RatCTF
The XSS Rat Training Grounds
Training machines built by The XSS Rat — from basic enumeration to extreme multi-vector chains. Register once, unlock targets, submit flags, and track your progress on the leaderboard.
⚡ New Series — Launching 31 May 2026
5 new OSCP-prep machines inside SolarGate Energy's network. SUID abuse, cron hijacking, sudo escapes, and Linux capabilities — a full Linux privesc series.
Dropping in
🛡 Purple Team Series — Launching 20 Jun 2026
Five connected hosts. One breach. Log forensics, SOC triage, code review, and a host under constant attack that you must defend — with a 30-minute auto-reset.
Dropping in
Coming Soon
Blindspot is an internal URL validation tool. It checks whether endpoints are reachable — and it makes those requests from the server. There's an internal configuration service that wasn't supposed to be externally accessible.
In calculating...
Foxhole's authentication system was written by a developer who read the documentation, just not all of it. The gate looks solid from the outside. The question is whether you understand how the lock actually works.
In calculating...
TokenSmith is an internal OAuth 2.0 provider. It handles authorization flows and issues tokens to clients. There's a known issue in the tracker about redirect_uri validation — issue #214, filed months ago, still open.
In calculating...
172823 points
135995 points
118608 points
104535 points
59223 points
Want to go further?
These labs are built around the same methodology taught in The XSS Rat's courses. If you want the full picture — recon, exploit chains, API hacking, business logic, CNWPP certification and everything in between — the Endless Bundle has 45+ courses, 3 cert paths, weekly live sessions, and every future release included. No subscriptions. No upsells.