Review of the challenges

Wednesday 12 October 2022

As methodologies, tools and technologies evolve, we have decided to re-evaluate the point value of some of the platform’s challenges.
We believe that some of them may have been undervalued/overvalued at the time of their release, or that over time others have become easier to achieve.
Therefore, as of today, the following changes have been applied to all the challenges below. Please take into account the server cache if some of the changes do not appear.

App-Script:
° Bash - Quoted expression injection (UP) : 25 -> 30 points
° Bash - Race condition (UP) : 25 -> 35 points
° Bash - Restricted Shells (DOWN) : 70 -> 60 points

Realistic:
° Well-Known (UP) : 35 - > 45 points
° Root me, for real (UP) : 50 -> 70 points
° Django Unchained (DOWN) : 60 -> 50 points
° Red Pills (DOWN) : 80 -> 70 points

Web-Server:
° PHP - Unserialize overflow (UP) : 40 -> 55 points
° Node JS Protoype Pollution Bypass (UP) : 35 -> 45 points
° File Upload Polyglot (UP) : 40 -> 45 points

Steganography:
° WAV - Noise Analysis (DOWN) : 15 -> 10 points
° George and Alfred (DOWN) : 15 -> 10 points
° Base Jumper (UP) : 25 -> 35 points
° Hide & Seek (UP) : 25 -> 45 points
° Angecryption (UP) : 30 -> 35 points
° Crypt Art (DOWN) : 35 -> 25 points

Forensic:
° Rootkit coldcase (UP) : 45 -> 50 points
° Multi Devices (UP) : 40 -> 45 points

Network:
° RipV1 - No Authentication (UP) : 40 -> 55 points
° RF Key Fixed Code (DOWN) : 30 -> 20 points

Cracking:
° Powershell Deobfuscation (DOWN) : 40 -> 30 points
° Godot Mono (DOWN) : 25 -> 20 points
° Root My Droid (Change of category) : previously Forensic
° Insomni’Droid (Category change) : previously Forensic

We are listening to the Root-Me community and if you think that some challenges should still be re-evaluated, do not hesitate to inform by private message a member of the @QA team on Discord specifying the challenge as well as the reasons why you would like to see it re-evaluated 😄.

Sincerely,
The Root-Me team.