Please adhere to these rules when attempting our CTF. Failure to do so could result in a loss of privilege in the CTF and possible ban from our Discord and IRC servers.
All flags are CASE-SENSITIVE and formatted LHC{flaghere}
No Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks of any kind.
Limit all attacks to the challenges, which are all at challenges.laptophacking.coffee. All other hosts are OFF LIMITS, including, but not limited to:
NONE of our CTFs require you to attack any service not located on our systems. If you think a challenge is hinting at you to attack Twitter, Snapchat, Facebook, etc... You're wrong. Try again.
When using any "brute force" or password guessing attacks, please tune and target them. Don't slam our systems with everything you've got. The following wordlists are recommended by LHC for use with our challenges:
Many of the servers reset every 30 minutes on the half-hour mark. You may lose your work. Sorry/Not Sorry.
If you shell a challenge, don't be a jerk. Leave the flag, passwords, services, etc. as they are for the next person. Don't change or delete any files other than what's required to gain access to the flag.
If you have TECHNICAL issues or MALFUNCTIONS with the challenges (not just that you can't solve it), jump into discord and let our staff members (sudoers or root roles) know so we can take a look.
Don't go into our Discord and ask for help with challenges using questions like "Can someone help me with CTF challenge X?" That's a pointless question, and can lead to spoilers. You don't even need to announce what you're working on. "Hey, I'm having trouble figuring out how to crack a password hash with Hashcat. I tried doing x, y, and z, but it's not working. Any thoughts?" is a better way to ask, and doesn't give away any spoilers to anyone who has not yet attempted the challenge you're working on.
NO HINTS ARE AVAILABLE. DON'T DM OUR STAFF ASKING FOR HINTS.
The thing you're probably looking for is the email address of one of the people you can submit contibutions to for the SecLists wordlist pack listed above. You can get his email in the CONTRIBUTING.md file on that git. It's the second one. Not the one that starts with a D. The other one. Make sure you put it in the appropriate format, which you should be able to figure out now that you've read the rules. (DON'T actually email him. That's not the challenge.)
Do NOT share flags with other members. While we ask that you don't GIVE away answers (as this is a learning excercise as well as a game), feel free to assist other players in solving challenges. But do so in private, not in our public Discord channels. Try to HELP people to learn, not just give them the answer.