AfriHackBox Instructions

Instructions on connecting and getting help

Table of Contents

  1. Connecting to the infrastructure
  2. Gameplay
  3. Targets
  4. Help
  5. Have fun!!!

Connecting to the infrastructure

In order to connect to the infrastructure and be able to access the targets and gain points you need to connect to our VPN.

  • Download and Install OpenVPN
  • Visit your Profile
  • Download your OpenVPN connection pack and take not of the download location of the file (to be used at the next step)
  • Connect and start hacking sudo openvpn ~/Downloads/AFRIHACKBOX.ovpn,
NOTE: Replace ~/Downloads/AFRIHACKBOX.ovpn with the path to the file you downloaded on the previous step

Gameplay

Υou earn points when you discover and claim ETSCTF flags. The flags have the following format; they are prefixed with ETSCTF_ followed by a string of 10 up to 50 characters. These flags can be found anywhere on the target system; in the form of files, variable names, database names etc.

The flags are categorized to assist in locating them in in the systems. The most common categories currently in use are:

  • root: Flag under /root
  • env: Environment variable flags
  • system: Flags on system files (eg. /etc/shadow, /etc/passwd)
  • app: Application specific flags (eg. mysql database name flags, memcache keys etc)
  • other: For any flags that do not fit into the above categories.
You need to discover and claim all the flags from each system.

Besides flags, you can also gain points from findings, which represent remotely accessible services on the target system. Discovering the open ports of a system will award you points as well as provide you with some extra hints.

As you progress, new Hints will be made available for your consideration. Check your progress by visiting the page for target you currently working on, as it provides you with a list of the tasks you have completed and the ones still left to do. Any hints associated with the target will be displayed underneath the target description of each of the target pages.

Keep an eye at your notifications on top, as they may contain important information like target additions, spins (resets), removals etc.

Targets

The list of available targets is available at the Targets menu. Clicking on the target name takes you to the detailed view for this target where you get to find the following details:

  • Name and avatar of the target
  • IP of the target (if the IP is 0.0.0.0 then the machine needs to be powered up first)
  • the difficulty of the target
  • the number of flags and services
  • if the system is Rootable or Non rootable
  • restart request and detailed view actions for each target
Some targets may require power up first, make sure to visit the target page and click the gears () at the right hand side of the target card.

NOTE: Please note that the targets are not allowed to connect to the internet. They can however connect to the IPs assigned to you by the VPN. Take special care when connecting to our VPN, ensure that you only allow connections by the targets you choose.

Help

Don't be afraid to ask for help through our support server.

Have fun!!!

This is not an instruction, this is a rule!!