Submission Rules

These guidelines aim to ensure a smooth and enjoyable experience for all users, any user, IP address, or IP range found to be in violation of these rules will be permanently blocked.

About Platform

DISCLAIMER: All techniques, tools, and knowledge provided or acquired through this platform must be used solely in authorized, controlled, and legal environments. Any misuse of these materials against third-party systems or infrastructures is strictly prohibited. The platform and its owners assume no liability for any illegal or unauthorized activities performed by users.
RESPECT USERS: Maintain a professional and respectful attitude in all interactions, harassment, insults, discrimination, or hostile behavior will not be tolerated.
PORTS SCANNING: Port scanning on our servers or any infrastructure is strictly prohibited.
VULNERABILITY SCANNING: Scanning or recognizing vulnerabilities in the website or its services is strictly prohibited.
BRUTE FORCE: Brute force attacks on our servers or any infrastructure are strictly prohibited.
DENIAL-OF-SERVICE: Any form of denial of service (DoS) or distributed denial of service (DDoS) is strictly prohibited.
TOR NETWORK: Browsing the platform using the Tor network is strictly prohibited. Any IP address detected at an exit node will be immediately blocked.
BUG BOUNTY: We do not operate a bug bounty program, any unsolicited security testing will be treated as an attack.
CONTENT OWNER: All content on the platform (virtual machines and labs) is the exclusive property of this platform, distribution is not permitted.
MASSIVE DOWNLOADS: Massive downloading of virtual machines or labs is prohibited, please download gradually to avoid activity that could be interpreted as an attack.
LEGAL ACTION: The platform reserves the right to take legal action against any user who violates applicable laws.

About VMs

OPERATING SYSTEM: Submit of Windows machines is not allowed (only VulNyx team).
RECOMMENDED OS: We recommend using Debian as your OS to ensure your VM are stable and secure.
WEB PAGE: If the VM has a website, the language of the content must be in English.
PLATFORM EXCLUSIVITY: We do not accept VMs that are available on other platforms (VM owner is always the creator).
TEST YOUR VM: Make sure your VM works and can be resolved without errors before submitting it.
FILE FORMAT AND LOGIC: Use only one .ova file and ensure a logical flow in your VM.
CONTENT SENSITIVITY: Avoid offensive content to maintain a positive environment.
IP ADDRESSING: Do not assign a static IP address to the vm, enable a DHCP server so that the vm can automatically obtain an IP address. (example: configuration file /etc/network/interfaces)
HYPERVISOR COMPATIBILITY: Ensure your VM works in VirtualBox (VMware is optional).
PROTECT GRUB: Create a password at boot to prevent access before resolution.
PROTECT DISK: Encrypt the disk to prevent access to files before resolution.
RABBIT HOLE: Don't overload the machine with traps that contribute nothing.
CLEAN HISTORY FILES: Delete or redirect history files (.bash_hystory/.mysql_history) to /dev/null (unless necessary to resolve the VM).
NO UNNECESSARY GUI: Virtual machines cannot have a graphical interface (allowed only when necessary for resolution).
FLAG FORMAT: The flags must be MD5 strings to maintain consistency across machines.
FLAG LOCATIONS: Flags should be in /home/[user]/user.txt or c:\users\[user]\desktop\user.txt & /root/root.txt or c:\users\administrator\desktop\root.txt.
FLAG READ: The flags (user.txt/root.txt) an only be read from an interactive shell and not from a binary.
DOMAIN NAMING: If you need a domain/subdomain, use the .nyx TLD (example: domain.nyx/subdomain.domain.nyx).
AVOID EXTERNAL LINKS: Do not use external URLs that affect the resolution of the VM, keep it autonomous.
BRUTE FORCE LIMIT: If brute force is required, do not use a password that exceeds the first 5000 lines of rockyou.txt.

About Writeups

KEEP FLAGS CONFIDENTIAL: Don't reveal user.txt & root.txt flags in your writeup (we will soon have a points system with rankings).
STATUS: Writeups with inactive links and displaying the flags will be removed when detected.
MALICIOUS LINKS: Do not use URL Shortener or IPLogger in your links.