RatCTF
The XSS Rat Training Grounds
Training machines built by The XSS Rat — from basic enumeration to extreme multi-vector chains. Register once, unlock targets, submit flags, and track your progress on the leaderboard.
⚡ New Series — Launching 31 May 2026
5 new OSCP-prep machines inside SolarGate Energy's network. SUID abuse, cron hijacking, sudo escapes, and Linux capabilities — a full Linux privesc series.
Dropping in
🛡 Purple Team Series — Launching 20 Jun 2026
Five connected hosts. One breach. Log forensics, SOC triage, code review, and a host under constant attack that you must defend — with a 30-minute auto-reset.
Dropping in
Coming Soon
Breakout is an internal container management console that was meant to be ops-only. Someone left a debug endpoint live. The container has more access to the runtime than it should — and so do you.
In calculating...
Darkpulse is a full Active Directory environment built by an ops team that grew too fast to keep up with its own complexity. Every layer trusts the one beneath it. The monitoring system has a view of everything — and so will you, once you understand what it's reporting.
In calculating...
Blindspot is an internal URL validation tool. It checks whether endpoints are reachable — and it makes those requests from the server. There's an internal configuration service that wasn't supposed to be externally accessible.
In calculating...
172823 points
133985 points
118608 points
53073 points
51676 points
Want to go further?
These labs are built around the same methodology taught in The XSS Rat's courses. If you want the full picture — recon, exploit chains, API hacking, business logic, CNWPP certification and everything in between — the Endless Bundle has 45+ courses, 3 cert paths, weekly live sessions, and every future release included. No subscriptions. No upsells.