EDIH Trakia CTF FAQ

Frequently Asked questions about the platform

Table of Contents

  1. What are non rootable targets?
  2. Is brute-forcing allowed?
  3. How to restart a target?
  4. How many restarts are allowed?
  5. I think I found an unexpected way to gain access on a target where do I report it?
  6. How does leaderboard resolve ties in scores?
  7. What are the target difficulty classifications?

What are non rootable targets?

There are targets that have no pre-defined way, by us, to gain root access. These targets do have a flag under the /root folder, but depend on you discovering a 0day exploit to get it.

Is brute-forcing allowed?

Lightweight Brute-forcing is allowed and should be more than enough for any case. You should be able to crack or guess passwords by using the standard John lists (eg password.lst, rockyou.txt).

If you can't, then it means that the password is not meant to be guessed/cracked. If you are certain that a username/password combination should work join our support server and let us know.

How to restart a target?

Often times, during your attacks on a target, you may cause the target to become unresponsive or mis-behave. In such situations you can request for a target restart by going to the target page and clicking the restart icon . This will put the target on a queue to be restarted. The queue is processed every minute. Once the system has been restarted, you will receive a notification informing you of the fact.

NOTE: Keep in mind that in order to request a target restart you need to either be connected to the VPN or have progress on the target

How many restarts are allowed?

Every user is allowed 10 restart requests per day. User requests are added to a queue which is processed every minute, at which point the user who made the request will receive a notification of completion.

I think I found an unexpected way to gain access on a target where do I report it?

We generally do not develop our targets to try and limit your way to a specific path. Rather we try to verify that at least one way exists to solve the targets. If you think you have found a way outside of the expected feel free to submit a writeup with details of your method so others can also learn.

How does leaderboard resolve ties in scores?

The leaderboard determines the position of the players in the ranks in the following way:

  • user with higher points (points DESC)
  • older timestamp of user points last update (updated_at DESC)
  • older user (user_id ASC)

What are the target difficulty classifications?

The targets are classified into the following difficulty levels

  • Beginner
  • Basic
  • Intermediate
  • Advanced
  • Expert