GL1TCH

Instructions

Setup

Before the Range Opens:

  • Glitch Bot adds you to Discord channels:
    • General event chat with all teams
    • Scoreboard and announcements channel
    • Private team text and voice chat
  • Service-specific threads created in team text chat

When the Range Opens:

  • GlitchBot sends a zip file containing:
    • VPN profiles
    • Scoreboard API token
    • Vulnbox credentials
  • Download and connect to VPN
  • SSH into vulnboxes using provided credentials

Vulnbox Details:

  • Running Alpine Linux
  • Services dockerized in "/service" directory
  • One vulnbox per service, multiple flagstores possible

Network

  • Game network: 10.100.0.0/15 subnet
  • Authorized targets: All hosts in subnet except 10.101.0.1
  • Vulnbox IP format: 10.100.T.S (T = team ID, S = service ID, both 1-indexed)
  • Router (NAT): 10.101.0.1
  • All traffic routed through 10.101.0.1 with source NAT

Network Map:

Network Map

Flag Format

Flag regex: [A-Z0-9]31=

Example: XFWEC8CI1OP1DNBD8CJNUB22VIQ22T2=

FlagIDs vary per service (usually usernames or user IDs)

API

Endpoints:

  • GET <game>.glitchrange.com/api/hosts
  • GET <game>.glitchrange.com/api/flagids
  • POST <game>.glitchrange.com/api/steal

Example Responses:

GET /hosts:

[
  {
    "service_name": "demo-service-1",
    "service_id": 1,
    "team_id": 1,
    "ip": "10.100.1.1"
  },
  {
    "service_name": "demo-service-1",
    "service_id": 1,
    "team_id": 2,
    "ip": "10.100.2.1"
  }
]

GET /flagids:

[
  {
    "service": "demo-service-1",
    "service_id": 1,
    "team_id": 1,
    "tick": 5,
    "flag_id": "2jitycpb2euu3m8v"
  },
  {
    "service": "demo-service-2",
    "service_id": 2,
    "team_id": 1,
    "tick": 6,
    "flag_id": "{'user': 'bob82738'}"
  }
]

POST /steal example:

curl -X POST demo.glitchrange.com/api/steal?token=5cfefcf8549395ac3aa5a6322cbb5b8a&flag=XFWEC8CI1OP1DNBD8CJNUB22VIQ22T2%3D

POST /steal response messages:

  • "error: unauthorized": Incorrect team token
  • "error: invalid": Incorrect flag
  • "error: duplicate": Flag already submitted
  • "error: self": Flag from own team
  • "error: expired": Flag older than lifetime
  • "success": Flag correct, successfully submitted

Scoreboard Guide

  • All teams begin with 0 points
  • Each stolen flag is worth 1 point (deducted from victim, added to attacker)
  • Each SLA check (PUT, GET, and CHECK) is worth 1 point (3 possible SLA points per tick)

Scoreboard Layout:

Scoreboard Layout