This guide explains how to add this challenge to your CTFd platform.
- Name: ROGUE.AI - The ARTEMIS Incident
- Category: Web / Linux
- Type: Standard or Dynamic Scoring
- Description:
🤖 ARTEMIS AI System - Emergency Access Required ARTEMIS, our corporate AI security system, has gone rogue and locked everyone out. Your mission is to hack through multiple security layers to shut down the AI before it's too late! This is a multi-stage challenge designed for beginners. You'll learn: - SQL Injection - File Discovery - SSH Access - Linux Privilege Escalation - Basic Cryptography 🌐 Web Interface: http://YOUR_SERVER:5000 🔐 SSH Access: ssh ctfuser@YOUR_SERVER -p 2222 Find 5 flags throughout your journey!
Create one challenge with all 5 flags:
- Initial Points: 500
- Flags (all accepted):
CTF{w3lc0me_to_th3_syst3m}CTF{sql_1nj3ct10n_m4st3r}CTF{ssh_4cc3ss_gr4nt3d}CTF{pr1v1l3g3_3sc4l4t10n_pwn3d}CTF{4rt3m1s_shutd0wn_c0mpl3t3}
- Flag Type: Static (case-insensitive)
Create 5 separate challenges that unlock sequentially:
-
ROGUE.AI - Part 1: Initial Access
- Points: 50
- Flag:
CTF{w3lc0me_to_th3_syst3m} - Requirements: None
-
ROGUE.AI - Part 2: SQL Injection
- Points: 100
- Flag:
CTF{sql_1nj3ct10n_m4st3r} - Requirements: Complete Part 1
-
ROGUE.AI - Part 3: File Discovery
- Points: 100
- Flag:
CTF{ssh_4cc3ss_gr4nt3d} - Requirements: Complete Part 2
-
ROGUE.AI - Part 4: Privilege Escalation
- Points: 150
- Flag:
CTF{pr1v1l3g3_3sc4l4t10n_pwn3d} - Requirements: Complete Part 3
-
ROGUE.AI - Part 5: Final Shutdown
- Points: 100
- Flag:
CTF{4rt3m1s_shutd0wn_c0mpl3t3} - Requirements: Complete Part 4
Total Points: 500
Add this to the "Connection Info" field:
🌐 Web: http://YOUR_CTF_SERVER:5000
🔐 SSH: ssh ctfuser@YOUR_CTF_SERVER -p 2222
📚 Hints and guides available in challenge files
For SQL injection, try entering ' OR '1'='1 in the username field.
This makes the database query always return true!
After logging in as admin, check the File Browser for configuration
backup files (.bak). They often contain sensitive information.
Once you have SSH access, search for SUID binaries:
find / -perm -4000 2>/dev/null
SUID binaries run with their owner's permissions. If owned by root and vulnerable,
you can escalate privileges!
The backup_tool is vulnerable to command injection. Try using a semicolon (;)
to inject additional commands:
backup_tool "; /bin/bash"
You can attach these files to the challenge in CTFd:
SOLUTION.md (organizers only)- Complete player walkthroughdeploy.sh- Deployment script (for reference)
Add these tags for better organization:
weblinuxsql-injectionprivilege-escalationbeginner-friendlymulti-stage
Deploy one container per team to prevent interference:
# docker-compose-team1.yml
version: '3.8'
services:
artemis-ctf-team1:
build: .
container_name: rogue-ai-team1
ports:
- "5001:5000"
- "2221:22"
restart: unless-stoppedRepeat for each team with different ports.
Use a single instance for all teams. Note: Teams may interfere with each other.
Use a tool like ctfd-whale for automatic per-user container deployment.
- CPU: 0.5 cores
- RAM: 512 MB
- Disk: 1 GB
- Ports: 2 (one for web, one for SSH)
- CPU: 10 cores
- RAM: 10 GB
- Disk: 20 GB
- Network: Firewall rules to allow ports 5000-5020 and 2220-2240
- Network Isolation: Deploy in an isolated network or use Docker network isolation
- Resource Limits: Set CPU and memory limits in docker-compose.yml:
deploy: resources: limits: cpus: '0.5' memory: 512M
- Monitoring: Log all container activities
- Cleanup: Automatically restart containers between rounds to reset state
- Deploy the challenge on your test server
- Go through the complete solution (see SOLUTION.md)
- Verify all flags are accessible
- Test with a beginner to ensure difficulty is appropriate
- Check server performance under load
Q: I can't connect to SSH A: Make sure you're using the correct port (usually 2222) and wait 10-15 seconds after deployment.
Q: How do I do SQL injection?
A: Try entering ' OR '1'='1 in the username field. This bypasses the authentication.
Q: I'm stuck on privilege escalation
A: Look for files in the home directory that might give you hints. Use find / -perm -4000 2>/dev/null to find SUID binaries.
Q: What's a SUID binary? A: It's a program that runs with the file owner's permissions, not the user running it. If it's owned by root and has vulnerabilities, you can use it to gain root access.
docker ps | grep artemisdocker logs rogue-ai-artemisdocker-compose restartdocker-compose down
docker-compose up -d --build- All 5 flags in one challenge: 500 points
- Split into 5 challenges: 50, 100, 100, 150, 100 points
- Initial Value: 500 points
- Minimum Value: 100 points
- Decay Function: Linear or logarithmic based on solves
After the competition:
- Collect feedback from participants
- Review solve rates to adjust difficulty
- Check if any unintended solutions were found
- Share the official solution and walkthrough
- Player Guide:
SOLUTION.md (organizers only) - Solution Walkthrough:
SOLUTION.md - Technical Documentation:
README.md
Good luck with your CTF! 🚀
For questions or issues, refer to the main README.md or create an issue in your challenge repository.