Capture The Flag

From 22C3

Jump to: navigation, search

Capture The Flag is a hacker contest. Teams of hackers battle against each other in a fight of supremacy in a network full of vulnerable services. The teams' task is to defend a server while simultaneously attacking the other teams' servers.

Usually, at the beginning, all teams have the same services running. A central game server checks the services regularly by sending tickets, the so-called flags, which are collected later on. Every flag that is still there is awarded with scores.

Whenever a team manages to read a flag on another system then their own, tehy can submit it at the gameserver, thus moving some scores from the defensive team to their own. This way defensive as well as offensive tactics are awarded.

Contents

Contacts

We currently plan to host a CtF. Your contacts are Lexi and Mc.Fly.

The Signup-Interface is available at: http://events.ccc.de/congress/2005/ctf/

Currently subscribed:

  • fbMatix hOEcker from Uni Hamburg (Captain: Muelli) - NetworkTeamNumber 3
  • Brotherhood of P0ng some Guys (Captain: zkar) - NetworkTeamNumber 4
  • HacktoLeeter from Mannheim (Captain: yorn) - NetworkTeamNumber 5
  • lovelittlepet (Captain: lovelittlepet) - NetworkTeamNumber 6
  • chuck the team from the Chaostreff Wuerzburg (Captain: urs) - NetworkTeamNumber 7
  • !eof from the !eof crew (Captain: Telmich) - NetworkTeamNumber 8
  • There Is No Base (Captain: duracell) - NetworkTeamNumber 9

Subscribtion recieved, but false return email and no contact:

  • 22c3.blogspot.com (Captain: Hacker Kash and kokanin)

Please contact mc.fly@jabber.ccc.de or on dect 2437 - NetworkTeamNumber 10

Timeline and other Details

Teams have to bring their own hardware.

We will take care of the central gameserver and a central switch.

Thus each team needs to bring:

  • one server that is able to run VMWare (>=1.5GHz, >=512 MB RAM, >=10GB HDD)
  • a vmware installation. The image should run with 4.x, but we tested it with 5.x
  • network should be in bridged mode for obvious reasons
  • see http://www.heise.de/newsticker/meldung/67629
  • a switch with a free uplink port
  • one laptop/workstation per participant plus network cable
  • Network cables to connect to the switch and the switch zu the uplink port on our switch.
  • a multiconductor plug for electricity

Organization/Technical Details:

  • each team needs at least four players
  • no more than eight players per team
  • the vulnerable image runs on VMWare, thus make sure that you already got VMWare installed and a (test) licence
  • the OS will probably be Linux

The contest will take place in the night from Dec 28th to Dec 29th in Hall 4.

Timeline:

  • 23:00 The image is released/decryped
  • 24:00 The scoringbot startes
  • 06:00 The contest is over, declaration of the winner.

There'll be a Hacker's Sportstudio as a parallel event.

Rules

The following (uncomplete!) list of rules will be enforced through out the game. Violations can be fined with negative scores or immediate disqualification. All referees decisions are final.

  • All of the hoster's hosts are off-limits. This refers esp. to the gameserver.
  • All other hosts are legible targets.
  • It's allowed to delete of modify other teams' flags.

New rules:

  • We will donate extrapoints if you send us advisorys with working exploit.

The following is discouraged:

  • Any filtering on IP- and/or TCP-layer, or similar mechanisms of scorebot-optimzation
  • Automated scanning (ports, IPs, etc.) or usage of vulnerability scanners
  • Buffer-overflow protection mechanisms like grsec and similar are excluded from the game
  • Destructive behaviour ((D)Dos, deleting of vital system files, ...)
  • General unethical behaviour can be fined


Network setup

Every team has its own 10.0.n.0/24, where n is the NetworkTeamNumber.

  • The Teambox - running the vmware-image - must become 10.0.n.2
  • The vulnerable image must become 10.0.n.3
  • DHCP-Ranges are 10.0.n.100 to 10.0.n.200 (Yes, there will be DHCP)
Personal tools