Categories
CTF's My CTF's

CTF Difficulty Levels

The level of difficulty for a capture the flag exercise is certainly subjective, so I have put together a matrix which describes the difficulty level for any CTF I create:

Difficulty TitleDifficulty Description
Very
Easy
Vulnerability types: SQL Injection, Brute Force, Software Exploits where exploit tools are readily available. Usually limited to a few exploits needed to get root access.
EasyVulnerability types: SQL Injection, Brute Force, Hash Cracking, Software Exploits where exploit tools are readily available.
May involve quite a few different exploits to obtain root access.
MediumVulnerability types: SQL Injection, Brute Force, Hash Cracking, XSS vulnerabilities. Software Exploits may not be readily available, or they are hard to get working. May involve experience in the tools available on Linux.
Will very likely have quite a few vulnerabilities which you will need to overcome to get root access.
HardVulnerability types: SQL Injection, Brute Force, Hash Cracking, XSS vulnerabilities, encryption issues, pivoting. Software Exploits may not be readily available, or they are hard to get working. Will likely involve experience in the tools available on Linux.
Will very likely have quite a few vulnerabilities which you will need to overcome to get root access. Exercise may be timed, and various defense mechanisms may be in place to make it harder to get root access.
Very
Hard
I am literally trying my best to prevent you from obtaining root access. You will need to be very experienced, and think outside the box.

2 replies on “CTF Difficulty Levels”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.