The Rekall CTFs are the Project 2 deliverable(s) from the Cybersecurity class taken in 2023. The deliverable for the project was a penetration test report for Rekall’s Web app, linux server, and windows server. Split into 3 days, the CTF on day 1 was a pen test on Rekall’s web app, day 2 was targetting the linux servers, and day 3 targetting Windows. Although this “CTF” was only conducted within Rekall’s domain, it was split into 3 actual separate CTFS for the class, by day. As such, it has been split into 3 here on the site as well.
Day 2 of the CTF consisted of pentesting their Linux server. Although I will not go into extreme detail or a step by step walkthrough of the CTF (as I am sure this is a likely recycled project for other Cybersecurity classes, and would not want to spoil or give all information out on it), I will touch on some of the key elements from Day 2, and the delivered pen test report may be available upon request.
Some of the key vulnerabilities that were discovered:
There were a total of 12 flags for this CTF, of which my group was able to find all 12 of them during the time alloted for Day 2. Compared to day 1 of the CTF, I felt much more prepared for the types of exploits needed to find most of the flags. Some of theme required simple record queries, and others required running exploits through a Linux tool Metasploit for RCE and other remote access to the systems. Once on the system there was an available priv-esc exploit that essentially allowed full compromise of the system at that point. My group seemed to fare a lot better during this day vs day 1.
See CTF 1 or CTF 3