CTF

From 23C3 Public Wiki

Jump to: navigation, search

Contents

Overview

Capture The Flag is a hacker contest. Teams of hackers battle against each other in a fight of supremacy in a network full of vulnerable services. The teams' task is to defend a server while simulateously attacking the other teams' servers. Usualy, at the beginning, all teams have the same services running. A central game server checks the services regularly by sending tickets, the so called flags, which are collected later on. Every flag that is still there is awarded with scores.

Whenever a team manages to read a flag on another system then their own, they can submit it at the gameserver, thus moving some scores from the defensive team to their own. This way defensive as well as offensive tactics are awarded.

Contacts

We will host a CtF on 23c3. Your contacts are Lexi and Mc.Fly.

Requirements for parcipiation

  • each team needs a minimum of four players, and a maximum of six players
  • one of them dedicated to be the captain
  • each Team needs to bring the hardware listed under Hardware. We don't sell, rent, otherwise give you hardware. Saturn is 500m away.
  • each team needs to show its presence at the event and appear (physically) in front of one of the organizers before 20:30 day 1. Contact Spida or McFly on DECT.
  • each team may submit a Logo <=64*64px, png. (black or transparent backgrund highly recommended)

Registration

To subscribe your team for the event, send the following information to Lexi by email:

  • Name of the Team
  • Team's affiliation
  • Name and EMail of the team's captain
  • Number of players (6 is maximum number of players per team allowed)

Teams

Currently subscribed (this list is not authoritative, but only for informational purposes):

Hardware

Teams have to bring their own hardware. We will take care of the central gameserver and a central switch. We will also host the vulnerable images.

Thus each team needs to bring:

  • a switch with a free uplink port
  • one laptop/workstation per participant plus network cables

Organization/Technical Details:

  • the OS will probably be Linux or some BSD

Timeline

The contest will probably take place in the night from Dec 29th to Dec 30th in Hall 4.

  • 00:00 The teams will be given access to their images
  • 01:00 The scoringbot startes
  • 07:00 The contest is over, declaration of the winner.

There'll be a Hacker's Sportstudio as a parallel event.

Rules

The following (uncomplete!) list of rules will be enforced through out the game. Violations will be fined with negative scores or immediate disqualification. All referees decisions are final.

  • All of the hoster's hosts are off-limits. This refers esp. to the gameserver and the infastructure needed to display the scoreboards.
  • All other hosts are legible targets.
  • It's allowed to delete of modify other teams' flags.

The following is discouraged:

  • Any filtering on IP- and/or TCP-layer, or similar mechanisms of scorebot-optimzation
  • Automated scanning (ports, IPs, etc.) or usage of vulnerability scanners
  • Buffer-overflow protection mechanisms like grsec and similar are excluded from the game
  • Destructive behaviour ((D)Dos, deleting of vital system files, ...)
  • General unethical behaviour will be fined

Participate!

(friendly sponsored by !eof, starring jchome, created by codec).

(Original image is [1])

And now he also dances for you! --codec [2]