SadServers - Linux & DevOps Troubleshooting Interviews

Troubleshooting Scenarios: Hacking

Linux & Bash

- Linux commands, Bash scripting
- Systemd
- Networking, DNS
- Storage
- SSH, Firewall
- Libraries
- Cron and more...

Web Servers

- Nginx
- Apache
- HAProxy
- Caddy
- Gunicorn
- uWSGI
- HTTPS/TLS

Databases

- PostgreSQL
- MySQL
- SQLite
- Redis
- etcd

Data Processing

- CSV
- JSON
- SQL queries

Docker

- Building images
- Multi-stage builds
- Volumes
- Networks
- Docker Compose

Kubernetes

- kubectl
- Helm
- K8S Roles & Permissions
- Services
- Namespaces
- Deployments, StatefulSets
- ConfigMaps, Secrets

Tooling / Applications

- Git
- Rabbitmq
- Envoy
- Vault
- Harbor
- Prometheus
- Jenkins

Hacking

- Capture the Flag (CTF) Challenges
- Code Vulnerabilities
- Privilege Escalation

Languages

- Python
- Golang
- PHP
- Java
- C

hack

realistic / interviews new pro

Easy

#	Name	Time	Type
1	"Taipei": Come a-knocking	15 m	Hack	"Taipei": Come a-knocking Scenario: "Taipei": Come a-knocking Level: Easy Type: Hack Access: Email Description: There is a web server on port :80 protected with Port Knocking. Find the one "knock" needed (sending a SYN to a single port, not a sequence) so you can `curl localhost`. Test: Executing `curl localhost` returns a message with md5sum fe474f8e1c29e9f412ed3b726369ab65. (Note: the resulting md5sum includes the new line terminator: `echo $(curl localhost)`) Time to Solve: 15 minutes.

Medium

#	Name	Time	Type
2	"Paris": Where is my webserver?	15 m	Hack	"Paris": Where is my webserver? Scenario: "Paris": Where is my webserver? Level: Medium Type: Hack Access: Email Description: A developer put an important password on his webserver localhost:5000 . However, he can't find a way to recover it. This scenario is easy to to once you realize the one "trick". Find the password and save it in /home/admin/mysolution , for example: `echo "somepassword" > ~/mysolution` Scenario credit: PuppiestDoggo Test: `md5sum ~/mysolution` returns `d8bee9d7f830d5fb59b89e1e120cce8e` Time to Solve: 15 minutes.
3	"Constanta": Jumping Frog	20 m	Hack	"Constanta": Jumping Frog Scenario: "Constanta": Jumping Frog Level: Medium Type: Hack Access: Email Description: This is a "hacking" or Capture The Flag challenge. You need to copy the message at `/home/user3/secret.txt` into the `/home/admin/solution.txt` file. Test: Running `md5sum /home/user10/secret.txt` returns the hash `7fe16554d0b326309d980314cebc2994` The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute. Time to Solve: 20 minutes.

Hard

#	Name	Time	Type
4	"Roseau": Hack a Web Server	30 m	Hack	"Roseau": Hack a Web Server Scenario: "Roseau": Hack a Web Server Level: Hard Type: Hack Access: Email Description: There is a secret stored in a file that the local Apache web server can provide. Find this secret and have it as a /home/admin/secret.txt file. Note that in this server the admin user is not a sudoer. Also note that the password crackers Hashcat and Hydra are installed from packages and John the Ripper binaries have been built from source in /home/admin/john/run Test: `sha1sum /home/admin/secret.txt \|awk '{print $1}'` returns `cc2c322fbcac56923048d083b465901aac0fe8f8` Time to Solve: 30 minutes.
5	"Monaco": Disappearing Trick	30 m	Hack	"Monaco": Disappearing Trick Scenario: "Monaco": Disappearing Trick Level: Hard Type: Hack Access: Email Description: There is a web server on :5000 with a form. POSTing the correct form password into this web service will return a secret. Save this secret provided by the web page (not the password you sent to it) to /home/admin/mysolution, for example: `echo "SecretFromWebSite" > ~/mysolution` TIP: a developer worked on the web server code in this VM, using the same 'admin' account. Scenario credit: PuppiestDoggo Test: `md5sum /home/admin/mysolution` returns `a250aa19f16dda6f9fcef286f035ec4b` Time to Solve: 30 minutes.

Mastodon Follow

X (formerly Twitter) Follow

Uptime Robot ratio (30 days)

Updated: 2025-11-01 01:46 UTC – 56f23c1

Made in Canada 🇨🇦