CTF's My CTF's

GreenOptic CTF

GreenOptic is my fourth Capture the Flag box. It is rated as ‘Very Hard’ (as per the difficulty matrix). As with all of my CTFs, please run this in ‘Host Only’ mode – it does not need an internet connection.

Download Now

Don’t let the difficulty put you off though – the CTF is designed to be realistic, so you won’t come across anything you wouldn’t experience in a real environment.

You will need to enumerate this box very well, and likely chain together different bits of information and vulnerabilities in order to gain access.


British Internet Service Provider GreenOptic has been subject to a large scale Cyber Attack. Over 5 million of their customer records have been stolen, along with credit card information and bank details.

GreenOptic have created an incident response team to analyse the attack and close any security holes. Can you break into their server before they fix their security holes?

You can download GreenOptic here.

SHA-256: 00af6eb4a29fa6447fb68ea4dae112de822c78d2021e210d8233e0b0ba8cc5e9

Once you’ve completed my CTF, let me know how you found it.

How difficult did you find GreenOptic?

View Results

Loading ... Loading ...

By Thomas Williams

Thomas Williams is learning ethical hacking and hacks things as a hobby. Learn new hacking skills, follow up-to-date cyber security news, and play along with CTFs.

7 replies on “GreenOptic CTF”

Hi Thomas. its ba_bam, got the notification from email. For some reason ive forgot my discord password. so now i have a new account .hahhaha old man forgets fast 😀

WOW what a challenge…
in my opinion it should be rated as insane or at least between hard and insane.
This challenge is very realistic and requires a lot of enumeration. The fact that no brute forcing was needed is really nice too.

Thank you Thomas for creating a really good machine.👌🙏

Hi bootlesshacker, many thanks for your Vms! I love them!! Always good scenarios.
Keep it up, you’re on top 🙂

Thanks for your work, Its a very great box : realistic and challenging. I really appreciate because its a case that we can encounter in real life.

There is 2 ways to get a shell with 2 different users, is it intentional ? (I don’t give any details to not spoil)

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.