Game Setup Tutorial
NOTE: This section assumes you've already completed the installation phase.
We have found that providing a bit of narrative around Root the Box oftentimes helps players stay engaged. Think about adding a bit to your next CTF, as you're setting everything up it's an important aspect to keep in mind.
A corporation, which is optional, is a group or set of boxes. As an example, a corporation could have a set of flags from a web server box and a database server box. It is recommended that the administrators organize their challenges with this in mind (e.g. re-using passwords between boxes within the same corporation). Corporations allow for challenges to group entire networks of machines instead of just one box. If you don't want to utilize Corporation groups, you can create a single Corporation with an empty name - RTB will then hide this layer.
You will want to create corporations first, see creating corporations for details.
A box is a collection of flags representing some type of information the team is tasked with obtaining (see flags for details). Each box belongs to a corporation and represents a host that teams can attack. Alternatively, each box could represent questions about certain digital evidence relative to a category, such as Memory Analysis of a provided image.
The box flag submission type can be setup as Classic or Single Box. In classic mode, each flag has a submit. The player will choose the flag they intend to capture. In single box, there is one submission box, which compares the attempt against all flags in the box.
See creating boxes for details on creating new boxes.
A flag is a question the teams must answer or some information that must be retrieved. Teams are rewarded with money / points once they successfully capture a flag. Flags can have hints or apply penalties.
See creating flags for details on creating new flags.
By default, all teams/players start at level 0. Additional levels can be unlocked by capturing a percentage of the flags on the current level, paying money to unlock higher levels, gaining a certain number of points, or managed where the admin controls access. Players cannot see or submit flags for levels they have not unlocked.
See creating game levels for details on creating new game levels.
Categories can be applied to boxes, which grant player's access to a skill graph showing their progress among the various categories. This can allow players to more clearly see their strengths. Categories are optional.
For bots, a garbage file is generated by the administrator in scoring engine. When you create a box, you should be able to download a copy and upload it to the target server(s). This file basically contains some random data which is part of a zero-knowledge proof that confirms the bot has access to the target machines and not running on a box outside the scope of the game.
See the bot protocol layout for details on the process.
Files, documents, or applications used by the players within the game can be placed in the Game Materials folder (/files/game_materials). RootTheBox supports a folder structure, so organize your materials to best fit the game. For example, you could create a directory for tools that might be used by the players (so they can download them directly), add a document for the network they're going to attack, or list the evidence they must examine to find a flag. When creating a box, flag or hint, reference relevant game materials the user may need. When the configuration option use_box_materials_dir is enabled, a Game Materials folder named to match the Box will be automatically linked on the Box. Also, if using a corporation, the directory structure could be corp/box.
