Frequently Asked questions about the platform

Why are there no teams?

Teams support has been temporarily disabled. Teams will be activated again in the near future.

How many restarts are allowed?

Every user is allowed 4 restart requests per day. User requests are added to a queue. The system processes the queue every 2 minutes.

What are non rootable targets?

There are targets that have no pre-defined way, by us, to gain root access. These targets do have a flag /root/ but depend on you discovering a 0day exploit to get it.

Is brute-forcing allowed?

Lightweight Brute-forcing is allowed and should be more than enough for any case. You should be able to crack or guess passwords by just using the John standard list (password.lst). If you can't, then it means that the password is not meant to be guessed/cracked unless it is the same as the username.

Where can I get some hints?

Here are some hints on how to get hints!

  • Always check the description of the target you want to mess with.
  • Check your hints regularly on the top-right corner.
  • Don't be afraid to ask for help through our discord server, but take the conversation to private messages so that you don't disclose information to other users.

How does leaderboard resolves ties in scores?

The leaderboard resolves ties (players with same score) in the following way:

  • user with higher points (points DESC)
  • older timestamp of user points last update (updated_at DESC)
  • older user (user_id ASC)

How can I run my own echoCTF?

Sure you can. You can either download and setup the entire echoCTF platform (apart from the targets) from our Github repo, or we can do it for you.

Take a look at echoCTF for more information.