These guidelines aim to ensure a smooth and enjoyable experience for all users.
About VMs
-
Operating System: Submit of Windows machines is not allowed.
-
Web Page: If the VM has a website, the language of the content must be in English.
-
Platform Exclusivity: We do not accept VMs that are available on other platforms (VM owner is always the creator).
-
Test Your VM: Make sure your VM works and can be resolved without errors before submitting it.
-
File Format and Logic: Use only one .ova file and ensure a logical flow in your VM.
-
Content Sensitivity: Avoid offensive content to maintain a positive environment.
-
Compatibility: Ensure your VM works in VirtualBox (VMware is optional).
-
Flags Format: The flags must be MD5 strings to maintain consistency across machines.
-
Protect GRUB: Create a password at boot to prevent access before resolution.
-
Protect Disk: Encrypt the disk to prevent access to files before resolution.
-
Rabbit Hole: Don't overload the machine with traps that contribute nothing.
-
Clean History Files: Delete or redirect history files (.bash_hystory/.mysql_history) to /dev/null (unless necessary to resolve the VM).
-
No unnecessary GUI: Virtual machines cannot have a graphical interface (allowed only when necessary for resolution).
-
Flag Locations: Flags should be in /home/[user]/user.txt or c:\users\[user]\desktop\user.txt & /root/root.txt or c:\users\administrator\desktop\root.txt.
-
Domain Naming: If you need a domain/subdomain, use the .nyx TLD (example: domain.nyx/subdomain.domain.nyx).
-
Avoid External Links: Do not use external URLs that affect the resolution of the VM, keep it autonomous.
-
Brute Force Limit: If brute force is required, do not use a password that exceeds the first 5000 lines of rockyou.txt.
About Writeups
-
Keep Flags Confidential: Don't reveal user.txt & root.txt flags in your writeup.
-
Status: Writeups with inactive links and displaying the flags will be removed when detected.
-
Malicious Links: Do not use URL Shortener or IPLogger in links.