https://cyberlessons101.com

Like to create a challenge and have it added here, talk to Mr. Beck!

Note: Not all flags listed below may be available when using the public scoreboard at home.

Machine_Info_Documents (Cyber_Range_1)

SQL Inject: Flag_5

Reverse Shell: 172.25.200.200 Flag_B

GET/POST: (Flag_L) 172.25.200.200:9017

Reverse Shell: Flag_K

Reverse Shell: 172.25.0.17: Flag_N

Python Brute: 172.25.200.200:9013 Flag_G

SSRF: 172.25.0.21: Flag_Q

Metasploit: 172.25.0.23: Flag_M

Metasploit: 172.25.0.24: Flag_R

PhpMyAdmin: Flag_S

No Cap: 172.25.0.26: Flag_6

Phar: 172.25.200.200:9007 Flag_7

Git-Dumper: 172.25.200.200:9008 Flag_8

Cookie Brute: 172.25.200.200:9009: Flag_9

Active Directory: 172.25.0.30: Flag_C

Python Enum: 172.25.0.31: Flag_U

Python Enum: 172.25.0.32: Flag_t

SSTI: 172.25.0.35: Flag_J

Reverse Shell: 172.25.0.40: Flag_D

Python RCE: Flag_O 172.25.200.200:9018

SSH Tunnel: 172.25.200.200:9010: Flag_E

DNS: 172.25.200.200:9011 Flag_F

Enumerate: 172.25.200.200:9014: Flag_H

Python POST Variables: FLAG_I

Kerberoast: 172.25.0.60: Flag_Y

Wordpress: 172.25.200.200:9039 Flag_W

Delegate: RED5

172.25.0.72/73 RED7: INSYNC

172.25.0.80 (Red8): SQL Madness

Burp: 172.25.200.200:9005 (Red1)

Burp: 172.25.200.200:9005 (Red2)

Burp 172.25.200.200:9005 (Red3)

Deserialize: 172.25.0.230: Flag_P

Kerberos: 172.25.0.244/245: Flag A

Mimikatz/Hashcat (Red4)

(Red6) Linux PAM Exploit

Subrion CVE: (Red9)

(Red12) Wordpress Infiltration:

Race to Escape: (Red13)

(Red14) Domain Detection, Tunneling Tactics, and Shellshock Dominance:

(Red15) From Emails to Admin Access!

(Red16) NTLM/Kerberos/Kali

(Red17) S-S-T-I Mart!

(Red18) QueryQuake: Shaking Grafana:

PEARfection: (Red19)

TickTock Intrusion: (Red20)

VM Download: (Red21)

Har Har Hijack: (Red22)

VM Download: (Red23)

JWT Intrigue: (Red24)

403(Red25)

XSS Admin Assault (Red26)

CORS Crossfire (Red27)

Symlink Sabotage (Red28)

Advanced SQL (Red29)

Pivoting with Ligolo (Red30)

Hacking Jenkins (Red31)

Wordpress (Red32)

LAPS Lockdown: (Red 33)

Active Directory ACE Abuse (Red 34)

NTLM_THEFT (RED35)

Double Pivot (RED36/Red37)

SNMP Sniper (Red38)

DNSAdmin (Red39)

XXE (Red40)

Mimikatz (Red41)

• Flag 2

Perseverance (Red42)

TeamCity: (Red43)

Juggler(Red44)

Roundcube: (Red45)

DNS Resolver (Red46)

Log4Shell (Red47)

(Red50) XSS-Challenge

(RED51) Secure File Upload

(RED53) XSS

(RED54) Deserialize

(RED55) XXE

RED_56 (AXFR)

RED_57 (Next JS 12.2)

RED_58 (CVE-2023-40028-Ghost)

Red-59: CTFd Admin Challenge

Red-60: You Are Awesome PDF! (SSRF Challenge)

Red-61: Blind SQL Training

Red-62: CVE-2026-24061 (Telnetd)

Red-63 CVE-2024-50498 (WP Query)

Red-64 PHP Serialization Basic Training.

Red65-Red67: PHP Serialization Part 2. (Magic Methods)

Red68: Loot Box

Red69: Repair Shop

Red70 (PHP Filter Chain Lesson)

Red71 (CVE-2025-29927) Next.js Deep Dive

Red72: This is War!

Red 73 (React CVE-2025-55182)