Act-of-Valor-Sniper-Team

CTF365 – How and What To Do

October 29, 2013

How to and what to do:

Starting with Beta, there are some changes like ALL registered (and email confirmed ) users gets VPN access, but not all users can build a fortress. All registered users can start to “play” with “Metasploitable In The Cloud” after setup their VPN. You can read down bellow (pct. 4) how to setup your VPN.

1) Create a team:

In order to get a fortress (VM to defend), you must first create a team. No team, no fortress; no team, no score board. :-) However, you’ll be able to hack into others servers even if you don’t have a team, as you do have VPN access.

How to create a team:

Account>My Team

PLEASE REMEMBER:

Your Team Name MUST NOT contain special characters.

CreateNewTeam

2) Adding your Public Key. No Public Key, No Fortress

In order to create your fortress, first thing first, you must add your Public Key. Go to Account>My Team>Edit and insert your public key]

PLEASE REMEMBER:

When you generate the Public Key ( https://help.github.com/articles/generating-ssh-keys) try not to generate with Putty. We saw some wired stuff when generate through Putty. Under Linux works perfect.

ADD_Public_Key

 

3) Invite/Add new team members.

Think twice before you add someone to your team. Bring only people you really think deserve to join your team. As Team Admin, you’ll be responsible for all of your team mates if they do something foolish. :-) If one of your team members does something to violate the rules, the entire team will be kicked out. Is your responsibility as the team admin for you to determine who you allow on your team, and keep track of their actions.
Remember: At this time, our team invite system is not perfect, but we have more pertinent items to work on before we address perfecting this feature. Be patient, as we are still in alpha.

How to Add New Members:

Account>My Team>Edit

ADDTeamMember

4) Setup your VPN

In order to start this round of CTF, we had to reset all of our prior VPN certificates. That means that if you got access to play CTF365, you’ll have to setup your new VPN certificates.
Remember this: No VPN, no Battle Ground Access. In Alpha and Beta stage, those who comply with the rules, and complete the registration requirements will get access. You can read HERE about who will be able to get Alpha/Beta access

How to set VPN:

Account>VPN –follow instructions

 

CTF365-VPN

For Mac users you can read this tutorial http://blog.ctf365.com/setting-up-ctf365-vpn-for-mac-users/ about how to setup your VPN.

4) Create your fortress

The Fortress is only for FULL access users. Read “CTF365 Beta Started” to see if you’re qualified for it.

How to create your fortress:

Account>My Fortress>New Server

PLEASE REMEMBER:

Your Fortress/Server name MUST NOT contain special characters

NewServer

After “Create Server”, “Instantiate” (Push “Instantiate” BUTTON –image bellow)

 

InstatiateServer

Within seconds, you will have your Fortress up and running (ACTIVE, RUNNING state)

CTF365-FortressActive-Running

BUGS you might encounter:

After push “instantiate” to create server, we don’t have any spinning waiting/working signs/icons yet. So after the system prompt “Are you sure you want to instantiate” and push “Ok”, just wait up to few minutes (the system is a little overloaded) until you’ll see is getting ACTIVE/RUNNING state.

If nothing happened after you push once “Instantiate” OK button,  REPEAT “Instantiate” push button operation it once more (OK included).

Instantiate

After that, if doesn’t happened to get your fortress into ACTIVE/RUNNING state send an email to support@ctf365.com with all your actions AND details included (e.g. team name, server name you tried etc).

 

Once your server is in the ACTIVE, RUNNING state, click “Details” button and follow the instructions to get started on your CTF!

SSH_ConnectDetails
Setup your server according with our TheGame Page.

5) Scoring System

If you find a vulnerability on a CTF365 fortress or CTF365 website you can report it using the Scoring System. After you submit a vulnerability, we’ll check and approve it and you’ll get points and badge rank accordingly. You can check TheScore.

How to submit a scoring (vulnerability):

Scoring Button (up the right side) At this time, the scoring process will only accept IP addresses within our CTF network ( 10.194.0.1 – 10.195.1.254)

UPDATE

If you announce a XSS then insert the whole XSS-ed url

ScoringSystem

6) Scanning the network

Now you can do blind scan but to easy your job, servers are in 10.194.0.x and 10.195.0x IP Range.

7) Edit Your User Profile

Having your Twitter, Facebook, LinkedIn and Blog/site linked in your account will help you to get better visibility.

ProfileView

 

How to:

Go on your Account > Edit Profile Tab.

EditUserProfile

Please remember:

- If you find any vulnerabilities, just report them accordingly and don’t make any major modification over the targeted server (e.g. don’t change passwords).
- Behave nicely. We’re still improving things and this is a development/improving stage.

- You can use IRC server (Account>IRC) to keep contact with players.

 

And last, you can give us feedback or bug reports at support [at] ctf365 [dot] com

Happy Hacking Hunting :-)

Tags: , , , , ,

17 Comments

  1. Finnhax says:

    Is this up and running yet? I got early alpha-acces and I don’t see a button to create a fortress… :(

  2. 5l@B says:

    When I log into my account and go to my account settings, I do not see the VPN option?

    • marius.corici says:

      If you don’t see the VPN option, it’s OK. That means you don’t have access to Alpha stage. Nothing to worry about.

  3. 3rr0r404 says:

    how do we attack some1 i cant figure it out how do we find some server

  4. Hey, having alpha access is really awesome, is there anywhere to submit bugs and things?
    Awesome Job so far, impressed

  5. aidden,keli says:

    Is there a listing of IPs that are with out a doubt your infrastructure? Per your Terms of Service I want to make sure I don’t and/or cant target out of scope IP’s.

    • marius.corici says:

      Actually you can perform blind scan but, to help you with, if you’re part of Beta, then you can scan and access whatever you find on 10.194.0.x IP range. If not, then you might want to exercise on http://metasploitable.ctf.

      Have fun. :-)

  6. BadTasTe says:

    hi,

    I’m connected to the VPN correctly but i don’t have acces to http://metasploitable.ctf, any help?

    Thanks.

    Keep on the good work guys :)

  7. BadTasTe says:

    Hey again,

    well from here it doesn’t, but i do have the acces using the ip 10.195.X.IP on port 80 so… i don’t know.

    Anyway, i’ve already sent 2 emails to support but no answear till now, i suppose they are overbooked.

    thank you.

    regards!

    BadTasTe

  8. BadTasTe says:

    No not really but i can acces it trough the IP so it’s not a problem for the moment.
    I have also make a request to support for a beta access 2 weeks ago but still no answear :(
    I’ve not used my ctf account email for this, should i send another mail using this email or is it ok?

    Thanks for your help!

    • marius.corici says:

      About your Beta access, there are some news. We intend to go Beta Public Live this week if all in place.

  9. BadTasTe says:

    Woot Woot!!!! Great News
    You are doing an amazing job guys!!! Congrats :)

Leave a Comment