Gamification and Challenges

Weekly Hacking Challenges

The following table consist of the hacking challenges arranged by Teen Hackers’ Academy for the next weeks:

Week	Challenge	Focus Area	Objective/Goal	Tools/Resources

1

Reconnaissance & Information Gathering

Web Security & OSINT

Perform reconnaissance on a target website or server to gather open-source information and footprints.

Nmap, WHOIS, Google Dorking, Maltego, Shodan

2

Basic Network Scanning

Network Security

Use network scanning tools to map a target network, identify open ports, and find vulnerable services.

Nmap, Zenmap, Angry IP Scanner

3

Password Cracking

Cryptography & Authentication

Practice cracking hashed passwords using dictionaries and brute-force techniques.

John the Ripper, Hashcat, RockYou wordlist

4

Web Application Vulnerabilities (SQL Injection)

Web Application Security

Identify and exploit SQL injection vulnerabilities in a test website or web app.

SQLMap, DVWA (Damn Vulnerable Web App), bWAPP

5

Social Engineering Simulation

Social Engineering

Craft a phishing email or simulate a social engineering attack to understand human vulnerabilities.

SET (Social Engineer Toolkit), GoPhish

6

Exploiting Cross-Site Scripting (XSS)

Web Application Security

Perform XSS attacks on a vulnerable test website to execute scripts in the browser.

Burp Suite, OWASP Juice Shop, DVWA

7

Privilege Escalation on Linux

System Security

Gain root access by escalating privileges on a vulnerable Linux machine.

Metasploit, TryHackMe, HackTheBox

8

Wireless Network Hacking

Wireless Security

Capture and crack WPA/WPA2 Wi-Fi passwords using packet sniffing and brute force.

Aircrack-ng, Wireshark, Kismet

9

Buffer Overflow Exploitation

System Exploitation

Write and execute a buffer overflow exploit to take control of a vulnerable application.

Immunity Debugger, GDB, Metasploit

10

Capture The Flag (CTF) Challenge

General Penetration Testing

Participate in a beginner-level CTF challenge to solve cybersecurity puzzles and find hidden flags.

CTF platforms (CTFtime.org, PicoCTF, HackTheBox)

11

Cryptography & Encoding

Cryptography

Solve cryptographic challenges and decode/encode messages in different formats (Base64, Caesar cipher).

CyberChef, Cryptool, Python

12

Bypassing Firewalls & IDS

Network Security

Test methods to bypass firewalls and intrusion detection systems (IDS).

Nmap, Wireshark, Snort, Metasploit

13

Malware Analysis (Static & Dynamic)

Malware Analysis

Analyze malware behavior by running it in a sandbox environment and inspecting its code.

Cuckoo Sandbox, IDA Pro, OllyDbg, VirusTotal

14

Web Application Vulnerabilities (CSRF)

Web Application Security

Exploit a Cross-Site Request Forgery (CSRF) vulnerability on a vulnerable web app.

OWASP ZAP, Burp Suite, OWASP WebGoat

15

Ransomware Simulation

Malware Development

Simulate a ransomware attack in a controlled environment and create decryption mechanisms.

Python, PowerShell, VirtualBox

16

Reverse Engineering

Software Exploitation

Reverse engineer a binary to understand its functionality or remove a software protection mechanism.

Ghidra, IDA Free, Binary Ninja, Radare2

17

Web Shell Upload

Web Exploitation

Upload a web shell to a vulnerable server and use it to gain remote access.

PentestMonkey web shell, Burp Suite, Kali Linux

18

IoT Device Hacking

Internet of Things (IoT)

Penetrate a smart home device or IoT network to test for vulnerabilities.

Wireshark, Shodan, Metasploit, Firmware Analysis Tools

19

Binary Exploitation (ROP Chains)

System Security

Write Return-Oriented Programming (ROP) chains to exploit a vulnerable binary.

Pwntools, GDB, ROPgadget

20

File Upload Vulnerability Testing

Web Application Security

Exploit insecure file upload functionality on a website to upload malicious files.

Burp Suite, OWASP Juice Shop, Metasploit

21

Code Injection

Web Application Security

Inject code (e.g., PHP or Python) into a vulnerable application and execute remote commands.

Burp Suite, DVWA, bWAPP

22

Steganography Challenge

Information Hiding

Find and extract hidden information from image, audio, or video files using steganography techniques.

Steghide, Binwalk, StegoSolver

23

Active Directory Hacking

Network Security

Break into and escalate privileges in an Active Directory environment.

BloodHound, PowerView, Mimikatz, CrackMapExec

24

Mobile Application Hacking

Mobile Security

Perform security tests on Android or iOS applications to find vulnerabilities.

APKTool, Frida, MobSF, Drozer

25

DNS Spoofing & Poisoning

Network Exploitation

Carry out DNS spoofing attacks to redirect traffic to a malicious website or server.

Ettercap, DNSChef, dnsspoof

26

Log Analysis & Incident Response

Forensics

Analyze log files to identify signs of an attack and create an incident response report.

Kibana, Splunk, ELK Stack, Wireshark

Earn Achievement and Recognition

Leaderboard

A leaderboard award for hacking challenges typically recognizes the top performers in a hacking competition or challenge series. These awards encourage participants to compete and excel in solving challenges, identifying vulnerabilities, or exploiting systems in a controlled, ethical manner. Leaderboards are often used in Capture the Flag (CTF) competitions, bug bounty programs, or weekly/monthly cybersecurity challenges.

Category	Description

Leaderboard System

Ranks participants based on points earned by solving challenges, with real-time updates. Speed and accuracy are key.

Points System

Points awarded based on challenge difficulty: Easy (10-50 points), Medium (50-100 points), Hard (100-500 points).

Awards for Top Ranks

Cash prizes, trophies, certificates, internships, scholarships, or exclusive swag for top 3 or top performers.

Special Awards

Categories like Fastest Solver, Best Exploit, and Most Challenges Completed.

Participation Awards

Some competitions offer participation certificates or small rewards for completing a minimum number of challenges.

Rank Criteria

Participants are ranked based on points, number of challenges solved, and completion time as a tiebreaker.

Motivation

Encourages competition and engagement, helping participants improve their skills while aiming for higher rankings.

Competitions with Leaderboards

Capture The Flag (CTF), bug bounty programs (HackerOne, Bugcrowd), cybersecurity hackathons.

Hack of the week

The “Hack of the Week” Challenge is a weekly hacking competition or challenge series designed to help participants enhance their hacking and cybersecurity skills in a structured, time-bound environment. Each week, a new challenge is presented, focusing on different hacking techniques, vulnerabilities, or cybersecurity tasks. Participants are encouraged to solve the challenge within the week to earn points or rewards.

Category	Description

Challenge Frequency

Weekly challenges, each focusing on a new hacking or cybersecurity topic.

Skill Development

Practical skills in web security, cryptography, system exploitation, malware analysis, etc.

Difficulty Levels

Challenges available for beginner, intermediate, and advanced participants.

Time Limit

One week to solve each challenge, encouraging quick problem-solving.

Leaderboard

Tracks participants’ scores, ranking them based on points earned for challenge completion.

Awards & Recognition

Weekly or cumulative awards (e.g., certificates, digital badges, prizes) for top-performing hackers.

Learning Resources

Write-ups or solutions provided post-challenge to help participants learn from mistakes.

Community Engagement

Encourages collaboration and discussions in forums or chat groups to share ideas and solutions.

Challenge Examples

Web app exploitation, password cracking, privilege escalation, network sniffing, etc.

Interactive Hacking Quizzes

Interactive hacking quizzes are digital tools or platforms designed to test and enhance participants’ knowledge of cybersecurity and hacking concepts through engaging, scenario-based questions. These quizzes offer a hands-on learning experience where users are challenged to solve problems or answer questions based on real-world hacking techniques, vulnerabilities, or defense mechanisms.