Scenario: "Saint John": what is writing to this log file?
Level: Easy
Type: Fix
Access: Public
Description: A developer created a testing program that is continuously writing to a log file /var/log/bad.log and filling up disk. You can check for example with tail -f /var/log/bad.log. This program is no longer needed. Find it and terminate it.
Test: The log file hasn't changed in the last 6 seconds: find /var/log/bad.log -mmin -0.1 (You don't need to know the details of this command).
Time to Solve: 10 minutes.
2
"Saskatoon": counting IPs.
Easy
15 m
2022-08-31
Do
"Saskatoon": counting IPs.
Scenario: "Saskatoon": counting IPs.
Level: Easy
Type: Do
Access: Public
Description: There's a web server access log file at /home/admin/access.log. The file consists of one line per HTTP request, with the requester's IP address at the beginning of each line.
Find what's the IP address that has the most requests in this file (there's no tie; the IP is unique). Write the solution into a file /home/admin/highestip.txt. For example, if your solution is "1.2.3.4", you can do echo "1.2.3.4" > /home/admin/highestip.txt
Test: The SHA1 checksum of the IP address sha1sum /home/admin/highestip.txt is 6ef426c40652babc0d081d438b9f353709008e93 (just a way to verify the solution without giving it away.)
Time to Solve: 15 minutes.
3
"Santiago": Find the secret combination
Easy
15 m
2022-09-16
Do
"Santiago": Find the secret combination
Scenario: "Santiago": Find the secret combination
Level: Easy
Type: Do
Access: Public
Description: Alice the spy has hidden a secret number combination, find it using these instructions:
1) Find the number of lines where the string Alice occurs in *.txt files in the /home/admin directory 2) There's a file where "Alice" appears exactly once. In the line after that ocurrence there's a number. Write both numbers consecutively as one (no new line or spaces) to the solution file (eg if the first number from 1) is 11 and the second 22, you can do echo -n 11 > /home/admin/solution; echo 22 >> /home/admin/solution).
Test: Running md5sum /home/admin/solution returns d80e026d18a57b56bddf1d99a8a491f9(just a way to verify the solution without giving it away.)
Time to Solve: 15 minutes.
4
"Manhattan": can't write data into database.
Medium
20 m
2022-06-13
Fix
"Manhattan": can't write data into database.
Scenario: "Manhattan": can't write data into database.
Level: Medium
Type: Fix
Access: Public
Description: Your objective is to be able to insert a row in an existing Postgres database. The issue is not specific to Postgres and you don't need to know details about it (although it may help).
Helpful Postgres information: it's a service that listens to a port (:5432) and writes to disk in a data directory, the location of which is defined in the data_directory parameter of the configuration file /etc/postgresql/14/main/postgresql.conf. In our case Postgres is managed by systemd as a unit with name postgresql.
Description: There's a web server serving a file /var/www/html/index.html with content "hello sadserver" but when we try to check it locally with an HTTP client like curl 127.0.0.1:80, nothing is returned. This scenario is not about the particular web server configuration and you only need to have general knowledge about how web servers work.
Test:curl 127.0.0.1:80 should return: hello sadserver
Time to Solve: 15 minutes.
6
"Cape Town": Borked Nginx
Medium
15 m
2022-09-11
Fix
"Cape Town": Borked Nginx
Scenario: "Cape Town": Borked Nginx
Level: Medium
Type: Fix
Access: Public
Description: There's an Nginx web server installed and managed by systemd. Running curl -I 127.0.0.1:80 returns curl: (7) Failed to connect to localhost port 80: Connection refused , fix it so when you curl you get the default Nginx page.
Test:curl -Is 127.0.0.1:80|head -1 returns HTTP/1.1 200 OK
Time to Solve: 15 minutes.
7
"Salta": Docker container won't start.
Medium
15 m
2022-09-16
Fix
"Salta": Docker container won't start.
Scenario: "Salta": Docker container won't start.
Level: Medium
Type: Fix
Access: Public
Description: There's a "dockerized" Node.js web application in the /home/admin/app directory. Create a Docker container so you get a web app on port :8888 and can curl to it. For the solution to be valid, there should be only one running Docker container.
Test:curl localhost:8888 returns Hello World! from a running container.
Time to Solve: 15 minutes.
8
"Venice": Am I in a container?
Medium
15 m
2022-09-25
Do
"Venice": Am I in a container?
Scenario: "Venice": Am I in a container?
Level: Medium
Type: Do
Access: Public
Description: Try and figure out if you are inside a container (like a Docker one for example) or inside a Virtual Machine (like in the other scenarios).
Test: This scenario doesn't have a test (hence also no "Check My Solution" either).
Time to Solve: 15 minutes.
9
"Oaxaca": Close an Open File
Medium
15 m
2022-11-30
Fix
"Oaxaca": Close an Open File
Scenario: "Oaxaca": Close an Open File
Level: Medium
Type: Fix
Access: Public
Description: The file /home/admin/somefile is open for writing by some process. Close this file without killing the process.
Test:lsof /home/admin/somefile returns nothing.
Time to Solve: 15 minutes.
10
"Melbourne": WSGI with Gunicorn
Medium
20 m
2022-12-23
Fix
"Melbourne": WSGI with Gunicorn
Scenario: "Melbourne": WSGI with Gunicorn
Level: Medium
Type: Fix
Access: Public
Description: There is a Python WSGI web application file at /home/admin/wsgi.py , the purpose of which is to serve the string "Hello, world!". This file is served by a Gunicorn server which is fronted by an nginx server (both servers managed by systemd). So the flow of an HTTP request is: Web Client (curl) -> Nginx -> Gunicorn -> wsgi.py . The objective is to be able to curl the localhost (on default port :80) and get back "Hello, world!", using the current setup.
Test:curl -s http://localhost returns Hello, world! (serving the wsgi.py file via Gunicorn and Nginx)
Time to Solve: 20 minutes.
11
"Lisbon": etcd SSL cert troubles
Medium
20 m
2023-01-02
Fix
"Lisbon": etcd SSL cert troubles
Scenario: "Lisbon": etcd SSL cert troubles
Level: Medium
Type: Fix
Access: Public
Description: There's an etcd server running on https://localhost:2379 , get the value for the key "foo", ie etcdctl get foo or curl https://localhost:2379/v2/keys/foo
Test:etcdctl get foo returns bar.
Time to Solve: 20 minutes.
12
"Jakarta": it's always DNS.
Hard
20 m
2022-08-03
Fix
"Jakarta": it's always DNS.
Scenario: "Jakarta": it's always DNS.
Level: Hard
Type: Fix
Access: Public
Description: Can't ping google.com. It returns ping: google.com: Name or service not known. Expected is being able to resolve the hostname. (Note: currently the VMs can't ping outside so there's no automated check for the solution).
Test:ping google.com should return something like PING google.com (172.217.2.46) 56(84) bytes of data.
Time to Solve: 20 minutes.
13
"Bern": Docker web container can't connect to db container.
Hard
20 m
2022-08-04
Fix
"Bern": Docker web container can't connect to db container.
Scenario: "Bern": Docker web container can't connect to db container.
Level: Hard
Type: Fix
Access: Public
Description: There are two Docker containers running, a web application (Wordpress or WP) and a database (MariaDB) as back-end, but if we look at the web page, we see that it cannot connect to the database. curl -s localhost:80 |tail -4 returns:
<body id="error-page"> <div class="wp-die-message"><h1>Error establishing a database connection</h1></div></body> </html>
This is not a Wordpress code issue (the image is :latest with some network utilities added). What you need to know is that WP uses "WORDPRESS_DB_" environment variables to create the MySQL connection string. See the ./html/wp-config.php WP config file for example (from /home/admin).
Test:sudo docker exec wordpress mysqladmin -h mysql -u root -ppassword ping . The wordpress container is able to connect to the database in the mariadb container and returns mysqld is alive.
Time to Solve: 20 minutes.
14
"Karakorum": WTFIT – What The Fun Is This?
Hard
20 m
2022-09-13
Fix
"Karakorum": WTFIT – What The Fun Is This?
Scenario: "Karakorum": WTFIT – What The Fun Is This?
Level: Hard
Type: Fix
Access: Public
Description: There's a binary at /home/admin/wtfit that nobody knows how it works or what it does ("what the fun is this"). Someone remembers something about wtfit needing to communicate to a service in order to start. Run this wtfit program so it doesn't exit with an error, fixing or working around things that you need but are broken in this server. (Note that you can open more than one web "terminal").
Test: Running /home/admin/wtfit returns OK.
Time to Solve: 20 minutes.
15
"Singara": Docker and Kubernetes web app not working.
Hard
20 m
2022-09-18
Fix
"Singara": Docker and Kubernetes web app not working.
Scenario: "Singara": Docker and Kubernetes web app not working.
Level: Hard
Type: Fix
Access: Public
Description: There's a k3s Kubernetes install you can access with kubectl. The Kubernetes YAML manifests under /home/admin have been applied. The objective is to access from the host the "webapp" web server deployed and find what message it serves (it's a name of a town or city btw). In order to pass the check, the webapp Docker container should not be run separately outside Kubernetes as a shortcut.
Test:curl localhost:8888 returns a value from the webapp deployed Kubernetes pod.
Time to Solve: 20 minutes.
16
"Hong-Kong": can't write data into database.
Hard
20 m
2022-09-24
Fix
"Hong-Kong": can't write data into database.
Scenario: "Hong-Kong": can't write data into database.
Level: Hard
Type: Fix
Access: Public
Description: (Similar to "Manhattan" scenario but harder). Your objective is to be able to insert a row in an existing Postgres database. The issue is not specific to Postgres and you don't need to know details about it (although it may help).
Postgres information: it's a service that listens to a port (:5432) and writes to disk in a data directory, the location of which is defined in the data_directory parameter of the configuration file /etc/postgresql/14/main/postgresql.conf. In our case Postgres is managed by systemd as a unit with name postgresql.
Description: A user client was added to the server, as well as their SSH public key. The objective is to be able to SSH locally (there's only one server) as this user client using their ssh keys. This is, if as root you change to this user sudo su; su client, you should be able to login with ssh: ssh localhost.
Test: As user admin: sudo -u client ssh client@localhost 'pwd' returns /home/client
Time to Solve: 30 minutes.
18
"Roseau": Hack a Web Server
Hard
30 m
2023-02-13
Hack
"Roseau": Hack a Web Server
Scenario: "Roseau": Hack a Web Server
Level: Hard
Type: Hack
Access: Public
Description: There is a secret stored in a file that the local Apache web server can provide. Find this secret and have it as a /home/admin/secret.txt file.
Note that in this server the admin user is not a sudoer.
Also note that the password crackers Hashcat and Hydra are installed from packages and John the Ripper binaries have been built from source in /home/admin/john/run
Description: There is a one-class Java application in your /home/admin directory. Running the program will print out a secret code, or you may be able to extract the secret from the class file without executing it but I'm not providing any special tools for that.
Put the secret code in a /home/admin/solution file, eg echo "code" > /home/admin/solution.
