RatCTF

⚡ New Series — Launching 31 May 2026

Project Meridian

Five new OSCP-prep machines set inside SolarGate Energy's industrial network. Each one isolates a core Linux privilege escalation technique — so you can drill the fundamentals before chaining them in a real pentest.

SUID abuse · cron hijacking · sudo escapes · Linux capabilities · multi-vector chain

Create Free Account View OSCP Path →

💡 Suggested by community member tumtum — awarded the 💡 Feature Favourite flair for this idea.

Dropping in

--days
:
--hrs
:
--min
:
--sec

31 May 2026 · 18:00 UTC

The Setup

SolarGate Energy's internal network

SolarGate Energy is a fictional industrial company running a mix of legacy Linux servers and modern infrastructure. Their security team is understaffed and their ops team keeps introducing privilege escalation misconfigs. Your job: get root on all five machines.

Each machine is fully isolated and Docker-based — spin it up, hack it, submit your flag. No shared state. No cheating via adjacent boxes.

The Machines

Five targets. One theme. Zero hand-holding.

01 🐀🐀

SOLARFLUX

SUID Abuse

A misconfigured SUID binary left behind after a failed patch window. Find it, understand why it's exploitable, and abuse it to read the root flag.

find -perm -4000 SUID shell GTFOBins
02 🐀🐀

GRIDLOCK

Cron Hijacking

A root cron job sources a world-writable script every minute. Inject a payload, wait 60 seconds, collect your flag. Classic and satisfying.

crontab -l world-writable scripts env injection
03 🐀🐀🐀

WATTAGE

Sudo Escape

The ops team gave themselves NOPASSWD sudo on a handful of programs they thought were safe. Spoiler: they weren't. Check GTFOBins, pick your route.

sudo -l sudo escape GTFOBins
04 🐀🐀🐀

CAPACITOR

Linux Capabilities

No SUID. No sudo. But a binary with cap_setuid+ep set by a junior admin who thought "capabilities are safer than SUID." They are not — if you know how to use them.

getcap -r / cap_setuid Python / Perl
05 🐀🐀🐀🐀🐀

OVERLOAD

Multi-Vector Chain

SolarGate's crown jewel server. Nothing is handed to you — you'll need to chain techniques from the previous four machines plus a few surprises. The full OSCP experience in one box.

full enumeration chained privesc lateral movement

☠ Series Finale

Why Meridian

Built specifically for OSCP prep

The OSCP exam doesn't give you hints. It doesn't tell you what technique to try. Meridian is designed the same way — minimal hints, realistic misconfigs, and a methodology that transfers directly to the exam.

Complete all five machines and you'll have drilled every Linux privesc category that OSCP tests. The OSCP Path on RatCTF includes Meridian alongside 10+ other machines — start there if you want the full picture.

View the OSCP Path →
5 Machines
4 Privesc Techniques
1 Finale Chain
Free No paywall

Ready to get root?

Meridian drops 31 May 2026. Register now — machines go live automatically in your account.

Create Free Account ← Back to Home