CTF365 – How and What To Do

How to and what to do:

Starting with Beta, there are some changes like ALL registered (and email confirmed ) users gets VPN access, but not all users can build a fortress. All registered users can start to “play” with “Metasploitable In The Cloud“, “bWAPP In The Cloud“, “HacmeCasino and HacmeBank” after setup their VPN. You can read down bellow (pct. 4) how to setup your VPN.

1) Create a team:

In order to get a fortress (VM to defend –Silver/Gold Accounts Only), you must first create a team. No team, no fortress; no team, no score board. πŸ™‚ However, you’ll be able to hack into others servers even if you don’t have a team, as you do have VPN access.

How to create a team:

Account>My Team


Your Team Name MUST NOT contain special characters.


2) Adding your Public Key. No Public Key, No Fortress

In order to create your fortress (–Silver/Gold Accounts Only), first things first, you must add your Public Key. Go to Account>My Team>Edit and insert your public key]


When you generate the Public Key ( https://help.github.com/articles/generating-ssh-keys) try not to generate with Putty. We saw some wired stuff when generate through Putty. Under Linux works perfect.



3) Invite/Add new team members.

Think twice before you add someone to your team. Bring only people you really think deserve to join your team. As Team Admin, you’ll be responsible for all of your team mates if they do something foolish. πŸ™‚ If one of your team members does something to violate the rules, the entire team will be kicked out. Is your responsibility as the team admin for you to determine who you allow on your team, and keep track of their actions.
Remember: At this time, our team invite system is not perfect, but we have more pertinent items to work on before we address perfecting this feature. Be patient, as we are still improve the Platform.

How to Add New Members:

Team Tab > Add New Member

Screenshot from 2014-10-18 13:34:36

4) Setup your VPN

Remember this! No VPN, no Battle Ground Access. Those who comply with the rules, and complete the registration requirements, will get VPN access.

How to set VPN:

Account>VPN –follow instructions

Screenshot from 2014-10-18 14:01:13


Linux Users: You can follow this video tutorial


Mac OS users: You can follow this tutorial


Windows Users: Please follow OpenVPNΒ  Client Config Files

IMPORTANT! To config your DNS, please follow this -straight to the point- great tutorial written by our good friend Kamil Vavra: Setting Up OpenVPN Access to CTF365

5) Create your fortress

The Fortress is only for Silver/Gold Users.

How to create your fortress:

Account>My Fortress>New Server


Your Fortress/Server name MUST NOT contain special characters


After “Create Server”, “Instantiate” (Push “Instantiate” BUTTON –image bellow)



Within seconds, you will have your Fortress up and running (ACTIVE, RUNNING state)


BUGS you might encounter:

After push “instantiate” to create server, we don’t have any spinning waiting/working signs/icons yet. So after the system prompt “Are you sure you want to instantiate” and push “Ok”, just wait up to few minutes (the system is a little overloaded) until you’ll see is getting ACTIVE/RUNNING state.

If nothing happened after you push once “Instantiate” OK button,Β  REPEAT “Instantiate” push button operation it once more (OK included).


After that, if doesn’t happened to get your fortress into ACTIVE/RUNNING state send an email to [email protected] with all your actions AND details included (e.g. team name, server name you tried etc).


Once your server is in the ACTIVE, RUNNING state, click β€œDetails” button and follow the instructions to get started on your CTF!

Now you can start and deploy your applications.

6) Scoring System

If you find a vulnerability on a CTF365 fortress or CTF365 website you can report it using the Scoring System. After you submit a vulnerability, we’ll check and approve it and you’ll get points and badge rank accordingly. You can check TheScore.

How to submit a scoring (vulnerability):

Scoring Button (up the right side) At this time, the scoring process will only accept IP addresses within our CTF network ( –


If you announce a XSS then insert the whole XSS-ed url


7) Scanning the network

Now you can do blind scan but to easy your job, servers are in 10.194.0.x and IP Range.

8) Edit Your User Profile

Having your Twitter, Facebook, LinkedIn and Blog/site linked in your account will help you to get better visibility.



How to:

Go on your Account > Edit Profile Tab.


Please remember:

– If you find any vulnerabilities, just report them accordingly and don’t make any major modification over the targeted server (e.g. don’t change passwords).
– Behave nicely. We’re still improving things and this is a development/improving stage.


And last, you can give us feedback or bug reports at support [at] ctf365 [dot] com

Happy Hacking Hunting πŸ™‚

Marius Corici

Lazy (energy efficient) entrepreneur: Thinking a lot to do less, preserving energy, providing simplicity.

You may also like...

31 Responses

  1. Finnhax says:

    Is this up and running yet? I got early alpha-acces and I don’t see a button to create a fortress… πŸ™

    • marius.corici says:

      If you don’t see the VPN option, it’s OK. That means you don’t have access to Alpha stage. Nothing to worry about.

  2. 3rr0r404 says:

    how do we attack some1 i cant figure it out how do we find some server

  3. Hey, having alpha access is really awesome, is there anywhere to submit bugs and things?
    Awesome Job so far, impressed

  4. aidden,keli says:

    Is there a listing of IPs that are with out a doubt your infrastructure? Per your Terms of Service I want to make sure I don’t and/or cant target out of scope IP’s.

    • marius.corici says:

      Actually you can perform blind scan but, to help you with, if you’re part of Beta, then you can scan and access whatever you find on 10.194.0.x IP range. If not, then you might want to exercise on http://metasploitable.ctf.

      Have fun. πŸ™‚

  5. BadTasTe says:


    I’m connected to the VPN correctly but i don’t have acces to http://metasploitable.ctf, any help?


    Keep on the good work guys πŸ™‚

  6. BadTasTe says:

    Hey again,

    well from here it doesn’t, but i do have the acces using the ip 10.195.X.IP on port 80 so… i don’t know.

    Anyway, i’ve already sent 2 emails to support but no answear till now, i suppose they are overbooked.

    thank you.



  7. BadTasTe says:

    No not really but i can acces it trough the IP so it’s not a problem for the moment.
    I have also make a request to support for a beta access 2 weeks ago but still no answear πŸ™
    I’ve not used my ctf account email for this, should i send another mail using this email or is it ok?

    Thanks for your help!

    • marius.corici says:

      About your Beta access, there are some news. We intend to go Beta Public Live this week if all in place.

  8. BadTasTe says:

    Woot Woot!!!! Great News
    You are doing an amazing job guys!!! Congrats πŸ™‚

  9. am i doing it wrong?

    i made this file structure:


    i first placed auth-user-pass.conf at /etc/openvpn
    but when i restart vpn it says that both vpn “client” and “auth-user-pass” start
    so i placed auth-user-password to /etc/openvpn/auth-user and modified client.conf auth-user-password line like this: auth-user-pass /auth-user/auth-user-pass.conf

    got nothing…
    what am i doing wrong?

  10. mitnikhackr says:

    I have watched the video on how to set up the VPN and read all I can find but when I try to import the client.conf I get the error,
    “Cannot import VPN connection,The file ‘client.conf’ could not be read or does not contain recognized VPN connection information
    Error: Key file contains line ‘dev tun’ which is not a key-value pair, group, or comment.
    Any help would be greatly appriciated, thanks for your time.

  11. Steven says:

    Hi, I’m having issues setting up the VPN that are different from any I’ve seen posted about (ohhhh great). Figured I’d post here before bugging support.
    I’ve followed both videos (a couple of times each) and done quite a bit of playing around with settings without success.

    I’m running fresh install of Kali 1.1.0

    I’ve fixed the grayed out vpn problem

    Changed resolv.conf to:

    I’ve downloaded openVPN and all of it’s network managers

    I’ve tried using both the prepackaged VPN (using the import button)

    I’ve tried using openVPN on command line

    When I use the standard VPN no traffic at all gets through, my internet connection is effectively down. Here’s the ifconfig for the tunnel
    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr: P-t-P: Mask:
    RX packets:4 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:504 (504.0 B) TX bytes:204 (204.0 B)

    When I use the openVPN command line interface my connection remains up but I can’t connect to the CTF360 servers.
    tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr: P-t-P: Mask:
    RX packets:4 errors:0 dropped:0 overruns:0 frame:0
    TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:100
    RX bytes:504 (504.0 B) TX bytes:204 (204.0 B)

    Any help would be greatly appreciated!

    Let me know if there’s any more information I need to post with this, I’m a bit newer to linux

  12. Nadia says:

    Hi @ Marius Corici

    I cannot see VPN in my account after login? Please help me.

  13. underscor_ says:

    Is there anything to trial as a free user or do I need to pay first?

    • Marius Corici says:

      If your account shows “30 Days Free Trial” then you don’t have to pay anything and you have full access to “Professional” account.

  14. Mohamed Hassan says:

    Hi Marius,
    Great Tutorial!

    I just registered as a free 30-day trail, can I still submit a vulnerability report?
    Because when I do, the team drop down list is empty and doesn’t show any team. What should I do?

Leave a Reply

Your email address will not be published. Required fields are marked *