$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
$ gobuster dir -u http://target -w common.txt
[WARN] throttling request 2s
root@unh:~# tcpdump -i eth0 port 80 -c 5
$ openssl s_client -connect host:443 -brief
[+] Set-Cookie: ctf_flag=… (cek DevTools)
analyst@ctf:~$ strings dump.bin | grep FLORNIXX
$ hydra -l dwi -P rockyou.txt http-post-form
[INFO] hint dibuka · -25 pts
$ proxychains4 curl …/tor-check
> kirim flag: POST /api/check-flag
$ sqlmap -u "…/admin/login" --batch --risk 1
[OK] challenge solved · skor tim naik
pentest@unh:~$ nmap -sC -sV -p 1-1000 target
$ git log --oneline -5 # jejak recon
[TOR] exit node OK · flag tersedia
$ john --wordlist=pass.txt hashes.txt
> poll scoreboard … HTTP 200
$ ffuf -w paths.txt -u http://host/FUZZ -mc 200
[BOOT] CTF_UNH_2026 · modul edukasi
$ chmod +x solve.sh && ./solve.sh
$ ssh team@ctf.unh.local -p 22
[AUTH] session_negotiate … OK
$ curl -sI /robots.txt | grep -i allow
peserta@lab:~$ decode: echo RkxP… | base64 -d
> nmap: 3 host aktif di subnet latihan
session_unh@ctf:~
secure_link
root@unh-ctf:$ _
// CTF UNH 2026 · Batch 1
Kenali Ancaman, Kuasai Keamanan
Dasar cybersecurity untuk generasi muda.
0x43 0x54 0x46 · 0x55 0x4E 0x48 · 0x32 0x30 0x32 0x36
> countdown_to_event
00hari
:
19jam
:
13menit
:
22detik
Kamis, 4 Juni 2026 · 08:00–12:00 WIB
scheduled → 2026-06-04
[ MODULE: RULES ]
Quick rules
- Format flag: FLORNIXX{...}
- Dilarang merusak infrastruktur atau peserta lain
- Kerjasama dalam tim diperbolehkan
[ MODULE: ONBOARD ]
Get started
Daftarkan timmu, kerjakan challenge dari kategori Warmup, lalu naik level dengan tenang.