Overview and Scope

Do note that the CTF environment is shared, and as such participants should avoid performing tasks that may be disruptive to others or cause network instability. While general guidelines are provided below, we encourage participants to use their judgment or reach out to the organizers if they're uncertain about any actions.

These are general internal etiquette guidelines to follow during internal assessments within companies. Adhering to these practices helps prevent disruptions to critical services and avoids potential legal issues for testers (e.g., adding unauthorized users to privileged groups).

Example of Disruptive Actions

• There is no need to run nmap on any of the internal machines, you should instead manually enumerate the common AD protocols. There are no curveballs in this CTF (i.e. random services running on high ports, etc.)
• In the jess.kingdom forest, there is no password reuse - there is no need to perform any password spraying and/or bruteforcing.
• User A is allowed to add users to the Test group, you may choose to create a new user and add that user to the group - instead of adding User A to avoid spoiling others. Alternatively, reverse the addition of the group member after you've finished the attack chain.

Connection

The password for our target AP (RN-Lab) is rangevillagelab. Once connected, you should receive an IP address in the 10.3.99.1/24 range. In the interest of lowering skill barriers, a small guide here is available that walks you through the first couple of steps in this lab.

The given scenario is an assumed breach with the following domain credentials:

Kael_Riven
reggina

Scope

• The following targets are in scope, participants are strictly prohibited from attacking any machines outside of the given subnet: 10.3.10.0/24 and 10.3.20.0/24.
• Do not attack anything out of the target networks as stated above.

Flag Format

The flag format may vary depending on the question. In cases where you're asked to provide the NTLM hash of a user, it specifically refers to the NT hash portion. For example, if the extracted NTLM hash is: aad3b435b51404eeaad3b435b51404ee:8846f7eaee8fb117ad06bdd830b7586c, your answer should be: 8846f7eaee8fb117ad06bdd830b7586c.