This page describes the technical details for participation in FAUST CTF. If you're looking for a guide on how to get the Vulnbox running, have a look at Basic Vulnbox Hosting.


The Vulnbox image will be available as an x86-64 image in OVA and QCOW2 format. This means it should run in VirtualBox, QEMU/KVM and other hypervisors. Support for hardware virtualization (VT-x) is highly recommended.

A test image to check your virtualization setup will be available. To also check your networking setup, the VPN will be online as soon as the test image is available.


We will send out OpenVPN configs containing the required passwords when the VPN is online. OpenVPN is supposed to run on a router box under your responsibility. This might be another VM, the box which hosts the hypervisor, or a completely different machine.

You probably want to reach the competition network (your Vulnbox, flag submission etc.) from your team member's personal computers. The easiest way to achieve this is to use the "team network" IP space delegated to you (although you might want to firewall connections originating from the vulnbox to the team's computers).

Graphic of network setup and IP ranges

IP Ranges Overview

  • VPN routing networks:
    • 10.65.<team_ID>.1: Competiton gateway
    • 10.65.<team_ID>.2: Team router
  • Team networks: 10.66.<team_ID>.0/24
    • Vulnbox: 10.66.<team_ID>.2
  • Competition infrastructure (flag submission etc.):

NOP Team

An unaltered Vulnbox to check your exploits against will be available with team ID 1 (i.e. IP No vulnerabilities will be patched on this machine, but it will receive new flags (which of course won't be valid for submission) and be checked by the Gameserver.


You will run attacks against other teams from your infrastructure, using your own tools.

Flag submission will be possible using a plaintext protocol on from within the competition network.

Flag Format

Flags will match this regular expression: FAUST_[A-Za-z0-9/\+]{32}

Service Status

The Gamerserver's checks for the functioning of a service have one of these results:

  • up: Everything is working fine
  • flag not found: The service seems to be working, but flags from past ticks cannot be retrieved
  • recovering: Flags from more recent ticks can be retrieved, but flags from previous ticks are still missing
  • faulty: The service is reachable, but not working correctly
  • down: The service is not reachable at all, e.g. because the port is closed or a timeout occured