PwnTillDawn

PwnTillDawn Battlefield Rules and Restrictions

PwnTillDawn Battlefield has been created to bring fun and coolness to Cyber Security as well as provide a place where people can learn and express safely their passion. However, it also comes with a set of rules and restrictions to ensure this place stays fun and usable.

The following is a list of restrictions. Infringements may result in sanctions such as being banned from PwnTillDawn up to legal actions!

  • No attacking the PwnTillDawn infrastructure (this includes the VPN gateway, the CTF platform app, etc). If bugs or vulnerabilities are found, please alert our team at info@pwntilldawn.com.
  • No attacking other participants. Such action is considered as hacking and computer crime and will be reported relevant authorities.
  • Absolutely no sabotaging of other participants, or in any way hindering their independent progress.
  • No brute forcing of challenge flag/ keys against the scoring site.
  • DoSing the CTF platform or any of the challenges is forbidden.
  • Attacking machines outside the range 10.150.150.10 to 10.150.150.254 is strictly prohibited.
  • The following cannot be used or performed within the PwnTillDawn Battlefield Network *:
    1. Spoofing (IP, ARP, DNS, NBNS, etc)
    2. Commercial tools or services (Metasploit Pro, Burp Pro, etc.)
    3. Mass vulnerability scanners (e.g. Nessus, NeXpose, OpenVAS, Canvas, Core Impact, etc.)
    4. Example Forbidden tools: Nessus Home & PRO, BurpSuite PRO Scanner, Acunetix, NeXpose, OpenVAS, Canvas, Core Impact, SAINT, Metasploit Pro, Netsparker, OWASP ZAP Scanner, ….
  • It is strictly forbidden to share or post on the web the solution (e.g. writeups) or any information about the CTF vulnerable machines. PwnTillDawn Battlefield is meant for people to learn.
  • Do not use your work/personal computer to access the PwnTillDawn network. Instead, create a dedicated virtual machine that is properly isolated from your physical machine.

* You may, however, use tools such as Nmap (and its scripting engine), SQLmap, Nikto, Metasploit Community Edition, Burp Free, DirBuster etc. against any of your target systems.