AfriHackBox FAQ
Frequently Asked questions about the platformTable of Contents
- Target Fully Qualified Domain Names
- Target logins and email addresses
- How can I speed up my portscans?
- Is brute-forcing allowed?
- I think I found an unexpected way to gain access on a target where do I report it?
- How does leaderboard resolve ties in scores?
- What are the target difficulty classifications?
Target Fully Qualified Domain Names
All systems have a fully qualified domain name (FQDN) which is consists of name of the machine andafrihackbox.ctf (ex. sanitycheck.afrihackbox.ctf). Target logins and email addresses
On machines that require an email address as a username to login, the portion of the email after the "@" is usually the FQDN of the machine (ex.admin@sanitycheck.afrihackbox.ctf). How can I speed up my portscans?
If you experience slow port scanning, you can speed things up by limiting your scan to the following tcp ports 22, 80, 3000, 11211, 8000, 8765, 8765.
Is brute-forcing allowed?
Lightweight Brute-forcing is allowed but in most cases it is not needed. The passwords used in most cases are easy enough to guess or brute-force by hand.
I think I found an unexpected way to gain access on a target where do I report it?
We generally do not develop our targets to try and limit your way to a specific path. Rather we try to verify that at least one way exists to solve the targets. If you think you have found a way outside of the expected feel free to submit a writeup with details of your method so others can also learn.
How does leaderboard resolve ties in scores?
The leaderboard determines the position of the players in the ranks in the following way:
- user with higher points (
points DESC) - older timestamp of user points last update (
updated_at DESC) - older user (
user_id ASC)
What are the target difficulty classifications?
The targets are classified into the following difficulty levels
- Beginner
- Basic
- Intermediate
- Advanced
- Expert
- Guru
- Insane