HITB2014KUL Capture the Flag: Age of Extinction

ctf3

Overview

The objective of the game is for teams (maximum of 3 participants per team) to gain as many points as possible by defending their servers and attacking other teams’ servers. Teams will be given identical pre-configured vmware image of an Linux installation – the root password will not be given to the team. There will be daemons running on the server. Some daemons are puzzle or contain vulnerabilities such as buffer overflows, format string and so on. The teams’ objective is to analyze the daemons, find vulnerabilities and write exploits.

A working exploit will enable the team to attack other teams servers, retrieving the flag associated with each daemon running on the server and thus scoring an offensive point. The ability to keep the daemons running will enable the teams to score a defensive point.

Scoring

Offensive Points = Gained by hacking into other team’s server and retrieving their flags.

Defensive Points = Gained by keeping your server’s daemons running.

Challenge Points = Gained by submit the correct flags for challenges

Total points = offensive points + defensive points + challenge points

In order to score an offensive point, all that a team needs to do is hack into other team’s server, retrieve the flag, and submit it to the score server. In order to get a defensive score, teams must keep their daemons running and accessible by the crew. Flag checks will be done randomly. If a flag check fails, teams will not gain a defensive point. Flags will be reset randomly as well, thus teams are allowed to harvest flags to gain more offensive points.

Higher points are given for offensive attacks as opposed to defensive scores. Defensive scores are the same for all daemons while offensive scores vary depending on the complexity level of the exploit needed. The first team able to exploit the daemon will gain a ‘breakthrough point’.

At the end of the competition, the team with highest total points will be the one who rules the world! In case of two different teams having the same points, whichever team is quickest to reach the highest points will be declared the winner. As such, teams are advised to submit the flags as soon as they obtain them.

The CTF network will be isolated from the rest of the conference network and we will NOT provide Internet access on the CTF network. You are free to use the HITB conference wireless network.

Prizes

1st prize – 1000 USD

2nd prize – 750 USD

3rd prize – 500 USD

Team which solved the most challenges first – 1.337 BTC

 

Things to bring

  • Laptops
  • A network switch
  • Network cables
  • Extra power sockets / power gangs.

The game will run for 16 hours over the 2 days of the conference (15th & 16th October), 8 hours per day. Each team is limited to a maximum of 3 members.

Registration

Capture the Flag:Age of Extinction  is open for public to register now, however, registration is on first come first serve basis. To register for this event, please send an email to ctfinfo@hackinthebox.org with the following details.

– Team Name + Country of origin

– Team Leaders Name/Handle + Email Address

– Team Members Names/Handle + Email Address

 

Registered Teams

  1. Dystopian Narwhals (SG)
  2. Rentjong (ID)
  3. mayuge (JP)
  4. Agretian Riders (SG)
  5. Gilas (PH)
  6. RedAlert-VXRL (HK & KR)
  7. ANOMALOUS (SG)
  8. GGWP (VN)
  9. HITCON (TW)
  10. Pwnffman (TW)

Rules

We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to simple rules such as:

  • Show up on time or you’ll miss the briefing
  • No off-the-shelf automated scanning tools such as Nessus, OpenVAS etc. It’s useless and we’ll kick you out for being lame
  • No attacks against scoreserver or you will be disqualified from the game
  • No flooding and / or DoS attacks in the network.
  • No ARP spoofing.
  • No physical attacks against other players.
  • All participants must obey to PIT STOP calls. PIT STOP calls are rest intervals where all the players must leave the CTF area to facilitate for the CTF Crew to perform maintenance work.
  • Teams who don’t adhere to the rules will be penalized or disqualified from the competition.

Final Judgement

At all times, the decision of the CTF Crew is final on any matter in question.

Source code

The CTF Crews reserve the rights to release or not to release the source code of the daemons.

Contact

If you have any questions, please send an email to ctfinfo@hackinthebox.org

 

ctf2 ctf1

CTF Prize Sponsor (1.337 Bitcoins)