COMPETITION RULES

Read carefully before competing. Violations may result in disqualification. When in doubt, ask an admin.

📋 THE BASICS section 01
  • Solo competitionEvery competitor plays individually. No teams, no sharing flags with others during the event.
  • Open to all Indiana Tech residentsYou must be a current Indiana Tech resident to compete and claim prizes.
  • 72 hours of continuous competitionFriday April 24, 2026 at 9:00 AM EDT through Monday April 27, 2026 at 9:00 AM EDT. Solve challenges any time within that window.
  • One account per personRegister once with your real name and a valid email. Duplicate accounts will be disqualified.
  • Use of AI tools is allowedChatGPT, Claude, Copilot — fair game. The goal is learning. Just don't have someone else solve it for you in real time.
🚩 FLAG FORMAT section 02

All flags follow this format — submit them exactly as found, including the flag{ prefix and closing brace.

flag{this_is_what_a_flag_looks_like}
  • Case-sensitiveFlags are matched exactly. flag{ABC}flag{abc}.
  • Contact an admin if a flag doesn't submitDon't brute-force variations — the platform rate-limits flag attempts. If you're confident in your answer, reach out.
WHAT YOU CAN DO section 03
  • Exploit challenge servicesWeb apps, binary services, and live challenge endpoints are all in-scope. That's the point — break them.
  • Use any tools you likeBurp Suite, Ghidra, pwntools, Wireshark, John the Ripper, Metasploit modules — all fine for solving challenges.
  • Use the internetLook things up, use online tools like CyberChef, dcode.fr, CrackStation, or any other resource.
  • Ask admins for hintsIf you're completely stuck, reach out. We may point you in the right direction without giving it away.
  • Discuss concepts after solvingAfter you've captured a flag, you're free to discuss general techniques — just don't hand flags to others.
🚫 WHAT YOU CANNOT DO section 04
  • Attack the CTFd platform or server infrastructureThe CTFd web app, database, scoreboard, API, and underlying server are strictly off-limits. Only solve challenges through their intended interfaces.
  • Denial of Service (DoS) or floodingDo not send excessive requests, flood challenge services, or attempt to take anything offline. This ruins the event for everyone. Instant disqualification.
  • Attack other participantsDo not target, scan, intercept, or interfere with other competitors' machines, sessions, or traffic.
  • Share flags or solutions during the competitionGiving another participant a flag — even a single one — is cheating. This includes DMing flags, posting in group chats, or live streaming solutions.
  • Exploit vulnerabilities outside challenge scopeIf you discover a real vulnerability in the CTF platform or server (not a challenge), report it to an admin immediately instead of exploiting it.
  • Attempt to access other participants' accounts or flagsDo not try to steal flags or sessions from other users. Each account is personal and private.
  • Automated mass flag guessingScripted brute-forcing of flag submissions is blocked at the API level, but attempting it anyway is a rule violation. Rate limits are enforced — 5 attempts per minute per challenge.
  • Attempt to access the underlying server via SSH or direct TCPChallenge services are exposed over HTTP only. Do not attempt to access port 22, raw TCP sockets, or any non-HTTP service on the competition server.
  <div class="rlpenalty">
    <span class="rlpenalty-icon">⚡</span>
    <div class="rlpenalty-text">
      <strong>Penalty:</strong> Violating any of the above may result in immediate disqualification, score reset, and removal from the competition. Serious violations will be reported to Indiana Tech Residence Life staff.
    </div>
  </div>
</div>
📊 SCORING section 05

All challenges use dynamic scoring — points decrease as more people solve them. Be fast, be first.

Beginner 100 → 25 pts Decays over 20 solves
Easy 250 → 50 pts Decays over 15 solves
Medium 400 → 100 pts Decays over 10 solves
Hard 600 → 150 pts Decays over 7 solves
Expert 2000 → 400 pts Decays over 3 solves
Tiebreaker Last solve time Earlier final solve wins ties
  • Points are awarded at time of correct submissionThe score you receive is the value at the moment you solve — not the original value. Solve early to maximize points.
  • Hints cost pointsEach hint deducts a fixed amount from your score when purchased. Think before you buy.
🤝 CONDUCT & SPORTSMANSHIP section 06
  • Be respectfulThis is a learning event. Encourage others, share knowledge after the competition, and keep the atmosphere positive.
  • Report bugs and unintended solutionsIf you find a shortcut that bypasses the intended challenge, let an admin know. We'll decide if it counts and may patch it.
  • No harassment or toxic behaviorMocking other participants, threatening admins, or any form of harassment will result in immediate removal from the competition.
  • Admin decisions are finalIf an admin rules on a scoring dispute, flag validity, or conduct issue — that decision stands. You may appeal politely, once.

Questions, issues, or found a bug?

Flag not submitting? Service down? Found an unintended path?
Contact an admin during the competition — we're here to help.

💬 Message RA Martin on Warriors Connect

// Good luck. Break things. Learn stuff. //