FAUST CTF is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg. Its sixth edition took place on 12 June 2021.

View scoreboard


Congratulations to Bushwhackers who won FAUST CTF 2021 and scored amazing 40179.53 points. The top-three teams are:

  1. Bushwhackers, 40179.53 points
  2. C4T_BuT_S4D, 26432.14 points
  3. MoreSmokedLeetChicken, 24933.74 points

Final "first blood" awards go to:

  • Bushwhackers: Lonely Island (write-up)
  • P-U-G: Lonely Veighty Machinery(write-up)
  • MapleBacon: Treasury (write-up)
  • HgbSec: LostBottleService (write-up)
  • pwnthem0le: Pirates Birthday Planner (write-up)
  • None: MerkleChat
  • None: TreasureHunt

We thank all participating teams and our sponsors!


Once again, the competition will work in classic attack-defense fashion. Each team will be given a Vulnbox image to host itself and VPN access. You will run exploits against other teams, capture flags and submit them to our server.

The vulnbox decryption password will be released at 2021-06-12 13:00 UTC. The actual competition will start at 14:00 UTC and run for eight hours.


Thanks to our sponsors, we can again provide nice prize money:
  • First place: 1024 €
  • Second place: 512 €
  • Third place: 256 €

Additionally, for each service the first team to exploit it, submit a valid flag and provide a write-up will win 64 €.


Call for TreasureHunt First Blood

With the burden of shiny 64€ in our pockets, we sailed two weeks through the stormy sea on the search for a valid TreasureHunt first blood. Since then, many teams have said that the first flag they submitted was only obtained from pcap files. So our crew came together, and we decided to make the first blood a challenge:

  • Every team is allowed to submit a writeup for TreasureHunt until 04.07. 23:59 CEST.
  • To submit a writeup, upload it to a blog and/or CTFTime and email us the link and your teams' name via orga@faustctf.net.
  • We will choose the best writeup and announce the winner the week after.
  • The winner will get the 64€ first blood award.

The network is open!

The rougher the seas, the smoother we sail. Ahoy!

The network is open! Go go go go go!1!! Happy exploiting!

Vulnbox Decryption Password

Arrrr pirates, here is the key to the treasure chest! N0t_4ll_tre4sure's_5ilver_&&_g0ld,_mate.(<-MATE_also,and_FLAAGS)

Vulnbox Download

The vulnbox is ready!

You have these download options:

To verify the integrity of your download, you may check the SHA256 sums: 303476f82c6e8bfeb0aaee6190df734a4e5f4e30510b699e743406c96057fda5 vulnbox.ova.gpg 0223f196a00ea3a9b749d25d2e1cbedce11270acd4f334e62332f0cce3dcc63b vulnbox.qcow2.gpg

As stated in the rules, the decryption password will be released at 2021-06-12 13:00 UTC via email, Discord and Twitter, and thereafter also here. Please make sure you can run the testbox and connect to the VPN before the CTF.

VPN Configs & Testing Vulnbox

We just generated the first batch of VPN configs. If you registered before 2021-06-06 07:00 UTC, you should be able to connect to the VPNs now (see our Setup page for details).

Testing Vulnbox images are available as well. On first login, the Vulnbox will ask you for some information and configure itself properly. It will generate You can log in as root with an empty password using any of the following ways:

  • Use SSH with the generated random password (may need port forwarding, for the NAT Network)
  • Connect to the serial port of the VM (may need configuration)
  • Use the graphical console of your virtualization software - not recommended if you want to deploy SSH-Keys or configure VPN.

If you run into problems with the setup, try our suggestions from Basic Vulnbox hosting.

We provide two options for download:

To verify the integrity of your download, you may check the SHA256 sums: 28e06183ab3d8dd477b4bfb216df66a98f1380a6fdd845c2bfab0aafd85ccc2e testbox.ova.gpg f2134eab1866467dc4ee834b03be42764eb37fde0a7f578e5f2ebf6f633f5360 testbox.qcow2.gpg

Both images are encrypted with the password "test" and are otherwise identical, so use the one that best fits your needs. To decrypt the Vulnbox, use: gpg --decrypt-files testbox.ova.gpg

Registration open

This year's website is finally online and the registration is open. The CTF is already around the corner, so make sure to sign up now.

Supported by

SEC Consult SySS noris network

Organized by