All tasks are solved! First bloods:
1. Popugi firstblooded collacode and the whole game!
2. Definitely not kks firstblooded tiktak!
3. saarsec firstblooded ktforces, leaving no services unpwned!
4. ZenHack firstblooded 7kek!
1. Popugi firstblooded collacode and the whole game!
2. Definitely not kks firstblooded tiktak!
3. saarsec firstblooded ktforces, leaving no services unpwned!
4. ZenHack firstblooded 7kek!
Forwarded from Roman Nikitin
The game is still on until 17:00 UTC (another hour and 15 minutes), and there’re multiple vulnerabilities left. Keep looking :)
You’ll have 30 minutes to extract all needed info from vulnboxes and then we’ll stop everything
Thank you all for the game!
Congratulations to top-3 teams:
1) saarsec
2) Bulba Hackers
3) Popugi
We will be glad if you fill out the short feedback form: https://forms.gle/G61Xiv4a8oBUMWZw7
Repository with services, checkers and sploits are available here: https://github.com/C4T-BuT-S4D/training-02-02-2020
We’re not sponsored, and each competition costs us ~$2 per vulnbox, so we are open for donations to make our next trainings even better.
Tinkoff (if you have multi wallet card): https://www.tinkoff.ru/sl/7q2AUexyM0s
Bitcoin: 1F6XjKjCMvHseScedHyH2xFpLybFGAfgZP
Paypal: https://www.paypal.me/pomomondreganto
Stay tuned. This training is not last this year.
Congratulations to top-3 teams:
1) saarsec
2) Bulba Hackers
3) Popugi
We will be glad if you fill out the short feedback form: https://forms.gle/G61Xiv4a8oBUMWZw7
Repository with services, checkers and sploits are available here: https://github.com/C4T-BuT-S4D/training-02-02-2020
We’re not sponsored, and each competition costs us ~$2 per vulnbox, so we are open for donations to make our next trainings even better.
Tinkoff (if you have multi wallet card): https://www.tinkoff.ru/sl/7q2AUexyM0s
Bitcoin: 1F6XjKjCMvHseScedHyH2xFpLybFGAfgZP
Paypal: https://www.paypal.me/pomomondreganto
Stay tuned. This training is not last this year.
Google Docs
Feedback
RundergroundCTF #1 feedback
A&D trainings (channel) pinned «Thank you all for the game! Congratulations to top-3 teams: 1) saarsec 2) Bulba Hackers 3) Popugi We will be glad if you fill out the short feedback form: https://forms.gle/G61Xiv4a8oBUMWZw7 Repository with services, checkers and sploits are available here:…»
On the 15th of March we are holding our first Attack-Defense blitz.
Blitz format is our experiment, a modification of a classic Attack-Defence with an aim to be more dynamic. There’ll be only 1 service, 2 players in each team (only 2 OpenVPN configs will be provided per team) and the game is much shorter, only 2 hours of open network time.
The competition is planned to start at 11:00 UTC, and we’ll be playing for around 2.5 hours in total, including 30 minutes of closed network (although the duration can be flexible).
You can register (and find out some more details) using this Telegram bot: @cbsctf_bot.
Competition chats are at @cbsctf_en (international) or @cbsctf (Russian).
Competition channel is at @cbsctf_c
Technical information:
Checksystem: https://github.com/pomo-mondreganto/ForcAD
Protocol for checksystem: https://gist.github.com/xmikasax/90a0ce5736a4274e46b9958f836951e7
Teams ips:
You can find services at
Flag regex:
Scoreboard will be available on http://10.10.10.10:8080 (and http://10.10.10.10:8080/v :3) inside the ovpn network and on https://cbsctf.live in global network.
Flags are accepted at
Connection details:
Your team will be provided with 2 OpenVPN configs (each team member must use the unique one) along with vulnbox ip address and credentials for ssh.
Service language will be Python.
Blitz format is our experiment, a modification of a classic Attack-Defence with an aim to be more dynamic. There’ll be only 1 service, 2 players in each team (only 2 OpenVPN configs will be provided per team) and the game is much shorter, only 2 hours of open network time.
The competition is planned to start at 11:00 UTC, and we’ll be playing for around 2.5 hours in total, including 30 minutes of closed network (although the duration can be flexible).
You can register (and find out some more details) using this Telegram bot: @cbsctf_bot.
Competition chats are at @cbsctf_en (international) or @cbsctf (Russian).
Competition channel is at @cbsctf_c
Technical information:
Checksystem: https://github.com/pomo-mondreganto/ForcAD
Protocol for checksystem: https://gist.github.com/xmikasax/90a0ce5736a4274e46b9958f836951e7
Teams ips:
10.70.[0-N].2 (N is the number of teams). There also will be an NPC team (with ip 10.70.0.2)You can find services at
/tasks on your vulnboxFlag regex:
[A-Z0-9]{31}=Scoreboard will be available on http://10.10.10.10:8080 (and http://10.10.10.10:8080/v :3) inside the ovpn network and on https://cbsctf.live in global network.
Flags are accepted at
10.10.10.10:31337 (tcp service)Connection details:
Your team will be provided with 2 OpenVPN configs (each team member must use the unique one) along with vulnbox ip address and credentials for ssh.
Service language will be Python.
Here are some extended technical details:
Checksystem: https://github.com/pomo-mondreganto/ForcAD
Protocol for checksystem: https://gist.github.com/xmikasax/90a0ce5736a4274e46b9958f836951e7
Teams ips:
You can find services at
Flag regex:
Scoreboard will be available on http://10.10.10.10:8080 (and http://10.10.10.10:8080/live :3) inside the ovpn network and on https://cbsctf.live in global network.
Flags are accepted at
Each team will be given only 2 OpenVPN configs.
SSH password and configs (password-protected) will be accessible through the bot (press the “game” button for the menu). Password to access them will be broadcasted everywhere when the game starts.
Service language will be Python.
Checksystem: https://github.com/pomo-mondreganto/ForcAD
Protocol for checksystem: https://gist.github.com/xmikasax/90a0ce5736a4274e46b9958f836951e7
Teams ips:
10.70.[0-N].2 (N is the number of teams). There also will be an NPC team (with ip 10.70.0.2)You can find services at
/tasks on your vulnboxFlag regex:
[A-Z0-9]{31}=Scoreboard will be available on http://10.10.10.10:8080 (and http://10.10.10.10:8080/live :3) inside the ovpn network and on https://cbsctf.live in global network.
Flags are accepted at
10.10.10.10:31337 (tcp service)Each team will be given only 2 OpenVPN configs.
SSH password and configs (password-protected) will be accessible through the bot (press the “game” button for the menu). Password to access them will be broadcasted everywhere when the game starts.
Service language will be Python.
GitHub
GitHub - pomo-mondreganto/ForcAD: Pure-python distributable Attack-Defence CTF platform, created to be easily set up.
Pure-python distributable Attack-Defence CTF platform, created to be easily set up. - pomo-mondreganto/ForcAD
Round time will be 15 seconds, flag lifetime is 40 rounds (10 minutes). Service checks will be run every 10 seconds, uptime will be counted as (ok_checks + ok_puts)/(total_checks + total_puts).