These guidelines aim to ensure a smooth and enjoyable experience for all users.

About VMs

• OPERATING SYSTEM: Submit of Windows machines is not allowed.

• WEB PAGE: If the VM has a website, the language of the content must be in English.

• PLATFORM EXCLUSIVITY: We do not accept VMs that are available on other platforms (VM owner is always the creator).

• TEST YOUR VM: Make sure your VM works and can be resolved without errors before submitting it.

• FILE FORMAT AND LOGIC: Use only one .ova file and ensure a logical flow in your VM.

• CONTENT SENSITIVITY: Avoid offensive content to maintain a positive environment.

• HYPERVISOR COMPATIBILITY: Ensure your VM works in VirtualBox (VMware is optional).

• PROTECT GRUB: Create a password at boot to prevent access before resolution.

• PROTECT DISK: Encrypt the disk to prevent access to files before resolution.

• RABBIT HOLE: Don't overload the machine with traps that contribute nothing.

• CLEAN HISTORY FILES: Delete or redirect history files (.bash_hystory/.mysql_history) to /dev/null (unless necessary to resolve the VM).

• NO UNNECESSARY GUI: Virtual machines cannot have a graphical interface (allowed only when necessary for resolution).

• FLAG FORMAT: The flags must be MD5 strings to maintain consistency across machines.

• FLAG LOCATIONS: Flags should be in /home/[user]/user.txt or c:\users\[user]\desktop\user.txt & /root/root.txt or c:\users\administrator\desktop\root.txt.

• FLAG READ: The flags (user.txt/root.txt) an only be read from an interactive shell and not from a binary.

• DOMAIN NAMING: If you need a domain/subdomain, use the .nyx TLD (example: domain.nyx/subdomain.domain.nyx).

• AVOID EXTERNAL LINKS: Do not use external URLs that affect the resolution of the VM, keep it autonomous.

• BRUTE FORCE LIMIT: If brute force is required, do not use a password that exceeds the first 5000 lines of rockyou.txt.

About Writeups

• KEEP FLAGS CONFIDENTIAL: Don't reveal user.txt & root.txt flags in your writeup (we will soon have a points system with rankings).

• STATUS: Writeups with inactive links and displaying the flags will be removed when detected.

• MALICIOUS LINKS: Do not use URL Shortener or IPLogger in your links.