CTF365 – How and What To Do

Share Button

How to and what to do:

Starting with Beta, there are some changes like ALL registered (and email confirmed ) users gets VPN access, but not all users can build a fortress. All registered users can start to “play” with “Metasploitable In The Cloud“, “bWAPP In The Cloud“, “HacmeCasino and HacmeBank” after setup their VPN. You can read down bellow (pct. 4) how to setup your VPN.

1) Create a team:

In order to get a fortress (VM to defend –Silver/Gold Accounts Only), you must first create a team. No team, no fortress; no team, no score board. :-) However, you’ll be able to hack into others servers even if you don’t have a team, as you do have VPN access.

How to create a team:

Account>My Team

PLEASE REMEMBER:

Your Team Name MUST NOT contain special characters.

CreateNewTeam

2) Adding your Public Key. No Public Key, No Fortress

In order to create your fortress (–Silver/Gold Accounts Only), first things first, you must add your Public Key. Go to Account>My Team>Edit and insert your public key]

PLEASE REMEMBER:

When you generate the Public Key ( https://help.github.com/articles/generating-ssh-keys) try not to generate with Putty. We saw some wired stuff when generate through Putty. Under Linux works perfect.

ADD_Public_Key

 

3) Invite/Add new team members.

Think twice before you add someone to your team. Bring only people you really think deserve to join your team. As Team Admin, you’ll be responsible for all of your team mates if they do something foolish. :-) If one of your team members does something to violate the rules, the entire team will be kicked out. Is your responsibility as the team admin for you to determine who you allow on your team, and keep track of their actions.
Remember: At this time, our team invite system is not perfect, but we have more pertinent items to work on before we address perfecting this feature. Be patient, as we are still improve the Platform.

How to Add New Members:

Team Tab > Add New Member

Screenshot from 2014-10-18 13:34:36

4) Setup your VPN

Remember this! No VPN, no Battle Ground Access. Those who comply with the rules, and complete the registration requirements, will get VPN access.

How to set VPN:

Account>VPN –follow instructions

Screenshot from 2014-10-18 14:01:13

 

Mac Users: You can read this tutorial http://blog.ctf365.com/setting-up-ctf365-vpn-for-mac-users/ about how to setup your VPN.

Linux Users: You can follow this video tutorial

Windows Users: Please follow OpenVPN  Client Config Files

IMPORTANT! To config your DNS, please follow this -straight to the point- great tutorial written by our good friend Kamil Vavra: Setting Up OpenVPN Access to CTF365

5) Create your fortress

The Fortress is only for Silver/Gold Users.

How to create your fortress:

Account>My Fortress>New Server

PLEASE REMEMBER:

Your Fortress/Server name MUST NOT contain special characters

NewServer

After “Create Server”, “Instantiate” (Push “Instantiate” BUTTON –image bellow)

 

InstatiateServer

Within seconds, you will have your Fortress up and running (ACTIVE, RUNNING state)

CTF365-FortressActive-Running

BUGS you might encounter:

After push “instantiate” to create server, we don’t have any spinning waiting/working signs/icons yet. So after the system prompt “Are you sure you want to instantiate” and push “Ok”, just wait up to few minutes (the system is a little overloaded) until you’ll see is getting ACTIVE/RUNNING state.

If nothing happened after you push once “Instantiate” OK button,  REPEAT “Instantiate” push button operation it once more (OK included).

Instantiate

After that, if doesn’t happened to get your fortress into ACTIVE/RUNNING state send an email to support@ctf365.com with all your actions AND details included (e.g. team name, server name you tried etc).

 

Once your server is in the ACTIVE, RUNNING state, click “Details” button and follow the instructions to get started on your CTF!

SSH_ConnectDetails
Setup your server according with our TheGame Page.

6) Scoring System

If you find a vulnerability on a CTF365 fortress or CTF365 website you can report it using the Scoring System. After you submit a vulnerability, we’ll check and approve it and you’ll get points and badge rank accordingly. You can check TheScore.

How to submit a scoring (vulnerability):

Scoring Button (up the right side) At this time, the scoring process will only accept IP addresses within our CTF network ( 10.194.0.1 – 10.195.1.254)

UPDATE

If you announce a XSS then insert the whole XSS-ed url

ScoringSystem

7) Scanning the network

Now you can do blind scan but to easy your job, servers are in 10.194.0.x and 10.195.0x IP Range.

8) Edit Your User Profile

Having your Twitter, Facebook, LinkedIn and Blog/site linked in your account will help you to get better visibility.

ProfileView

 

How to:

Go on your Account > Edit Profile Tab.

EditUserProfile

Please remember:

– If you find any vulnerabilities, just report them accordingly and don’t make any major modification over the targeted server (e.g. don’t change passwords).
– Behave nicely. We’re still improving things and this is a development/improving stage.

– You can use IRC server (Account>IRC) to keep contact with players.

 

And last, you can give us feedback or bug reports at support [at] ctf365 [dot] com

Happy Hacking Hunting :-)

Share Button

Marius Corici

Lazy entrepreneur: Thinking a lot to do less, preserving energy, providing simplicity.

You may also like...

22 Responses

  1. Finnhax says:

    Is this up and running yet? I got early alpha-acces and I don’t see a button to create a fortress… :(

  2. 5l@B says:

    When I log into my account and go to my account settings, I do not see the VPN option?

    • marius.corici says:

      If you don’t see the VPN option, it’s OK. That means you don’t have access to Alpha stage. Nothing to worry about.

  3. 3rr0r404 says:

    how do we attack some1 i cant figure it out how do we find some server

  4. Hey, having alpha access is really awesome, is there anywhere to submit bugs and things?
    Awesome Job so far, impressed

  5. aidden,keli says:

    Is there a listing of IPs that are with out a doubt your infrastructure? Per your Terms of Service I want to make sure I don’t and/or cant target out of scope IP’s.

    • marius.corici says:

      Actually you can perform blind scan but, to help you with, if you’re part of Beta, then you can scan and access whatever you find on 10.194.0.x IP range. If not, then you might want to exercise on http://metasploitable.ctf.

      Have fun. :-)

  6. BadTasTe says:

    hi,

    I’m connected to the VPN correctly but i don’t have acces to http://metasploitable.ctf, any help?

    Thanks.

    Keep on the good work guys :)

  7. BadTasTe says:

    Hey again,

    well from here it doesn’t, but i do have the acces using the ip 10.195.X.IP on port 80 so… i don’t know.

    Anyway, i’ve already sent 2 emails to support but no answear till now, i suppose they are overbooked.

    thank you.

    regards!

    BadTasTe

  8. BadTasTe says:

    No not really but i can acces it trough the IP so it’s not a problem for the moment.
    I have also make a request to support for a beta access 2 weeks ago but still no answear :(
    I’ve not used my ctf account email for this, should i send another mail using this email or is it ok?

    Thanks for your help!

    • marius.corici says:

      About your Beta access, there are some news. We intend to go Beta Public Live this week if all in place.

  9. BadTasTe says:

    Woot Woot!!!! Great News
    You are doing an amazing job guys!!! Congrats :)

  10. am i doing it wrong?

    i made this file structure:

    /etc/openvpn/ca.crt
    /etc/openvpn/client.conf
    /etc/openvpn/ta.key
    /etc/openvpn/easy-rsa/keys/cl1.crt
    /etc/openvpn/easy-rsa/keys/cl1.key

    i first placed auth-user-pass.conf at /etc/openvpn
    but when i restart vpn it says that both vpn “client” and “auth-user-pass” start
    so i placed auth-user-password to /etc/openvpn/auth-user and modified client.conf auth-user-password line like this: auth-user-pass /auth-user/auth-user-pass.conf

    got nothing…
    what am i doing wrong?

  11. mitnikhackr says:

    I have watched the video on how to set up the VPN and read all I can find but when I try to import the client.conf I get the error,
    “Cannot import VPN connection,The file ‘client.conf’ could not be read or does not contain recognized VPN connection information
    Error: Key file contains line ‘dev tun’ which is not a key-value pair, group, or comment.
    Any help would be greatly appriciated, thanks for your time.

Leave a Reply

Your email address will not be published. Required fields are marked *

ERROR: si-captcha.php plugin says GD image support not detected in PHP!

Contact your web host and ask them why GD image support is not enabled for PHP.

ERROR: si-captcha.php plugin says imagepng function not detected in PHP!

Contact your web host and ask them why imagepng function is not enabled for PHP.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>