RunCode Docs
  • RunCode Players Guide
  • RunCode Prog
  • Getting Started
    • Creating an Account
    • Join us on Slack
    • Tutorial Challenges
    • Engage with us on Twitter
  • Supported Languages
    • BASH
    • C
    • C++
    • CLisp
    • Golang
    • Haskell
    • Nodejs
    • Perl
    • PHP
    • Python2
    • Python3
    • Powershell
    • Ruby
    • Rust
    • Scala
  • Miscellaneous Tips
  • Frequently Asked Questions
  • Legal Information
  • RunCode CTF
  • Capture-the-Flag Rules
  • Introducing RunCode CTF
Powered by GitBook
On this page

Capture-the-Flag Rules

PreviousLegal InformationNextIntroducing RunCode CTF

Last updated 5 years ago

  1. Don't mess with the flags. Flags in CTF are sacred. Modifying/Removing any flag will result in disqualification. Also, it's kind of a real dick move.

  2. Don't mess with other things, either. The basic rule is if you didn't put it there, don't modify/remove it. If what you are about to do will change the game for other players, don't do it.

  3. Scope. If it's not listed on the page, then it ain't in scope! Easy Peasy.

  4. No (online) brute force is necessary. None of the vulnerable services will require online brute force to login. Hydra, etc ARE NOT NECESSARY and may very well get you throttled. Besides, it's a waste of time. Dirb may prove useful. Most everything you need is staring you straight in the face. john can be used for a couple of things, though not all. if rockyou.txt with rules doesn't find it, it wasn't meant to be. try harder.

  5. You don't need root for everything here. Full compromise isn't necessary for some of the machines, just pay attention to the description and flag count.

  6. Layer 2 is off-limits. Layer 2 attacks will result in immediate termination.

  7. Leave the infrastructure alone. Same as Layer 2 attacks. Anything not clearly marked on the page is off-limits.

  8. Issues/Complaints? DM us on twitter or join our

Targets
Targets
@runcode
Slack