Skip to Content
CyberCTFFAQ

FAQ

🚀 Getting Started with CyberCTF

Q: What is a CTF?

A: Capture The Flag (CTF) is a cybersecurity competition where you solve challenges to find hidden flags and earn points. It’s an excellent way to learn cybersecurity hands-on.

Q: How do I start my first challenge?

A: Navigate to the “Labs” page (/labs), choose a challenge suitable for your level (start with “Beginner”), then click “Launch Lab” to start the environment.

Q: Do I need prior experience?

A: No! CyberCTF offers challenges for all levels. Start with 1-star (Beginner) challenges to get familiar with the platform.

Q: Is CyberCTF free?

A: Yes, CyberCTF is completely free. Create an account at /sign-up and access all labs at no cost.

Q: What do I need to run labs?

A: You need:

  • A modern web browser (Chrome, Firefox, Edge, Safari)
  • Internet connection
  • CyberCTF Launcher (recommended) OR Docker installed for manual commands

🎯 Labs and Challenges

Q: How do I submit a flag?

A: On the lab page (/labs/[slug]), enter the flag in the submission form and click “Submit”. You’ll get immediate feedback on whether it’s correct.

Q: What is the flag format?

A: Most flags follow these formats:

  • CTF{...} - Static flags
  • FLAG{...} - Alternative format
  • Dynamic flags generated per user
  • Check the lab description for specific format

Q: Can I retry a challenge if I fail?

A: Yes! You can attempt challenges as many times as you need. Note: After 3 attempts, you’ll receive a warning that further attempts may reduce points.

Q: How long do I have to complete a challenge?

A: Most challenges have no time limit. However, active lab Docker containers may have timeout restrictions (shown in lab details).

Q: What should I do if I’m stuck?

A: Several options:

  1. Enable “Guided Mode” for step-by-step hints (costs points)
  2. Use the hint system (5 points per hint)
  3. Check the lab description for clues
  4. Search online for similar challenges
  5. Ask the community

Q: Can I see the Docker commands?

A: Yes! On the lab page, switch to the “Commands” tab to see and copy the exact Docker commands to run the lab manually.

🏆 Points and Leaderboard

Q: How are points calculated?

A: Points formula:

  • Base points: Set by challenge difficulty
  • Speed bonus: Up to 20% extra for fast completion
  • Hint penalty: -5 points per hint used
  • Attempt penalty: Reduced points after many attempts

Q: How does the level system work?

A: Your level is calculated as: Level = Floor(Total Points / 1000) + 1

  • 0-999 points = Level 1
  • 1000-1999 points = Level 2
  • 2000-2999 points = Level 3
  • And so on…

Q: How is my rank calculated?

A: Users are ranked by total points in descending order. You can see your rank on the Dashboard (/dashboard) and Leaderboard (/leaderboard).

Q: Can I see other players’ solutions?

A: Currently, writeups are not built into the platform. However, you can share solutions with the community externally.

Q: What are achievements?

A: Achievements are special badges you unlock by:

  • Completing your first challenge
  • Solving challenges in specific categories
  • Reaching point milestones
  • Completing challenges without hints
  • Speed records

Q: How does the leaderboard work?

A: The leaderboard (/leaderboard) shows all users ranked by total points. Your username is highlighted, and top 3 users get special icons (🥇🥈🥉).

👤 Account and Profile

Q: How do I create an account?

A: Visit /sign-up, enter your email and password, verify your email, and you’re ready to start!

Q: How do I track my progress?

A: Visit your Dashboard (/dashboard) to see:

  • Total points and rank
  • Completed challenges count
  • Recent submissions
  • Recommended next challenge
  • Achievements unlocked

Q: Can I change my username?

A: Yes! Go to Settings (/settings) and update your username in the Profile Settings section.

Q: Is my progress saved?

A: Yes, everything is saved automatically:

  • Completed challenges
  • Earned points
  • Submission history
  • Running lab status (in browser)

Q: Can I use CyberCTF on mobile?

A: Yes! The web interface is fully responsive. However, labs are easier to solve on a desktop/laptop with a proper keyboard and larger screen.

Q: How do I view my profile?

A: Click on your avatar in the navbar, then select “Profile”, or navigate to /profile.

🔐 Authentication and Security

Q: How does authentication work?

A: CyberCTF uses OpenID Connect (OIDC) with:

  • JWT tokens for authentication
  • HTTP-only cookies for security
  • Automatic token refresh
  • Secure session management

Q: Can I use the same account across multiple devices?

A: Yes! Your account and progress sync across all devices. Just sign in with your email and password.

Q: Is my data secure?

A: Yes, we use:

  • Industry-standard OIDC authentication
  • Encrypted connections (HTTPS)
  • Secure token storage
  • Protected API endpoints
  • No sharing of personal data

Q: What if I forget my password?

A: Click “Forgot Password” on the login page (/sign-in). You’ll receive a password reset link via email.

Q: Can I logout from all devices?

A: Yes, in Settings (/settings), you can view active sessions and logout from all devices.

Q: Do I need 2FA?

A: Two-factor authentication is optional but recommended for additional security. It will be available in Settings when implemented.

🛠️ Technical and Troubleshooting

Q: My lab won’t start, what should I do?

A: Troubleshooting steps:

  1. Refresh the page
  2. Check if Docker is running (for manual commands)
  3. Try the CyberCTF Launcher instead
  4. Check your internet connection
  5. Clear browser cache
  6. Contact support if problem persists

Q: How do I stop a running lab?

A: Methods:

  • In the Launcher: Use the stop button
  • Manual: Run docker stop lab-<slug> && docker rm lab-<slug>
  • Web interface: Click “Stop Lab” button on the lab page

Q: Can I use my own tools?

A: Yes! Each lab runs in Docker with:

  • Pre-installed tools
  • Root access in the container
  • Ability to install additional tools
  • Your own scripts and utilities

Q: Are the labs secure?

A: Absolutely! Security measures:

  • Each lab runs in isolated Docker container
  • No access to your host system
  • Sandboxed execution
  • Safe to practice attacks
  • No risk to your computer

Q: What port do labs run on?

A: Labs typically run on http://localhost:3206. The port is shown in the lab details and Docker commands.

Q: Can I run multiple labs simultaneously?

A: Technically yes with Docker, but:

  • Only one lab should be active per challenge
  • Port conflicts may occur
  • Better to focus on one lab at a time
  • Use the Launcher for easy management

Q: How do I report a bug?

A: You can:

  • Contact support team
  • Report via feedback system (coming soon)
  • Check if others experienced the same issue
  • Provide details: browser, challenge, error message

Q: Where can I see platform statistics?

A: Visit the Statistics page (/stats) to see:

  • Total users and challenges
  • Top performers
  • Popular challenges
  • Success rates
  • Category distribution

Q: How do I share my profile?

A: On your Profile page (/profile), click the “Share Profile” button to get a shareable link.

Last updated on
Authentication SystemLabs