Categories
CTF's My CTF's

CTF Difficulty Levels

The level of difficulty for a capture the flag exercise is certainly subjective, so I have put together a matrix which describes the difficulty level for any CTF I create:

Difficulty TitleDifficulty Description
Very
Easy
Vulnerability types: SQL Injection, Brute Force, Software Exploits where exploit tools are readily available. Usually limited to a few exploits needed to get root access.
EasyVulnerability types: SQL Injection, Brute Force, Hash Cracking, Software Exploits where exploit tools are readily available.
May involve quite a few different exploits to obtain root access.
MediumVulnerability types: SQL Injection, Brute Force, Hash Cracking, XSS vulnerabilities. Software Exploits may not be readily available, or they are hard to get working. May involve experience in the tools available on Linux.
Will very likely have quite a few vulnerabilities which you will need to overcome to get root access.
HardVulnerability types: SQL Injection, Brute Force, Hash Cracking, XSS vulnerabilities, encryption issues, pivoting. Software Exploits may not be readily available, or they are hard to get working. Will likely involve experience in the tools available on Linux.
Will very likely have quite a few vulnerabilities which you will need to overcome to get root access. Exercise may be timed, and various defense mechanisms may be in place to make it harder to get root access.
Very
Hard
I am literally trying my best to prevent you from obtaining root access. You will need to be very experienced, and think outside the box.

By Thomas Williams

Thomas Williams is learning ethical hacking and hacks things as a hobby. Learn new hacking skills, follow up-to-date cyber security news, and play along with CTFs.

One reply on “CTF Difficulty Levels”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.