- 1.Don't mess with the flags. Flags in CTF are sacred. Modifying/Removing any flag will result in disqualification. Also, it's kind of a real dick move.
- 2.Don't mess with other things, either. The basic rule is if you didn't put it there, don't modify/remove it. If what you are about to do will change the game for other players, don't do it.
- 4.No (online) brute force is necessary. None of the vulnerable services will require online brute force to login. Hydra, etc ARE NOT NECESSARY and may very well get you throttled. Besides, it's a waste of time. Dirb may prove useful. Most everything you need is staring you straight in the face.
johncan be used for a couple of things, though not all. if rockyou.txt with rules doesn't find it, it wasn't meant to be.
- 5.You don't need root for everything here. Full compromise isn't necessary for some of the machines, just pay attention to the description and flag count.
- 6.Layer 2 is off-limits. Layer 2 attacks will result in immediate termination.
- 7.Leave the infrastructure alone. Same as Layer 2 attacks. Anything not clearly marked on the Targets page is off-limits.