A user who is ready to practice their hacking skills will start by downloading our app as a Docker file. They can then run the app which will launch two containers and tell the user what local IP address to connect on. Then when the user types that address into their browser, they will see a fully dynamic hospital website. The site will be fake but will look and feel real with a patient portal, doctor search, login page, and storefront.
As the user hacks into the site, they will find "flags" that act as a reward. By going to the local wiki (a separate container launched when the app starts), they can enter the flag. This will award points and increase their completion percentage. In addition, the wiki will explain why the code was vulnerable, and allow the user to fix the specified code with a single click. Now when they return to the vulnerable server, they will need to find new vulnerabilities to exploit and score points.
For a more unique challenge, the user can choose to have our program randomly select which vulnerabilities to include in the server. This allows for more replayability and encourages users to streamline their methods of scanning. In the case of a classroom or competition environment, this randomness can be seeded to allow for a level playing field.