PAKCON 2005 / CTF (Capture the Flag) -
Hacking Contest
#####
# # ## ##### ##### # # ##### ######
# # # # # # # # # # #
# ctf # # # # pak # # # # # ##### con
# ###### ##### # # # ##### #
# # # # # # # # # # #
##### # # # # #### # # ######
#######
# # # ######
# # # #
# ###### ##### C-T-F
# # # # PAKCON II
# # # # Karachi, PC.
# # # ######
####### _____
# # ## #### #`~'\.../`~' /
# # # # # # # PAKCON /
##### # # # # # ___ /
# # ###### # ### # / \_____/
# # # # # # # ~
# ###### # # #### #
# ./jpg_exploit.pl -d winbox.ctf.pakcon.org
#ifndef CAPTURE_THE_FLAG_H
#define {
---[ Capture the Flag ]-
Capture the Flag is a hacker deathmatch competition. In an
inter-connected battlefield, six different teams compete for total
domination. From buffer overflow exploits to sophisticated
privilege escalation methods, teams exploit every lethal weapon in
the book to haul their adversaries out of the battlefield, while at
the same time doing everything they can to keep their footings
secure and their positions well guarded in the midst of the battle.
In an intense battle spanning over twelve hours straight teams
search for ingenious means of blasting their opponents' systems off
of the network and in the meantime employ any number of protective
measures to keep their systems from getting damaged. The team that
destroys all of its enemies or scores the most points at the end of
the 12-hour session gets to wear the crown -- or hold the flag,
whichever is preferred.
---[ How CTF Works ]-
Teams bring their own specialized equipment, which can be anything
from a PC, laptop to a PDA, running any Operating System of their
choice. Teams are provided network connection(s), which can either
be wireless or wire-based, a power outlet and a separate table.
Importantly, all teams are required to install a reference
distribution on their machines at the spot. That reference
distribution runs "on top" of the Operating Systems teams have
decided to use. The reference distribution can be anything from a
small server package to a complete OS emulator. What is important
is that the reference distribution runs a number of services by
default. Certain flags are implanted into a select few services,
the names of which are kept secret throughout the contest. The
Score Server periodically initiates connections to those few
services on each teams' server and tries to find the flag implanted
in them. Depending on the response the server gets, the Score
Server awards or punishes the teams by giving or taking away points
from them, respectively.
Teams cannot randomly filter or shutdown services on their servers.
Since the services to which the Score Server connects to look for
flags are not known until the end of the contest, filtering of
requests to initiate connections to any service that the Score
Server connects to (in other words, shutting down those services)
results in the Score Server penalizing that team. In other words,
if the Score Server cannot connect to any particular service it
wants to, it punishes the team to which that server belongs by
taking down points from their total score.
To score points teams need to keep their servers up and running at
all times. If at any given time the Score Server cannot connect to
a particular service on a team's server, the Score Server marks
down that team by reducing some points from their overall score.
Teams will have to ensure that any vulnerability on their system is
patched properly and that all services are running. Furthermore,
teams will have to attack other teams' servers and try to bring
down their enemies' defenses by exploiting vulnerabilities.
---[ How CTF Does Not Work ]-
Denial of Service attacks and other various flooding techniques are
prohibited. Their use is severely punished by the Score Server.
The Score Server keeps a constant, sharp watch on the bandwidth
teams' servers are consuming. Where ever it detects an unusual
surge in the bandwidth consumed, or in other words where ever it
sees the bandwidth being abused, the Score Server penalizes the
abuser. The Score Server can penalize either by deducing a whole
bunch of points or by denying the team which abused the bandwidth
access to the contest for a period of time ranging from 30 minutes
to several hours.
---[ Word of Caution ]-
PAKCON staff will not tolerate harassment of any sort including
use of abusive language and gestures. Physical abuse to equipments
will results in a direct cancellation of the abusing party's right
to continue to participate. At any time the PAKCON staff can take
control of the complete contest or part thereof and can make any
changes to it. In addition to that, there may or may not be a
"break" period of about 30 minutes in which all the teams will be
asked to leave the contest room for the PAKCON CTF maintainers to
do maintenance chores.
---[ How to Register ]-
Registration to participate in the Capture the Flag contest is open
only on a first come, first serve basis, and only to a total of six
teams. Any team can have no more than six members. The teams can
select any individual to be their member as long as the total
number does not exceed six.
To register, teams will have to fill out the registration form
available on the following UR and send back to us:
http://www.pakcon.org/contest/Pak%20Con%20-%20Contest%20Registration.doc
Once any request for registration is received, a member from Pak
Con's Registration Committee will contact the team which applied
for registration.
---[ Info@PakCon ]-
Yup. It is <info -at- pakcon.org>.
# }
#endif
/*
* root@slackbox.ctf:~# ./msftpd_buffer_overflow.php -d winbox.ctf.pakcon.org
* root@slackbox.ctf:~# _
* root@slackbox.ctf:~# ping winbox.ctf.pakcon.org
* PING winbox.ctf.pakcon.org 56(84) bytes of data.
*
* --- winbox.ctf.pakcon.org ping statistics ---
* 3 packets transmitted, 0 received, 100% packet loss, time 2012ms
*
*/
|