Machine Submission Requirements

  • The Machine format needs to be VMWare Workstation or VirtualBox (OVF/OVA).
  • Make sure to use new operating systems like Windows 10/11, Alpine 3. *, Ubuntu 20/22, Debian 11
  • Unless it doesn’t require Graphical User Interface use CLI based operating systems
  • After deciding machine name use that as a hostname of the machine.
  • Exclude any commercial software that necessitates a license (including trial versions).
  • Use default pattern for home directory and username which is user john and home directory will be “/home/john or C:\Users\john”
  • For any challenge that need website, don’t use “Lorem ipsum or any unrealistic data” (website Data and its design should look real)
  • Use storage for linux under 10GB and for windows under 25GB(Without update).
  • For Linux Limit the RAM to 2GB & CPU to 2 CPU’s and for windows Limit the RAM to 2GB/4GB and CPU to 2 CPU’s .
  • Without a reason don’t include rabbit holes, especially in easy machines.
  • The common wordlist for passwords will be "rockyou.txt," so ensure passwords are created accordingly.
  • The common wordlist for directory busting will be "directory-list-2.3-medium.txt," so ensure web directories are identified accordingly.
  • Before submitting the machine, verify that no unintentional vulnerabilities are present.

 

Flag related

· Flags must not be predictable (Use Hexadecimal or l33t).

· In linux, flag location will be “/home/[user]/user.txt and /root/root.txt”

· In windows, flag location will be “C:\Users\[user]\Desktop\user.txt or C:\Users\Administrator\Desktop\root.txt”

· Before submitting the machine check for permission of the flag that user can read the file.

 

Walkthrough

Please include:

  • Full walkthrough showing the intended path to own the machine. Use formats like word or markdown.
  • Credentials for all users ( including root and user with user.txt and root.txt).
  • Description of important processes running on the machine.
  • Description of scripts running on the machine (crons, scheduled tasks, etc)

 

Difficulty

Easy:

· Usually 2-3 steps.

· No Reverse Engineering/Binary Exploitation

· No rabbit holes

Medium:

· Usually 3-4 steps.

· Custom exploitation

Hard:

· Usually 4 or more steps, but it can be higher.

Insane:

· Usually 5 or more steps, but it can be higher.