Frequently Asked questions about the platform

How can I help support the platform?

There are many ways help in you could help us in maintaining and improving this platform this platform...

  • Donate!!! Help us to pay for the hosting and maintenance costs by donating to our Patreon or Github accounts.
  • Spread the word!!! Tell your friends, tweet about it, tell others why you like this platform. No need to spam anybody stating your honest opinion should suffice.
  • Contribute code!!! The platform is entirely open-sourced, help us out by contributing code fixes, new features, documentation etc.
  • Give us feedback!!! Provide feedback about what you like and don't like, suggest corrections on target descriptions and platform content.

Every little counts towards keep and improving the echoCTF.RED platform.
Thank you for helping us out!!!

Why are there no teams?

Teams support has been temporarily disabled. Support for teams will be activated once we reach enough active users (around 2000 active users).

How many restarts are allowed?

Every user is allowed 4 restart requests per day. User requests are added to a queue which is processed every 2 minutes, at which point the user who made the request will receive a notification of completion.

What are non rootable targets?

There are targets that have no pre-defined way, by us, to gain root access. These targets do have a flag under the /root folder, but depend on you discovering a 0day exploit to get it.

Is brute-forcing allowed?

Lightweight Brute-forcing is allowed and should be more than enough for any case. You should be able to crack or guess passwords by using the standard John lists (eg password.lst).

If you can't, then it means that the password is not meant to be guessed/cracked. If you are certain that a username/password combination should work join our Discord server and let us know.

How to restart a target?

Often times, during your attacks on a target, you may cause the target to become unresponsive or mis-behave. In such situations you can request for a target restart by going to the target page and clicking the restart icon . This will put the target on a queue to be restarted. The queue is processed every 2 minutes. Once restarted the system will sent you a notification informing you of the fact.

NOTE: Keep in mind that in order to request a target restart you need to either be connected to the VPN or have any progress on the target

Why the VPN doesn't allow me to connect?

If you're having difficulties to connect to the VPN try the following:

  • Ensure there are no other OpenVPN sessions running (killall -9 openvpn)
  • Download your VPN configuration file again
If none of these works out, come and let us know on our Discord.

Where can I get some hints?

If you get stuck during your battle again a target, here is what you can do to get some help!

  • Always check the description of the target you want to mess with.
  • Check for hints regularly by visiting the target page.
  • Join our Discord server and ask for help.

How does leaderboard resolves ties in scores?

The leaderboard determines the position of the players in the ranks in the following way:

  • user with higher points (points DESC)
  • older timestamp of user points last update (updated_at DESC)
  • older user (user_id ASC)

How can I run my own echoCTF?

If you want to run your own echoCTF you have either of two options.

  • You can contact us to setup everything for you
  • Or you can download and setup the entire echoCTF platform your self, including targets and challenges by cloning our Github repository

Feel free to take a look at echoCTF for past events we have successfully delivered.