SadServers - Linux & DevOps Troubleshooting Interviews

Troubleshooting Scenarios

realistic / interviews new pro

Hack

Hacking Scenarios

#	Name	Level	Time	Type
1	"Taipei": Come a-knocking	Easy	15 m	Hack	"Taipei": Come a-knocking Scenario: "Taipei": Come a-knocking Level: Easy Type: Hack Access: Email Description: There is a web server on port :80 protected with Port Knocking. Find the one "knock" needed (sending a SYN to a single port, not a sequence) so you can `curl localhost`. Test: Executing `curl localhost` returns a message with md5sum fe474f8e1c29e9f412ed3b726369ab65. (Note: the resulting md5sum includes the new line terminator: `echo $(curl localhost)`) Time to Solve: 15 minutes.
2	"Paris": Where is my webserver?	Medium	15 m	Hack	"Paris": Where is my webserver? Scenario: "Paris": Where is my webserver? Level: Medium Type: Hack Access: Email Description: A developer put an important password on his webserver localhost:5000 . However, he can't find a way to recover it. This scenario is easy to to once you realize the one "trick". Find the password and save it in /home/admin/mysolution , for example: `echo "somepassword" > ~/mysolution` Scenario credit: PuppiestDoggo Test: `md5sum ~/mysolution` returns `d8bee9d7f830d5fb59b89e1e120cce8e` Time to Solve: 15 minutes.
3	"Constanta": Jumping Frog	Medium	20 m	Hack New	"Constanta": Jumping Frog Scenario: "Constanta": Jumping Frog Level: Medium Type: Hack Access: Email Description: This is a "hacking" or Capture The Flag challenge. You need to copy the message at `/home/user3/secret.txt` into the `/home/admin/solution.txt` file. Test: Running `md5sum /home/user10/secret.txt` returns the hash `7fe16554d0b326309d980314cebc2994` The "Check My Solution" button runs the script /home/admin/agent/check.sh, which you can see and execute. Time to Solve: 20 minutes.
4	"Roseau": Hack a Web Server	Hard	30 m	Hack	"Roseau": Hack a Web Server Scenario: "Roseau": Hack a Web Server Level: Hard Type: Hack Access: Email Description: There is a secret stored in a file that the local Apache web server can provide. Find this secret and have it as a /home/admin/secret.txt file. Note that in this server the admin user is not a sudoer. Also note that the password crackers Hashcat and Hydra are installed from packages and John the Ripper binaries have been built from source in /home/admin/john/run Test: `sha1sum /home/admin/secret.txt \|awk '{print $1}'` returns `cc2c322fbcac56923048d083b465901aac0fe8f8` Time to Solve: 30 minutes.
5	"Monaco": Disappearing Trick	Hard	30 m	Hack	"Monaco": Disappearing Trick Scenario: "Monaco": Disappearing Trick Level: Hard Type: Hack Access: Email Description: There is a web server on :5000 with a form. POSTing the correct form password into this web service will return a secret. Save this secret provided by the web page (not the password you sent to it) to /home/admin/mysolution, for example: `echo "SecretFromWebSite" > ~/mysolution` TIP: a developer worked on the web server code in this VM, using the same 'admin' account. Scenario credit: PuppiestDoggo Test: `md5sum /home/admin/mysolution` returns `a250aa19f16dda6f9fcef286f035ec4b` Time to Solve: 30 minutes.

Mastodon Follow

X (formerly Twitter) Follow

Uptime Robot ratio (30 days)

Updated: 2025-05-05 14:14 UTC – 944b85f