What really should be done about this? If you expect any action to be taken on this perceived problem besides hoping that users stop with these submissions, this gets us nowhere. Maybe we should formally define what a “CTF-like” machine is and propose that the mods not approve machines with those characteristics. Or, do we propose that these machines should be scored differently or not at all?
I don’t disagree with most of the concerns in this post, but I think there is still a place for these types of boxes on the platform. It’s not they are of poor quality or lack creativity, just that they don’t always align well with practicing real world skills in real world scenarios.
Even the CTF oriented boxes still require at least a fundamental set of skills to enumerate and exploit, be it through a long winded set of CTF challenges packaged as a single machine, or through making educated guesses about where to look next. These approaches seem tedious, but these boxes often contain enough of a narrative to guide you from step to step or help you make the right guesses to navigate the overall challenge (perhaps combined with a little out of the box thinking). This is true for some, but obviously not all.
In any case, it’s not like there is absolutely nothing to gain from these boxes ; there is, but the skills may not be all that practical in most non-CTF situations. Writing a decryption method for a custom encryption or steg tool is probably not going to have many real world applications for most of us… but it can still be fun, if you’re into that sort of thing. Not everyone enjoys it and sometimes it can be kind of shitty. Some people love it. A bit like ■■■■.
I’ll be the first to admit, if I encounter a box I suspect is going to be too CTF-like, I’ll back down because its just not my style. I don’t have much free time, so I want the time I spend on here to be a valuable learning experience and not a calamity of guessing my way to root. I don’t like ■■■■. With that said, not all of the boxes with those elements are bad. The most recent box which seems to have crawled up most everyone’s asses, really only had a couple of CTF like situations. The actual exploitation method to gain a foothold and obtain root were very reasonable and realistic IMO, and the CTF challenges in between served more as narrative than technical challenges to me. I’ve seen some posts and in Mattermost complaining about certain parts of this box being too CTF-like when those parts were actually the least bit like it, but I suppose its easier to jump on the #GuessTheBox bandwagon than admit you overlooked something or didn’t know how to use a tool properly.
I think there is a legitimate reason to be concerned with the quality of these boxes as it pertains to practicing and learning real skills, but I don’t think that means they should be kicked away or shunned completely. Profanity ridden and seemingly butthurt about this situation, I don’t disagree with you on this problem. What I do disagree with is complaint without recommendation, as it does nothing to benefit the community. That’s just called bitching.