What is a CTF?
A CTF (aka Capture the Flag) is a competition where teams or individuals have to solve several Challenges. The one that solves/collects most flags the fastest wins the competition.
Once each Challenge has been solved successfully, the user will find a flag within the Challenge that is proof of completion. Submitting this flag will award the team with a set amount of points. Often, if a team is the first to complete a Challenge and submit a flag, they will earn what is called a Blood (short for first blood), and this will award additional points.
At the end of the CTF, teams will be ranked by how many points they have acquired, and the team with the most points will place 1st in the CTF.
Click on the button below to read more about CTF registrations.
Joining a CTF
Once you are registered and have joined a team, you will need to select the CTF you want to play in. To do so, navigate to the main page on the CTF Platform and click Join CTF next to the CTF you are interested in. If the CTF is private, you may have to enter a password.
Navigating the Challenges
After joining the CTF, you'll be presented with several Challenge Categories, such as Web or Crypto. You can navigate to different types of Challenges by simply clicking on the relevant tabs.
You can also sort Challenges in ascending or descending order by the fields Challenge Name, Points, Difficulty, and Solves. Click on the field name to start sorting by that field.
Points and Difficulty Ratings
Each Challenge has a set amount of Points associated with it, as well as a Difficulty Rating. The Points determine the value of the Challenge- how much it contributes to your overall score. Difficulty Ratings are exactly what the name would suggest; they represent the overall difficulty of a Challenge.
Typically, the more difficult a Challenge is, the more points it is worth, though this is not always the case.
You can view your team's current Ranking (placement within the CTF) and Score either to the right of the Challenges or to the bottom of them, depending on the size of your screen. Alternatively, you can view this information by navigating to the Scoreboard page.
Underneath the information for your team, you'll see a graph of the overall progress of the CTF. Scrolling down on the Scoreboard will reveal the Rank, Challenge Solves, and Points of the Top 100 Teams.
You can view a brief description of each Challenge by clicking the icon under the Actions field.
Downloading Files and Spawning Docker Instances
Some Challenges are comprised solely of files that you download in the form of a zip file. In those cases, everything you need to solve the Challenge will be in that zip. Other Challenges require you to spawn what's called a Docker Instance. Some Challenges require both.
These challenges will give you at least one IP address and port that you will have to attack. In the case of a Web Challenge, this is likely the IP and port of a website. A VPN connection is not needed to access a Docker Instance.
To spawn a Docker Instance, click on the power button icon under the Actions field, and click the toggle next to Docker is Offline. Once the docker is spawned, the IP address and port will appear, and the label will switch to Docker is Online.
You can easily copy the IP address and port to your clipboard by simply clicking on them.
In the example above, a Docker Instance for a Web Challenge was spawned. We can enter the copied IP address and port into the web browser to view the Challenge.
Downloading Challenge files is an even easier process. Click the (↓) button under the Actions field, and save the zip file to your desired location.
Using a VPN
Lastly, some CTFs feature Challenges that are actually Boxes- fully-featured virtual machines that require you to gain a foothold, escalate your privileges, and acquire root access.
For these, you will need a VPN connection. You can connect by downloading the OpenVPN package, which you can retrieve by pressing the green Get VPN button.
From here, you can connect to the using OpenVPN, the same way you would any other Lab. For more information on connecting to a VPN, see our article on Lab Access.
Click the button below to learn how to connect to our Labs:
Once connected to the VPN, you will be able to access Boxes spawned to the CTF. If you find you are having trouble with the VPN connection, or believe there is some sort of problem, we have a dedicated article to troubleshooting VPN connections.
Click the button below for help troubleshooting VPN issues:
CTF Ground Rules
To ensure everything goes smoothly and everyone has fun, we have some basic ground rules regarding conducting yourself when participating in a CTF.
Do not attack the backend infrastructure of the CTF.
Do not attack other teams playing in the CTF.
Do not brute-force the flag submission form.
Do not exchange flags or write-ups/hints of the challenges with other teams.
Do not violate HTB's Terms of Service. You can read it here.
Do not try to DDoS the challenges or take actions that could lead to this result. For example, brute force or the use of automated tools with many threads.
Do not be part of more than one team within the same CTF.
That's it! You now have everything you need to play on the Hack The Box CTF Platform.