October 29, 2013
Starting with Beta, there are some changes like ALL registered (and email confirmed ) users gets VPN access, but not all users can build a fortress. All registered users can start to “play” with “Metasploitable In The Cloud” after setup their VPN. You can read down bellow (pct. 4) how to setup your VPN.
In order to get a fortress (VM to defend), you must first create a team. No team, no fortress; no team, no score board. However, you’ll be able to hack into others servers even if you don’t have a team, as you do have VPN access.
Your Team Name MUST NOT contain special characters.
In order to create your fortress, first thing first, you must add your Public Key. Go to Account>My Team>Edit and insert your public key]
When you generate the Public Key ( https://help.github.com/articles/generating-ssh-keys) try not to generate with Putty. We saw some wired stuff when generate through Putty. Under Linux works perfect.
Think twice before you add someone to your team. Bring only people you really think deserve to join your team. As Team Admin, you’ll be responsible for all of your team mates if they do something foolish. If one of your team members does something to violate the rules, the entire team will be kicked out. Is your responsibility as the team admin for you to determine who you allow on your team, and keep track of their actions.
Remember: At this time, our team invite system is not perfect, but we have more pertinent items to work on before we address perfecting this feature. Be patient, as we are still in alpha.
In order to start this round of CTF, we had to reset all of our prior VPN certificates. That means that if you got access to play CTF365, you’ll have to setup your new VPN certificates.
Remember this: No VPN, no Battle Ground Access. In Alpha and Beta stage, those who comply with the rules, and complete the registration requirements will get access. You can read HERE about who will be able to get Alpha/Beta access
Account>VPN –follow instructions
For Mac users you can read this tutorial http://blog.ctf365.com/setting-up-ctf365-vpn-for-mac-users/ about how to setup your VPN.
The Fortress is only for FULL access users. Read “CTF365 Beta Started” to see if you’re qualified for it.
Account>My Fortress>New Server
PLEASE REMEMBER:Your Fortress/Server name MUST NOT contain special characters
After “Create Server”, “Instantiate” (Push “Instantiate” BUTTON –image bellow)
Within seconds, you will have your Fortress up and running (ACTIVE, RUNNING state)
BUGS you might encounter:
After push “instantiate” to create server, we don’t have any spinning waiting/working signs/icons yet. So after the system prompt “Are you sure you want to instantiate” and push “Ok”, just wait up to few minutes (the system is a little overloaded) until you’ll see is getting ACTIVE/RUNNING state.
If nothing happened after you push once “Instantiate” OK button, REPEAT “Instantiate” push button operation it once more (OK included).
After that, if doesn’t happened to get your fortress into ACTIVE/RUNNING state send an email to email@example.com with all your actions AND details included (e.g. team name, server name you tried etc).
Once your server is in the ACTIVE, RUNNING state, click “Details” button and follow the instructions to get started on your CTF!
Setup your server according with our TheGame Page.
If you find a vulnerability on a CTF365 fortress or CTF365 website you can report it using the Scoring System. After you submit a vulnerability, we’ll check and approve it and you’ll get points and badge rank accordingly. You can check TheScore.
Scoring Button (up the right side) At this time, the scoring process will only accept IP addresses within our CTF network
( 10.194.0.1 – 10.195.1.254)
If you announce a XSS then insert the whole XSS-ed url
Now you can do blind scan but to easy your job, servers are in 10.194.0.x and 10.195.0x IP Range.
Having your Twitter, Facebook, LinkedIn and Blog/site linked in your account will help you to get better visibility.
Go on your Account > Edit Profile Tab.
- If you find any vulnerabilities, just report them accordingly and don’t make any major modification over the targeted server (e.g. don’t change passwords).
- Behave nicely. We’re still improving things and this is a development/improving stage.
- You can use IRC server (Account>IRC) to keep contact with players.
And last, you can give us feedback or bug reports at support [at] ctf365 [dot] com
Happy Hacking Hunting