HackingContest/details

From Chaos Communication Camp 2007

Jump to: navigation, search

<< Hacking contest

Contents

[edit] Hacking Contest details

Everyone is welcome to join our CTF contest! All participants should organize in teams. Please register your team as soon as possible by calling 5230 or leaving a message on this page's discussion page.

Each team must host a custom network server running multiple services. The network server will be distributed to all teams as a vmware image that can be run using the vmware workstation.

The services contain vulnerabilities that you have to find. While you should fix these on your own server, you can also try to exploit them on the servers of the other teams. A scoring bot will connect to all services regularily to check if they are up and doing what they are supposed to do. The scoring bot distributes specially crafted data fragments (called flags). The bot later tries to recollect these data fragments from the services. If you can exploit a service and receive one or more data fragments, you can send them to the scoring bot to get awarded some attacking points.

You can also write advisories that describe vulnerabilities that you have found. Advisories should contain an exact description of the vulnerability (source code line numbers) as well as a workaround description.

Last not least, you are also allowed to write your own replacements for services that you feel are badly designed. Services hacked from scratch are credited, too.

[edit] IMPORTANT: Things to bring

A computer running linux or windows with vmware

A switch and cables to connect all your computers (we provide each team with one uplink)


[edit] Miscellaneous

If you've got questions, check by the milliways hackcenter or call 5230.

[edit] News

  • Each participating team will receive a certificate!! Please send a snail mail address and the names of your team+all team members to hc! (esperer at jabber dot ccc dot de)
  • The vulerable image is now posted. Check my personal ctf page.
  • The scoring bot has been published. Please check my personal ctf page for more details!
  • The CTF services have been published. Again, please check my personal ctf page.
  • The CTF image will be posted the next days
  • The team pictures will be published after we received permission from the teams
Personal tools
Archived page - Impressum/Datenschutz