DEFCON 201 CTF Practice Challenge — May 10th-May 13th

Welcome to the May DEFCON 201 CTF Practice Challenge!

For over two years we have been planing running our own Wargames and CTF to help people develop their hacking skills. While progress is still being made (we plan to launch our own in Winter 2019), DC201 will also occasionally enter into various online CTF Tournaments to test our skills and to get a sample on how one is set up so we have a blueprint in creating our own.

This weekend, from May 10th 0:00 UTC (8:00 PM EST) to May 13th 0:00 UTC (8:00 PM EST), we invite all DEFCON 201 Members, Attendees and Fans to help us hack the Order Of The Overflow DEFCON 27 CTF Qualifier!

Website: https://www.oooverflow.io/dc-ctf-2019-quals/
CTF Time Page: https://ctftime.org/event/762

Anyone can enter by joining our group and entering our DISCORD Chat! Once in chat, select the #CTF channel and hack away!

DEFCON 201 Discord Link: https://discord.gg/PGgPNEF

CLIENT INTERFACES

Clear Net: https://discordapp.com/channels/@me

Windows: https://discordapp.com/api/download?platform=win

macOS: https://discordapp.com/api/download?platform=osx

Linux: https://snapcraft.io/discord

iOS: https://itunes.apple.com/us/app/discord-chat-for-games/id985746746

Android: https://play.google.com/store/apps/details?id=com.discord (We recommend using YALP)

Join The DEFCON 201 CTF Time Group: https://ctftime.org/team/40304

Rules

  1. No Denial of Service — DoS is super lame, don’t do it or you will be banned
  2. No sharing flags, exploits, or hints — Do your own hacks
  3. No attacks against our infrastructure — Hack the challenges, not us
  4. No automated scanning — For these challenges, do better

New Challenge Type: Speedrun

We want to see who the fastest hackers are on the planet. So we created a new type of challenge: the speedrun. There will be one speedrun challenge released every 2 hours starting at May 11th 03:00 UTC for 24 hours (for a total of 12 challenges). Every speedrun challenge is running on the latest Ubuntu 18.04 with libc-2.27 md5 hash of 50390b2ae8aaa73c47745040f54e602f. To the winner go the spoils.

Scoring

As in 2018, all challenges (except for speedruns) will be adaptive scoring based on the number of solves: starting at 500 and decreasing from there (based on the total number of teams that solved the challenge).

Speedrun challenges have two ways to earn points: individual and overall.

Individual challenge scoring is based on the solve order of the speedrun:

  • First to solve: 25 points
  • Second to solve: 20 points
  • Third to solve: 15 points
  • Fourth to solve: 10 points
  • All other solves: 5 points

Overall speedrun scoring is based on the total solve time of a team over all speedruns (max of 2 hours for unsolved challenges):

  • First place: 300 points
  • Second place: 200 points
  • Third place: 100 points

For example, if one team solves all speedrun challenges first, they would receive 300 (25*12) points on individual speedrun and 300 points for being in first place overall.

Flag Format

Unless otherwise noted in the challenge description, all flags will be in the format:

OOO{...}

AND YOU MUST SUBMIT THE WHOLE THING, INCLUDING THE OOO{…}.

POW

We may implement a POW (proof of work) in front of a challenge if we feel it is necessary. Specific POW, along with a client, will be released at game time.

Hints

Do not expect hints. Particularly if a service is already pwned, it would be unfair to give one team a hint when it’s already solved. If we feel that something is significantly wrong, then we will update the description and tweet about it.

Happy Hacking!

::END OF LINE::