While we are preparing repository with exploits, please fill out this feedback form so we can get better next time: https://forms.gle/ipm6RmAst9MhuRRt7
We really appreciate your opinion
We really appreciate your opinion
Google Docs
RundergroundCTF #2
Repository with services, their source codes, checkers and exploits is available here: https://github.com/C4T-BuT-S4D/training-18-10-2020
Don't forget about feedback form: https://forms.gle/ipm6RmAst9MhuRRt7
Don't forget about feedback form: https://forms.gle/ipm6RmAst9MhuRRt7
As always here is information for those who want to support us:
We organize our CTFs and trainings on a regular basis. Though our infrastructure is cost-optimized, it is not 0. So we are open for donations if you want to support us.
Paypal: https://www.paypal.me/pomomondreganto
Tinkoff (roubles or if you have a multi wallet card): https://www.tinkoff.ru/sl/3JBSc9Kgiy0
DStream: https://donate.stream/cbsctf
Bitcoin:
Don't forget about feedback form: https://forms.gle/ipm6RmAst9MhuRRt7
Next training will be fun and easy, so stay with us!
We organize our CTFs and trainings on a regular basis. Though our infrastructure is cost-optimized, it is not 0. So we are open for donations if you want to support us.
Paypal: https://www.paypal.me/pomomondreganto
Tinkoff (roubles or if you have a multi wallet card): https://www.tinkoff.ru/sl/3JBSc9Kgiy0
DStream: https://donate.stream/cbsctf
Bitcoin:
1F6XjKjCMvHseScedHyH2xFpLybFGAfgZP
Repository with services, their source codes, checkers and exploits is available here: https://github.com/C4T-BuT-S4D/training-18-10-20Don't forget about feedback form: https://forms.gle/ipm6RmAst9MhuRRt7
Next training will be fun and easy, so stay with us!
Hey! While you are waiting for Gachi CTF 2020 there are news from our friends #kksctf
Forwarded from #kksctf open 2020 - Info (Maxim Anfinogenov)
Tribute. Underground. Quals.
December 12th. ctftime/event/1112.
from kks with love
December 12th. ctftime/event/1112.
from kks with love
Forwarded from #kksctf open 2020 - Info (Maxim Anfinogenov)
Less than 14 hours before the start of #kksctf open 2020. Just a reminder, we start at
4:00am EST
09:00 UTC
10:00 CET
12:00 MSK
14:30 IST
For any questions, please, contact admins in chat or in private messages. Task admins are listed in the corresponding task headers.
Scoring info and another rules at https://open.kksctf.ru/tasks/8340db82-5f18-4f08-8450-58f04a74a51d
We use a custom task board called "yatb" and want to release it to open source community right after event. If you find any bugs, please tell us in the chat @kksctfopen_chat or by email kks@kksctf.ru.
4:00am EST
09:00 UTC
10:00 CET
12:00 MSK
14:30 IST
For any questions, please, contact admins in chat or in private messages. Task admins are listed in the corresponding task headers.
Scoring info and another rules at https://open.kksctf.ru/tasks/8340db82-5f18-4f08-8450-58f04a74a51d
We use a custom task board called "yatb" and want to release it to open source community right after event. If you find any bugs, please tell us in the chat @kksctfopen_chat or by email kks@kksctf.ru.
Hello from Gachi CTF dev team! There is a last reminder about our A/D contest that we are holding on 27th of December at 11:00 UTC. Don't forget to register here https://register.cbsctf.live/ and take a dictionary with you!
We will post all the tech info later this night. The archives will be available at 10:30 UTC. Game will start at 11:00 UTC
🔥🌚🔥
On the 27th of December we are holding GachiCTF 2020!
DATE
The competition is planned to start at 11:00 UTC, and we’ll be playing for around 5.5 hours in total, including 30 minutes of closed network.
No more than 20 people are allowed to be in a single team.
REGISTER
You can register here: https://register.cbsctf.live/ or via telegram bot @cbsctf_regbot
CHATS
Competition chats are at @cbsctf_en (international) or @cbsctf (Russian).
Competition channel is at @cbsctf_c. Here you will find all game notifications and necessary info.
VPN
Be aware that we are using Wireguard, not OpenVPN. Simple how-to:
1. Install wireguard, instructions can be found here: https://www.wireguard.com/install/.
2. You’ll be given the config file (teamN_M.conf). All former constraints are applicable as well, so each configuration file can be used by one teammate only. To connect, run
wg-quick up <file>
on linux in terminal, or import the file into the native app on macOS or Windows. macOS also has wireguard-tools package with wg-quick command in Homebrew.
3. To disconnect, run
wg-quick down <file>
DO NOT USE vuln.conf FILE IF YOU ARE NOT USING SELF-HOSTED SETUP
TIMELINE
Game timeline:
— 10:30 password-protected configs arhive and services arhive are loaded to the server, so you can download them on https://register.cbsctf.live.
— 11:00 password is posted in the channel and published on the registration website.
— 11:30 game network opens and the game officially begins.
— 16:30 the game ends.
CHECKSYSTEM
Checksystem:
https://github.com/pomo-mondreganto/ForcAD
What tokens are for:
After you've connected to the flag submission system, you must type your team token in the first line, followed by flags (one per line).
Simple script for flag submission:
https://gist.github.com/pomo-mondreganto/a864e3a259045846dee1fa0cb9fa68ea
Protocol for checksystem (for Destructive Farm):
https://github.com/DestructiveVoice/DestructiveFarm/blob/master/server/protocols/forcad_tcp.py
NETWORK
Teams ips: 10.80.[0-N].2 (N is the number of teams).
There also will be an NPC team (with ip 10.80.0.2)
Flag regex: [A-Z0-9]{31}=
Scoreboard will be available on http://10.10.10.10 inside the wireguard network and on http://cbsctf.live in global network.
Flags are accepted at 10.10.10.10:31337 (tcp service)
POINTS AND SERVICES
Actual formula of service points change can be found here:
https://github.com/pomo-mondreganto/ForcAD/blob/master/backend/scripts/create_functions.sql#L41
Service statuses:
- OK: service works perfectly
- DOWN: service is inaccessible
- CORRUPT: checker can't get one of the old flags
- CHECK FAILED: organizers mistake, oops
- MUMBLE: everything else
IMPORTANT
There will also be checksystem api route to help you during the game. It will be accessible on http://10.10.10.10/api/client/attack_data during the game and will contains JSON data of the following format:
{
"task_name": {
"ip1": ["hint1", "hint2", ...],
"ip2": ["hint1", "hint2", ...]
}
}
Hints are useful for situations when there are a lot of traffic on services and you can't find users with flags.
So hints will be ids, usernames, etc of users with alive flags.
Information about hints for each service will be posted after the game start.
CONFIGS
Configs arhive:
- 20 configs for team members
- 1 config for vulnbox (*)
- readme.txt, here you can find information about connection to your cloud machine
(*)
If you choose Cloud hosting, you don't need it. Config will be automatically loaded to the your machine. Services can be found in /tasks directory.
If you choose Self-Hosted, you have to activate vulnbox config and download services from website with [services] command in the registration terminal.
ROUNDS AND FLAGS
Round lasts 60 seconds.
Flag is alive for 10 rounds.
On the 27th of December we are holding GachiCTF 2020!
DATE
The competition is planned to start at 11:00 UTC, and we’ll be playing for around 5.5 hours in total, including 30 minutes of closed network.
No more than 20 people are allowed to be in a single team.
REGISTER
You can register here: https://register.cbsctf.live/ or via telegram bot @cbsctf_regbot
CHATS
Competition chats are at @cbsctf_en (international) or @cbsctf (Russian).
Competition channel is at @cbsctf_c. Here you will find all game notifications and necessary info.
VPN
Be aware that we are using Wireguard, not OpenVPN. Simple how-to:
1. Install wireguard, instructions can be found here: https://www.wireguard.com/install/.
2. You’ll be given the config file (teamN_M.conf). All former constraints are applicable as well, so each configuration file can be used by one teammate only. To connect, run
wg-quick up <file>
on linux in terminal, or import the file into the native app on macOS or Windows. macOS also has wireguard-tools package with wg-quick command in Homebrew.
3. To disconnect, run
wg-quick down <file>
DO NOT USE vuln.conf FILE IF YOU ARE NOT USING SELF-HOSTED SETUP
TIMELINE
Game timeline:
— 10:30 password-protected configs arhive and services arhive are loaded to the server, so you can download them on https://register.cbsctf.live.
— 11:00 password is posted in the channel and published on the registration website.
— 11:30 game network opens and the game officially begins.
— 16:30 the game ends.
CHECKSYSTEM
Checksystem:
https://github.com/pomo-mondreganto/ForcAD
What tokens are for:
After you've connected to the flag submission system, you must type your team token in the first line, followed by flags (one per line).
Simple script for flag submission:
https://gist.github.com/pomo-mondreganto/a864e3a259045846dee1fa0cb9fa68ea
Protocol for checksystem (for Destructive Farm):
https://github.com/DestructiveVoice/DestructiveFarm/blob/master/server/protocols/forcad_tcp.py
NETWORK
Teams ips: 10.80.[0-N].2 (N is the number of teams).
There also will be an NPC team (with ip 10.80.0.2)
Flag regex: [A-Z0-9]{31}=
Scoreboard will be available on http://10.10.10.10 inside the wireguard network and on http://cbsctf.live in global network.
Flags are accepted at 10.10.10.10:31337 (tcp service)
POINTS AND SERVICES
Actual formula of service points change can be found here:
https://github.com/pomo-mondreganto/ForcAD/blob/master/backend/scripts/create_functions.sql#L41
Service statuses:
- OK: service works perfectly
- DOWN: service is inaccessible
- CORRUPT: checker can't get one of the old flags
- CHECK FAILED: organizers mistake, oops
- MUMBLE: everything else
IMPORTANT
There will also be checksystem api route to help you during the game. It will be accessible on http://10.10.10.10/api/client/attack_data during the game and will contains JSON data of the following format:
{
"task_name": {
"ip1": ["hint1", "hint2", ...],
"ip2": ["hint1", "hint2", ...]
}
}
Hints are useful for situations when there are a lot of traffic on services and you can't find users with flags.
So hints will be ids, usernames, etc of users with alive flags.
Information about hints for each service will be posted after the game start.
CONFIGS
Configs arhive:
- 20 configs for team members
- 1 config for vulnbox (*)
- readme.txt, here you can find information about connection to your cloud machine
(*)
If you choose Cloud hosting, you don't need it. Config will be automatically loaded to the your machine. Services can be found in /tasks directory.
If you choose Self-Hosted, you have to activate vulnbox config and download services from website with [services] command in the registration terminal.
ROUNDS AND FLAGS
Round lasts 60 seconds.
Flag is alive for 10 rounds.
Wireguard
Installation - WireGuard
Flag submission tokens and password-protected configs archives are available on https://register.cbsctf.live/ and in the bot @cbsctf_regbot. Here is also password-protected services dump for self-hosted teams. Password will be released at 11:00 UTC
DON'T FORGET ABOUT ATTACK DATA ON /api/client/attack_data
Here’s an explanation for each service:
Here’s an explanation for each service:
fingers service: a$$ namegonclub service: club nameslarket service: master and slave namesWe will apply patch to fingers/service/Dockerfile to add timeout for single execution. Service will be restarted on your machine.
For self-hosted teams:
Change
To
For self-hosted teams:
Change
CMD ["socat", "TCP-LISTEN:1337,reuseaddr,fork,keepalive", "EXEC:./run.sh"]To
CMD ["socat", "TCP-LISTEN:1337,reuseaddr,fork,keepalive", "EXEC:timeout 10 ./run.sh"]`We’ve highlighted the teams with first bloods: saarsec for gonclub and it is wednesday my dudes for fingers