As far as hints go, there is not much to give in the beginning. You have to find the flag.txt. It is possible to read it without having root command execution, however, as a added challenge, can you get root command execution? :)
summary
I look forward to hearing your experiences with it and good luck! You can find me in #vulnhub on freenode or on twitter @leonjza