Logo
A Northern Light in Cyber
Get Started
About Us
How it Works

Challenges

Every challenge runs a bash script that is completely customizable by you. This means that anything that can be scripted can be a challenge. It is also in a sandbox which is stateless so when you refresh the page it all restarts. This allows you to even have a script that doesn't exactly work right which you can also test before your students have access.

How Flag Placing Works

Flags can be placed using two distinct methods. Depending on how you want your students to find them. Either way you pick, the flag itself is in the format of NKCTF$:{ } Where inside the braces, is the hash itself which is unique to each student and challenge. This prevents reuse of flags and sharing.

File Based

Use Cases: file discovery, reverse engineering, permission based access

This is the easiest way to insert a flag. You provide the name of the file where you want the flag to go. Somewhere in the file, there must be the placeholder [FLAG] which we automatically replace once the challenge starts up. This method works with any file type (.txt, .py, .cpp, etc).

Environment Variable

Use Cases: hidden config, stealthy or logic based challenges, dynamic apps

The flag hash can also be placed as an environment variable within the environment itself. This way opens the door to more clever ways you can access the flag. You also have the ability to name the variable itself. To prevent bypassing the challenge itself, commands like printenv are disabled by default.

python

1import os
2flaghash = os.getenv("FLAG_HASH")
3print(flaghash)
You can even go a step further and use, for example, C++ along with the bash script to remove the source code thus the need to run the file instead of looking at the source code.

cpp

1#include <iostream>
2#include<cstdlib>
3using namespace std;
4
5int main() {
6	const char* var = getenv("FLAG_HASH");
7	cout << var << endl;
8}

bash

1#!/bin/bash
2g++ env.cpp -o env
3rm env.cpp

Want to Know More?

Whether you're an educator looking to build custom training scenarios, a CTF organizer looking for flexability, or just someone interested in how our platform works and want a peak - we would be more than happy to show you more. Feel free to reach out via our other page whether that be for a demo, questions, or anything else.
Get Started
Logo
Developed 2025
contact us