OCRI CTF - Fair Play Rules

Welcome to the OCRI CTF! Our goal is to create a fun, fair, and educational experience for everyone. To keep the competition exciting and fair, please read and follow the rules below.:

🔒 Access Rules During the Competition

• 🔐 Access is Limited: You are only allowed to access the Kali OCRI VM during the competition.
• 🚫 Do Not Tamper: While you may be able to see the firewall and the vulnerable VM on the network, you are not permitted to access or tamper with them directly. The firewall is strictly off-limits—attempting to attack it will result in losing your internet connection and possible disqualification. All interaction with the vulnerable VM must happen through pentesting methods using the Kali OCRI VM.
• 🎯 Exploit Remotely: Your objective is to discover and exploit vulnerabilities in the target system remotely using the tools and techniques available on Kali.
• 🔑 Credentials Provided: All login information for the Kali OCRI VM is included in the relevant CTFd flags. Be sure to check each challenge description carefully. Range access link will be available on competition day: https://ocr.uc.edu
• 📂 Required for Flags: Access to the Kali OCRI VM is essential for completing both the Linux and OffSec flag categories; you should use this VM to complete all the challenges.
• 🌐 Internet Access & Tool Usage: The Kali OCRI VM has internet access during the competition. You are allowed to download and use additional open-source tools, and search the web to problem solve. Please ensure safe and responsible browsing while participating.
• 👁️ Activity is Monitored: Your actions within the environment may be monitored to ensure fairness, system integrity, and support troubleshooting. Stick to the rules and focus on showcasing your skills!

Good luck, have fun, and make the most of this opportunity to sharpen your cybersecurity skills! 💻🛡️⚔️

1. Respect the Game & Others

• Your targets are the challenges, not the competition systems, other players, or infrastructure. Let's keep it ethical and fun!

2. Use Tools Wisely

• You don’t need automated tools like sqlmap, DirBuster, Nmap, Metasploit, or Nikto for most challenges. These can negatively affect the game environment.
• The Offensive Security (OffSec) challenges may involve pentesting, where above tools are allowed. If unsure, ask!

3. Handle Flags Properly

• No brute-forcing flags.
• Do not delete, modify, or alter flags. You’re only allowed to read them.

4. Keep It Fair & Fun

• No flag sharing. Every team should solve challenges on their own.
• No cheating or exploiting loopholes in an unfair way.

5. Keep Challenges Available for Future Learners

• Do not post write-ups or solutions online. We want to keep the challenges fresh for future players!
• However, discussions and knowledge-sharing in Discord after the competition are encouraged.

6. AI Use Policy

• Players may use AI tools to assist with challenges, but these tools should support—not replace—your learning.
• Use them to explore ideas and clarify concepts, not to do the work for you.
• Note: We cannot help troubleshoot problems caused by AI-generated errors or hallucinations.
• Use AI wisely and take ownership of your learning.

7. Need Help? Ask the Right Way!

• After the competition, feel free to ask about challenges in the OCRI Discord!
• If you’re stuck during the event, don’t ask for direct hints. Instead, explain what you’ve tried and share any errors or outputs privately to get guidance.

Flag Format

• Most of the Flags will be in this format: ocri{[0-9a-zA-Z_]}
• This means each flag will start with ocri{......}, and inside the curly braces, it may contain letters, numbers, dashes, or underscores.

Keep it fair, have fun, and happy hacking! 🚀

If you look closely, you can even find a flag on this page!

I confirm that I have read the rules. Next, register and set up your team!