Avatar

Labs / Alpwned

  • Medium
  • Released 01 Aug 2025

🏔️ Can You Break Into This Alpine Fortress?

🏔️ This Alpine Linux system appears well-secured with multiple defensive layers protecting two valuable flags.

💻 A web application guards the entrance, while deeper system protections await those who can navigate past the initial barriers.

⚡ Can you find the path through the security measures and claim both treasures?

2
Flags
40
Points
Medium
Solution Available
Free Access
Start Lab Environment

Launch your dedicated AWS machine to begin hacking

~1-2 min setup
AWS dedicated
Private instance
Industry standard
Medium

Alpwned - Alpine Linux Challenge

Challenge Overview

Welcome to Alpwned! This challenge features an Alpine Linux system running a web application with various security measures in place. Your objective is to gain unauthorized access to the system and retrieve sensitive information. This challenge will test your web application security knowledge and system administration skills.

Learning Objectives

  • Web application security assessment
  • Authentication mechanism analysis
  • System access and enumeration
  • Linux privilege escalation
  • Security configuration analysis
  • Multi-stage attack coordination

Challenge Details

The target system hosts a web application that requires proper authentication to access administrative features. Your goal is to find vulnerabilities that allow you to bypass security controls and gain access to restricted areas. Once inside, you'll need to explore the system further to achieve complete compromise and retrieve all available flags.

Target Information

  • Web Application: Available on port 80
  • SSH Service: Available on port 22
  • Operating System: Alpine Linux
  • Flags: Two flags (user and root) need to be retrieved