echoCTF Participant Tutorial

This is a tutorial for participants of echoCTF based competitions. The platform interfaces are fairly easy to use, however, spending some time following this tutorial could prove of great value.

SIGNUP

Visit the given url (usualy echoctf.red) and register for an account. Fill in the required details such as * your username/nickname * your email * and your password (Consider yourself warned to not reuse existing passwords)

Upon registration, you will receive an activation link to your given email. You activate your account by visiting the URL emailed to you and clicking the Verify button.

SIGNIN

NOTE: The CTF and the UI may only be accessed through the VPN, depending on the type of event.

Upon completing your registration, the application will log you in automatically. However, If you have been logged-out, please follow the instructions below in order to login to the application: * Visit the homepage: https://echoctf.red * Click the Login button * Fill-in your username and password and press the Login button

CONNECTING TO THE VPN

Our VPN of choice is OpenVPN. The client configuration file can be downloaded from your profile page.

On Linux or Mac OS X

Install OpenVPN and run: sudo openvpn echoCTF.ovpn

On Windows

Install OpenVPN and as administrator run the cmd: openvpn echoCTF.ovpn

GETTING STARTED

Upon logging in, the application will redirect you to the homepage of the post-login functionality. Within this page you will find information about the CTF and its objectives. Spend some time to read the rules and various help material (instructions, faq etc) and familiarize your self with the web interface.

  • Rules: The rules of the CTF (read all rules very carefully)
  • Help/Instructions: Contains instructions on how to play the CTF
  • Help/Objectives: Contains the objectives of the CTF
  • Hints: During the course of the CTF you will be presented with different types of hints to help you progress further. The counter next to the Hints menu item indicates the existence of new (not viewed) hints
  • Flags: This is the screen where you may claim treasures. Please read the instructions carefully

It is strongly advised to visit these links in order to have the best possible start. Visiting the links in the order they are listed will aid you even further. You may also visit the links through the main menu of application at any time.

REPORTING VULNERABILITIES

NOTE: This functionality is not enabled on all installations.

Should you identify and exploit any vulnerability for which you think you should be awarded extra points for, you should report it. This can be achieved through the Reports menu item. Please make sure you read the instructions carefully on how to submit a proper report, so you do not waste precious time during the CTF.

NOTE: On single day events (eg 8 hours), reports are processed every 1 hour.

Once a report has been submitted, it is examined and approved or rejected with an appropriate comment by the administrators. Points awarded by a vulnerability report, that is accepted, is up to the administrator’s judgement as the Reports do not award standard points.

INFORMATION STREAMS

There are two ways to keep track of your and other players’ progress. * Live -> Stream: The global activity stream where the latest activities (e.g. claimed treasures, global hints etc.) of all users are shown * Live -> Player Scores: The global player scoreboard

Note: Please note that no sensitive information (which may assist others) is disclosed on the global activity stream.

HAPPY HUNTING...

Should you have any kind of problem during the CTF, please fill free to contact us through email or Discord.

  • Discord Server (invite URL can be found on the echoCTF login page)
  • Email: support [at] echothrust.com (Please start your email subject with “echoCTF Cloud Demo”)

You are encouraged to use the feedback and support channels of our Discord server in order to suggest improvements or new features you would like to see on echoCTF.