The Platform is Being Rebuilt

Capture The Flag Platform

ROOTTHISBOX

Hack. Learn. Dominate.

The legendary wargame platformis back. Crack boxes. Escalate privileges. Capture flags. Climb the board. We're rebuilding from the ground up — harder, faster, meaner.

root@thisbox:~$
0Alumni Hackers
from the original run
0Boxes Competed
all-time
0Flags Captured
in the archives
0On Waitlist
and growing
// Process

How It Works

01
Spin Up a Box

Deploy vulnerable machines in our isolated cloud environment. Each box is purpose-built with real attack surfaces — no synthetic CTF fluff.

02
Enumerate & Exploit

Scan, probe, exploit. Use your own tools. Burp, nmap, metasploit, or raw shell — whatever gets you in. We don't care how.

03
Escalate & Root

User shell is just the beginning. Pivot, escalate, capture the root flag. The box isn't yours until you're root.

04
Submit & Score

Submit your flag hash. Earn points. Climb the global leaderboard. Write a writeup. Teach others. Repeat.

// Archived from Season 03

Challenge Preview

● Easy
VulnProxy
Web / Nginx Misconfiguration

A poorly configured reverse proxy exposes internal services. Find the hidden endpoints.

250 pts1,204 solves
● Medium
Iron Lattice
Linux / SUID Exploitation

A custom binary with a suspicious SUID bit. Reverse it, exploit it, own the system.

500 pts741 solves
● Hard
DeepNest
Active Directory / Kerberoasting

A simulated enterprise AD environment. Kerberoast, enumerate, and find the path to domain admin.

1000 pts189 solves
● Easy
SQLeaky
Web / SQL Injection

Classic login bypass to full database dump. Warm up your sqlmap fingers.

200 pts2,109 solves
● Hard
Phantom Kernel
Kernel / LPE

Exploit a race condition in a custom kernel module to escape a restricted user namespace.

1500 pts47 solves
Unlocks at Launch
● Insane
Ouroboros
Full Chain / Multi-Service

Eight services. Zero hints. One flag. Community record: 72 hours. Good luck.

3000 pts12 solves
// Live Session

Looks Like This

root@rtb-node-07 — bash — 80x24
root@rtb-node-07:~# nmap -sV -sC 10.10.10.42
Starting Nmap 7.94 ( https://nmap.org )
Nmap scan report for 10.10.10.42

PORT     STATE  SERVICE  VERSION
22/tcp   open   ssh      OpenSSH 8.4
80/tcp   open   http     nginx 1.18.0
8443/tcp open   ssl/http Apache Tomcat 9.0.58

root@rtb-node-07:~# curl -s http://10.10.10.42/.git/HEAD
ref: refs/heads/main # jackpot

root@rtb-node-07:~# python3 dump_git.py http://10.10.10.42/ -o ./leaked
[+] Fetching objects... 42/42
[+] Reconstructing working tree...
[✓] Dumped to ./leaked — found config.php with creds

root@rtb-node-07:~# ssh admin@10.10.10.42 -p 22
admin@ironlattice:~$
// Leaderboard

Leaderboard

#HandleCountryRootsScore
Loading standings…
// Platform

What's Coming

Live Instances

Dedicated VMs per user. No shared environments. Your shell is your shell only.

VPN Access

WireGuard-based VPN. Low latency. One-click .conf download. Works everywhere.

Team Mode

Form 2–4 person squads. Shared flags, combined scores. Compete in team leagues.

Live Scoreboard

Real-time score updates. Dynamic point scaling. Blood bonuses for first solves.

In Dev
Writeup Archive

Community writeups unlock after solve. Learn the intended path — or the unintended one.

In Dev
Discord Bot

Live solve alerts, leaderboard commands, and team notifications piped to your server.

// Build Log

Roadmap

Phase 01
Infrastructure & Repo
Domain reacquired. New repo scaffolded. Core team assembled. S3 landing page live.
Phase 02
Scoring Engine & Scanner
Rewriting the hourly box scanner, service detection, and point allocation system. New API layer in progress.
Phase 03
User Auth & Profiles
Account system, team management, VPN provisioning, and historical stats import from archived seasons.
Phase 04
Beta & Box Intake
Closed beta for waitlist members. Community box submissions open. Stress testing before public launch.
Phase 05
Season 04 Launch
Full public launch. Season 04 kicks off. Scores go live. The hunt begins.