How to and what to do:
Starting with Beta, there are some changes like ALL registered (and email confirmed ) users gets VPN access, but not all users can build a fortress. All registered users can start to “play” with “Metasploitable In The Cloud“, “bWAPP In The Cloud“, “HacmeCasino and HacmeBank” after setup their VPN. You can read down bellow (pct. 4) how to setup your VPN.
1) Create a team:
In order to get a fortress (VM to defend –Silver/Gold Accounts Only), you must first create a team. No team, no fortress; no team, no score board. However, you’ll be able to hack into others servers even if you don’t have a team, as you do have VPN access.
How to create a team:
Your Team Name MUST NOT contain special characters.
2) Adding your Public Key. No Public Key, No Fortress
In order to create your fortress (–Silver/Gold Accounts Only), first things first, you must add your Public Key. Go to Account>My Team>Edit and insert your public key]
When you generate the Public Key ( https://help.github.com/articles/generating-ssh-keys) try not to generate with Putty. We saw some wired stuff when generate through Putty. Under Linux works perfect.
3) Invite/Add new team members.
Think twice before you add someone to your team. Bring only people you really think deserve to join your team. As Team Admin, you’ll be responsible for all of your team mates if they do something foolish. If one of your team members does something to violate the rules, the entire team will be kicked out. Is your responsibility as the team admin for you to determine who you allow on your team, and keep track of their actions.
Remember: At this time, our team invite system is not perfect, but we have more pertinent items to work on before we address perfecting this feature. Be patient, as we are still improve the Platform.
How to Add New Members:
Team Tab > Add New Member
4) Setup your VPN
Remember this! No VPN, no Battle Ground Access. Those who comply with the rules, and complete the registration requirements, will get VPN access.
How to set VPN:
Account>VPN –follow instructions
Linux Users: You can follow this video tutorial
Mac OS users: You can follow this tutorial
Windows Users: Please follow OpenVPN Client Config Files
IMPORTANT! To config your DNS, please follow this -straight to the point- great tutorial written by our good friend Kamil Vavra: Setting Up OpenVPN Access to CTF365
5) Create your fortress
The Fortress is only for Silver/Gold Users.
How to create your fortress:
Account>My Fortress>New Server
PLEASE REMEMBER:Your Fortress/Server name MUST NOT contain special characters
After “Create Server”, “Instantiate” (Push “Instantiate” BUTTON –image bellow)
Within seconds, you will have your Fortress up and running (ACTIVE, RUNNING state)
BUGS you might encounter:
After push “instantiate” to create server, we don’t have any spinning waiting/working signs/icons yet. So after the system prompt “Are you sure you want to instantiate” and push “Ok”, just wait up to few minutes (the system is a little overloaded) until you’ll see is getting ACTIVE/RUNNING state.
If nothing happened after you push once “Instantiate” OK button, REPEAT “Instantiate” push button operation it once more (OK included).
After that, if doesn’t happened to get your fortress into ACTIVE/RUNNING state send an email to firstname.lastname@example.org with all your actions AND details included (e.g. team name, server name you tried etc).
Once your server is in the ACTIVE, RUNNING state, click “Details” button and follow the instructions to get started on your CTF!
Setup your server according with our TheGame Page.
6) Scoring System
If you find a vulnerability on a CTF365 fortress or CTF365 website you can report it using the Scoring System. After you submit a vulnerability, we’ll check and approve it and you’ll get points and badge rank accordingly. You can check TheScore.
How to submit a scoring (vulnerability):
Scoring Button (up the right side) At this time, the scoring process will only accept IP addresses within our CTF network
( 10.194.0.1 – 10.195.2.254)
If you announce a XSS then insert the whole XSS-ed url
7) Scanning the network
Now you can do blind scan but to easy your job, servers are in 10.194.0.x and 10.195.2.1/24 IP Range.
8) Edit Your User Profile
Having your Twitter, Facebook, LinkedIn and Blog/site linked in your account will help you to get better visibility.
Go on your Account > Edit Profile Tab.
– If you find any vulnerabilities, just report them accordingly and don’t make any major modification over the targeted server (e.g. don’t change passwords).
– Behave nicely. We’re still improving things and this is a development/improving stage.
And last, you can give us feedback or bug reports at support [at] ctf365 [dot] com
Happy Hacking Hunting