How can I help support the platform?

There are many ways help in you could help us in maintaining and improving this platform...

• Subscriptions!!! Help us to pay for the hosting and maintenance costs by picking a subscription.
• Spread the word!!! Tell your friends, tweet about it, tell others why you like this platform. No need to spam anybody, stating your honest opinion should suffice.
• Contribute code!!! The platform is entirely open-sourced, help us out by contributing code fixes, new features, documentation, bug reports etc.
• Give us feedback!!! Provide feedback about what you like and don't like, suggest corrections on target descriptions and platform content.

Every little counts towards running and improving the echoCTF.RED platform.
Thank you for helping us out!!!

Why are there no teams?

Teams support has been temporarily disabled. Support for teams will be activated once we reach enough active users (around 2000 active users). Who said there are no teams? Now you can form teams and practice with your team mates.

What are non rootable targets?

There are targets that have no pre-defined way, by us, to gain root access. These targets do have a flag under the /root folder, but depend on you discovering a 0day exploit to get it.

Is brute-forcing allowed?

Lightweight Brute-forcing is allowed and should be more than enough for any case. You should be able to crack or guess passwords by using the standard John lists (eg password.lst, rockyou.txt).

If you can't, then it means that the password is not meant to be guessed/cracked. If you are certain that a username/password combination should work join our Discord server and let us know.

How to restart a target?

Often times, during your attacks on a target, you may cause the target to become unresponsive or mis-behave. In such situations you can request for a target restart by going to the target page and clicking the restart icon . This will put the target on a queue to be restarted. The queue is processed every minute. Once the system has been restarted, you will receive a notification informing you of the fact.

NOTE: Keep in mind that in order to request a target restart you need to either be connected to the VPN or have progress on the target

How many restarts are allowed?

Every user is allowed 10 restart requests per day. User requests are added to a queue which is processed every minute, at which point the user who made the request will receive a notification of completion.

I'm getting errors from my VPN or I can't connect to the VPN

If you're having difficulties to connect to the VPN try the following:

• Ensure there are no other OpenVPN sessions running (killall -9 openvpn). We only allow one connection per user.
• Download your VPN configuration file again and try to connect.
• Restart your system

Where can I get some hints?

If you get stuck during your battle against a target, here is what you can do to get some help!

• Always check the description of the target you want to mess with.
• Check for hints regularly by visiting the target page.
• Check for available write-ups on the target page.
• Join our Discord server and ask for help.

I think I found an unexpected way to gain access on a target where do I report it?

We generally do not develop our targets to try and limit your way to a specific path. Rather we try to verify that at least one way exists to solve the targets. If you think you have found a way outside of the expected feel free to submit a writeup with details of your method so others can also learn.

How does leaderboard resolves ties in scores?

The leaderboard determines the position of the players in the ranks in the following way:

• user with higher points (points DESC)
• older timestamp of user points last update (updated_at DESC)
• older user (user_id ASC)

Is publishing or streaming solutions for targets allowed?

We generally don't prohibit streaming or otherwise publishing solutions for our targets. However, make sure you let us know by submitting your writeup or video link once you complete a target.

Note: Please make sure that no flags are visible on your writeup or video.

What are the target difficulty classifications?

The targets are classified into the following difficulty levels

• Beginner
• Basic
• Intermediate
• Advanced
• Expert

Can I submit my own challenge/target?

Thank you for the consideration but we currently do not accept submissions of challenges or targets.

Are inactive accounts going to be deleted?

We generally do not delete or otherwise block accounts for inactivity. However, we do improve our validation procedures from time to time and we expect existing accounts to pass these updated validation rules. In case your account do not pass the new validation rules, we will get in contact with you to let you know. If your email address is not valid then your account is going to be marked as invalid and will be scheduled to be deleted by the system.

How can I run my own echoCTF?

If you want to run your own echoCTF you have either of two options.

• You can contact us to setup everything for you
• Or you can download and setup the entire echoCTF platform your self, including targets and challenges by cloning our Github repository

Feel free to take a look at echoCTF for past events we have successfully delivered.