Secure Extractor [pentest, 22 solves] TLDR; You had to exploit file upload mechanism in python application to get access to python developer console. To escalate to the root user, you had to make use of bash script, which was executed every minute by cron. There are only few CTFs during the year, which have “pentest” or “network” challanges. InCTF is one of them. For each challange you had to download separate OpenVPN config and connect to the enviroment.