-
Notifications
You must be signed in to change notification settings - Fork 24
Participants Tutorial for echoCTF
This is a tutorial for participants of echoCTF based competitions. The platform interfaces are fairly easy to use, however, spending some time following this tutorial could prove of great value.
Visit the given url (usualy echoctf.red) and register for an account. Fill in the required details such as
- your username/nickname
- your email
- and your password (Consider yourself warned to not reuse existing passwords)
Upon registration, you will receive an activation link to your given email. You activate your account by visiting the URL emailed to you and clicking the Verify button.
NOTE: The CTF and the UI may only be accessed through the VPN, depending on the type of event.
Upon completing your registration, the application will log you in automatically. However, If you have been logged-out, please follow the instructions below in order to login to the application:
- Visit the homepage: https://echoctf.red
- Click the
Loginbutton - Fill-in your username and password and press the
Loginbutton
Our VPN of choice is OpenVPN. The client configuration file can be downloaded from your profile page.
Install OpenVPN and run: sudo openvpn echoCTF.ovpn
Install OpenVPN and as administrator run the cmd: openvpn echoCTF.ovpn
Upon logging in, the application will redirect you to the homepage of the post-login functionality. Within this page you will find information about the CTF and its objectives. Spend some time to read the rules and various help material (instructions, faq etc) and familiarize your self with the web interface.
- Rules: The rules of the CTF (read all rules very carefully)
- Help/Instructions: Contains instructions on how to play the CTF
- Help/Objectives: Contains the objectives of the CTF
- Hints: During the course of the CTF you will be presented with different types of hints to help you progress further. The counter next to the Hints menu item indicates the existence of new (not viewed) hints
- Flags: This is the screen where you may claim treasures. Please read the instructions carefully
It is strongly advised to visit these links in order to have the best possible start. Visiting the links in the order they are listed will aid you even further. You may also visit the links through the main menu of application at any time.
NOTE: This functionality is not enabled on all installations.
Should you identify and exploit any vulnerability for which you think you should be awarded extra points for, you should report it. This can be achieved through the Reports menu item. Please make sure you read the instructions carefully on how to submit a proper report, so you do not waste precious time during the CTF.
NOTE: On single day events (eg 8 hours), reports are processed every 1 hour.
Once a report has been submitted, it is examined and approved or rejected with an appropriate comment by the administrators. Points awarded by a vulnerability report, that is accepted, is up to the administrator’s judgement as the Reports do not award standard points.
There are two ways to keep track of your and other players’ progress.
- Live -> Stream: The global activity stream where the latest activities (e.g. claimed treasures, global hints etc.) of all users are shown
- Live -> Player Scores: The global player scoreboard
Note: Please note that no sensitive information (which may assist others) is disclosed on the global activity stream.
Should you have any kind of problem during the CTF, please fill free to contact us through email or Discord.
- Discord Server (invite URL can be found on the https://echoctf.red login page)
- Email: support [at] echothrust.com (Please start your email subject with “echoCTF Cloud Demo”)
You are encouraged to use the feedback and support channels of our Discord server in order to suggest improvements or new features you would like to see on echoCTF.