Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

These guidelines aim to ensure a smooth and enjoyable experience for all users.

About VMs

  • OPERATING SYSTEM: Submit of Windows machines is not allowed.

  • WEB PAGE: If the VM has a website, the language of the content must be in English.

  • PLATFORM EXCLUSIVITY: We do not accept VMs that are available on other platforms (VM owner is always the creator).

  • TEST YOUR VM: Make sure your VM works and can be resolved without errors before submitting it.

  • FILE FORMAT AND LOGIC: Use only one .ova file and ensure a logical flow in your VM.

  • CONTENT SENSITIVITY: Avoid offensive content to maintain a positive environment.

  • HYPERVISOR COMPATIBILITY: Ensure your VM works in VirtualBox (VMware is optional).

  • PROTECT GRUB: Create a password at boot to prevent access before resolution.

  • PROTECT DISK: Encrypt the disk to prevent access to files before resolution.

  • RABBIT HOLE: Don't overload the machine with traps that contribute nothing.

  • CLEAN HISTORY FILES: Delete or redirect history files (.bash_hystory/.mysql_history) to /dev/null (unless necessary to resolve the VM).

  • NO UNNECESSARY GUI: Virtual machines cannot have a graphical interface (allowed only when necessary for resolution).

  • FLAG FORMAT: The flags must be MD5 strings to maintain consistency across machines.

  • FLAG LOCATIONS: Flags should be in /home/[user]/user.txt or c:\users\[user]\desktop\user.txt & /root/root.txt or c:\users\administrator\desktop\root.txt.

  • FLAG READ: The flags (user.txt/root.txt) an only be read from an interactive shell and not from a binary.

  • DOMAIN NAMING: If you need a domain/subdomain, use the .nyx TLD (example: domain.nyx/subdomain.domain.nyx).

  • AVOID EXTERNAL LINKS: Do not use external URLs that affect the resolution of the VM, keep it autonomous.

  • BRUTE FORCE LIMIT: If brute force is required, do not use a password that exceeds the first 5000 lines of rockyou.txt.

About Writeups

  • KEEP FLAGS CONFIDENTIAL: Don't reveal user.txt & root.txt flags in your writeup (we will soon have a points system with rankings).

  • STATUS: Writeups with inactive links and displaying the flags will be removed when detected.

  • MALICIOUS LINKS: Do not use URL Shortener or IPLogger in your links.