HACKMEX 2025 CTF FAQ

Preguntas frecuentes sobre la plataforma

Tabla de contenido

  1. Who can join this competition?
  2. Where can I download the OpenVPN application for Windows?
  3. ¿Cuántos reinicios son permitidos? - How many restarts are allowed?
  4. ¿Cuáles son los objetivos sin root predefinido? - What are non rootable targets?
  5. ¿Se permiten ataques de fuerza bruta? - Is brute-forcing allowed?
  6. ¿Dónde puedo obtener pistas? - Where can I get some hints?
  7. How does leaderboard resolves ties in scores?

Who can join this competition?

The competition is open for the top 10 teams from each category of our Qualifier round. The categories that will be competing are:

  • Students and members of Universities, Colleges, Schools and other Educational Institutes
  • Government Entities and Organizations
  • Private Companies and Organizations

Where can I download the OpenVPN application for Windows?

OpenVPN for windows is available at https://openvpn.net/community-downloads/

¿Cuántos reinicios son permitidos? - How many restarts are allowed?

ES

Cada usuario tiene permitido 7 reinicios por día. Las solicitudes son añadidas a una cola. El sistema procesa la cola cada dos minutos.

EN

Every user is allowed 7 restart requests per day. User restart requests are added to a queue. The system processes the queue every 2 minutes.

¿Cuáles son los objetivos sin root predefinido? - What are non rootable targets?

ES

Son objetivos que no tienen una ruta predefinida por nosotros, para ganar acceso a root. Estos objetivos tienen una bandera /root/ pero dependen de tu ingenio para descubrir vulnerabilidades de día-cero

EN

There are targets that have no pre-defined way, by us, to gain root access. These targets do have a flag /root/ but depend on you discovering a 0day exploit to get it.

¿Se permiten ataques de fuerza bruta? - Is brute-forcing allowed?

ES

Ataques ligeros de fuerza bruta son permitidos y deben de ser más que suficientes en ciertos escenarios. Debes de ser capaz de adivinar o crackear contraseñas utilizando la lista estándar de John (password.lst). En caso de no poder, significa que la contraseña no puede ser crackeada a menos que sea igual que el nombre de usuario.

EN

Lightweight Brute-forcing is allowed and should be more than enough for any case. You should be able to crack or guess passwords by just using the John standard list (password.lst). If you can't, then it means that the password is not meant to be guessed/cracked unless it is the same as the username.

¿Dónde puedo obtener pistas? - Where can I get some hints?

ES

¡Aquí algunos detalles para obtener pistas!

  • Siempre revisa la descripción del objetivo
  • Revisa las pistas de manera regular en la esquina superior derecha del Dashboard
  • No tengas pena de pedir ayuida en nuestro canal de Slack.Toma en cuenta que no debes de revelar información a otros competidores.

EN

Here are some hints on how to get hints!

  • Always check the description of the target.
  • Check your hints regularly on the top-right corner.
  • Don't be afraid to ask for help through our Slack, but take the conversation to private messages so that you don't disclose information to other users.

How does leaderboard resolves ties in scores?

The leaderboard resolves ties (players with same score) in the following way:

  • user with higher points (points DESC)
  • older timestamp of user points last update (updated_at DESC)
  • older user (user_id ASC)