Get in Touch With Us
Founded by cybersecurity enthusiasts, this platform was created to provide realistic hands-on labs focused on exploitation, analysis, and practical offensive security skills. Each challenge is designed to simulate real-world scenarios and help users learn through practice, not theory.
NOIRTHHACK // CTF LAB
ACCESS VECTOR
Hands-on exploitation • analysis • real attack paths
target: lab.noirthhack.pl
mode: practice
status: ready
$ run challenge –tier=free
NOIRTHHACK :: INCIDENT CONSOLE (SIMULATION)
CTF
WAF
IDS
syslog / web / php
[00:00:01] boot → lab container OK
[00:00:03] nginx → worker spawned (pid=412)
[00:00:07] req 10.13.37.44 → GET / 200 3.1ms
[00:00:09] waf → anomaly score=7 rule=930120
[00:00:13] ids → signature=WEB_ATTACK src=10.13.37.44 dst=10.13.37.10:80
[00:00:16] req 10.13.37.44 → GET /?page=../../../../etc/passwd 200 suspicious
[00:00:16] php → Warning: include(): failed to open stream
[00:00:17] Stack trace:
#0 /var/www/html/index.php(21): include(‘..//..//..//..’)
#1 /var/www/html/router.php(9): handle_request()
[00:00:19] waf → rule=942100 SQLi pattern=union select
[00:00:19] req 10.13.37.44 → GET /search?q=’ UNION SELECT 1,2,3– 403
noirth@lab:~/ctf$
curl -i “http://lab.noirthhack.local/upload” -F “file=@shell.php”
HTTP/1.1 406 Not Acceptable
X-WAF: triggered / policy=filetype
X-Request-Id: nh-7b3f-19e2
{“error”:”blocked”,”reason”:”payload signature”}
[00:00:24] ALERT → sandbox snapshot created. challenge remains solvable.
ops / controls
TARGET lab.noirthhack.local
SESSION nh-7b3f-19e2
RATE 429 / 60s
WAF ON (paranoia=2)
IDS ON (signatures)
PORTSTATESERVICE
22filteredssh
80openhttp
443closedhttps
8080openalt-http
OBJECTIVE
capture flag
bypass controls • find path • submit NH{…}
HARD HINTS
slow down (429)
leak is real (debug)
filters > uploads
Email address
mpainkiller792@gmail.com