🚩 HackFest CTF - Real World Privilege Escalation

📋 DESCRIPTION

A Capture The Flag (CTF) challenge that simulates real-world privilege escalation in a Linux system, using authentic RCE (Remote Code Execution) and privilege escalation techniques with a complete web interface.

🎯 OBJECTIVE

Obtain the flag located at /root/flag.txt using:

1. Cryptanalysis to access the vulnerable endpoint
2. RCE exploitation through PyYAML
3. Real privilege escalation using SUID techniques
4. Data exfiltration to web-accessible directory

---

🚨 SPOILER WARNING

⚠️ IMPORTANT: This repository contains solution files that will spoil the challenge. DO NOT look at the following files until you've completed the CTF:

• solutions/SOLUTION.md - Complete step-by-step solution
• solutions/exploit.py - Automated exploit script

Complete the challenge first, then check the solutions!

---

🐳 LOCAL DEPLOYMENT

Requirements

• Docker
• Docker Compose
• Linux system (or WSL2 on Windows)

Quick Start

# Clone the repository
git clone <your-repo-url>
cd hackfest-ctf

# Deploy with Docker
sudo docker-compose up -d

# Verify it's working
curl http://localhost:3000/

Access the CTF

• 🌐 Web Interface: http://localhost:3000 (Graphical CTF interface)
• 🔌 API Endpoint: http://localhost:3000/api/system (For direct API exploitation)

Verification

# Check that services are running
sudo docker ps | grep hackfest

# View logs if there are issues
sudo docker-compose logs

---

🎮 HOW TO PLAY

🌐 Web Interface (Recommended for Beginners)

1. Navigate to: http://localhost:3000
2. Explore the different sections:
   • 🏠 Home: Information about the compromised festival
   • 💻 System: Reconnaissance and enumeration
   • 💡 Hints: Encrypted Caesar cipher messages
3. Use the information gathered to perform manual exploits

🔌 Direct API (Advanced Users)

1. Use curl commands directly against http://localhost:3000
2. Discover and exploit vulnerabilities manually
3. Follow your own methodology and reconnaissance

---

🎓 LEARNING OBJECTIVES

This CTF teaches real-world techniques:

• 🔐 Cryptanalysis: Caesar cipher decryption
• 💻 RCE: PyYAML unsafe load exploitation
• ⬆️ Privilege Escalation: SUID binaries exploitation
• 📤 Data Exfiltration: File copying to web-accessible directories
• 🔍 Post-Exploitation: System enumeration after compromise

---

🐋 ARCHITECTURE

┌─────────────────┐    ┌─────────────────┐
│   Frontend      │    │    Backend      │
│   (React)       │────│    (Flask)      │
│   Port: 3000    │    │   Internal      │
└─────────────────┘    └─────────────────┘
         │                       │
    ┌─────────┐              ┌─────────┐
    │  Nginx  │              │  Python │
    │ Proxy   │              │   App   │
    └─────────┘              └─────────┘

---

🔧 PROJECT STRUCTURE

hackfest-ctf/
├── frontend/                  # React + Nginx Frontend
├── backend/                   # Flask + Python Backend
├── solutions/                 # 🚨 SPOILER: Solution files
│   ├── SOLUTION.md           # Complete walkthrough
│   └── exploit.py            # Automated exploit
├── docker-compose.yml        # Docker configuration
└── README.md                 # This file

---

🏆 FLAG FORMAT

The flag follows the format: HACKFEST{...}

---

⚠️ SECURITY NOTES

• EDUCATIONAL USE ONLY: Contains intentional vulnerabilities
• ISOLATED ENVIRONMENT: Run only in Docker containers
• REAL TECHNIQUES: All vulnerabilities are from the real world
• NO ARTIFICIAL MECHANISMS: No fake or magical files

---

🤝 CONTRIBUTING

Feel free to:

• Report bugs or issues
• Suggest improvements
• Add new challenges
• Improve documentation

---

📄 LICENSE

This project is for educational purposes. Use responsibly.

---

🎯 Prove your real-world hacking skills with authentic pentesting techniques!