The game will end at 13:30 UTC.

Only 5 minutes left!

Thank you all for the game!

Congratulations to top-3 teams:

1) arsib sosi b
2) Rezinoviy Kodzima
3) SVINOTA

We will be glad if you fill out the short feedback form: https://forms.gle/ui1as2bP36c4xHch7
Repository with services, checkers and sploits will be available here: https://github.com/C4T-BuT-S4D/blitz-15-03-2020

We’re not sponsored, so we are open for donations to make our next trainings even better.

Tinkoff (if you have multi wallet card): https://www.tinkoff.ru/sl/3JBSc9Kgiy0
DStream: https://donate.stream/cbsctf
Bitcoin: 1F6XjKjCMvHseScedHyH2xFpLybFGAfgZP

We are also glad to announce that the next competition we are holding will take place on 12th of April. It will have a classic Attack-Defence format (not blitz) and is created for you not to sleep the day RuCTF 2020 should have happened. All the teams with RuCTF invitation will be granted a special label in scoreboard. Be ready for a long battle and stay tuned!

Repository is available here: https://github.com/C4T-BuT-S4D/blitz-15-03-2020

Special thanks to @lucky624 for the service development!

Vulnboxes will be shut down in 5 minutes

The service had 4 vulnerabilities, and here are firstbloods for each vuln:

Also for those who loves Attack-Defence, we encourage you to play saarCTF (https://ctftime.org/event/980), which is organised by team saarsec. We will participate too.

We are glad to announce that on the 12th of April we are holding Attack-Defense Stay Home CTF 2020!

The competition is planned to start at 10:00 UTC, and we’ll be playing for 8 hours in total, including 1 hour of closed network.

You can register (and choose whether you want to host a vulnbox by yourself or in cloud) using this Telegram bot: @cbsctf_bot.

Competition chats are at @cbsctf_en (international) or @cbsctf (Russian).

Competition channel is at @Stay_Home_CTF

Technical information will be published later in the channel.

And don't forget to wash your hands!

Network topology for upcoming CTF

🔥🌚🔥
On the 14th of June we are holding our second Attack-Defense blitz.

The competition is planned to start at 11:00 UTC, and we’ll be playing for around 2 hours in total, including 30 minutes of closed network.

No more than 2 people are allowed to be in a single team.

You can register using this Telegram bot: @cbsctf_bot.

Competition chats are at @cbsctf_en (international) or @cbsctf (Russian).
Competition channel is at @cbsctf_c.

Service(s) languages are: NodeJs, Lua, Php, C.
More technical information will be posted later.

This time we’ll be running the game network using Wireguard, not OpenVPN. Simple how-to:

1. Install wireguard, instructions can be found here: https://www.wireguard.com/install/.

2. You’ll be given the config file (teamN_M.conf). All former constraints are applicable as well, so each configuration file can be used by one teammate only. To connect, run

wg-quick up <file>

on linux in terminal, or import the file into the native app on macOS or Windows. macOS also has wireguard-tools package with wg-quick command in Homebrew.

3. To disconnect, run

wg-quick down <file>

The network scheme hasn’t changed at all, so the topology illustrated here is correct, with only one exception: all connections are through Wireguard, not OpenVPN. For more info on wireguard, please read the previous post in the channel: @cbsctf_c.

Game will start at 11:00 UTC. Be sure to NOT block or stop the bot or you won't be able to receive configs.

Game timeline:

— 10:30 password-protected configs arhive and services arhive are loaded to the bot, so you can download them with /game command.
— 11:00 password is posted in the channel.
— 11:30 game network opens and the game officially begins.
— 13:00 the game ends.

Checksystem:

https://github.com/pomo-mondreganto/ForcAD

What tokens are for:

After you've connected to the flag submission system, you must type your team token in the first line, followed by flags (one per line).

Simple script for flag submission:
https://gist.github.com/pomo-mondreganto/a864e3a259045846dee1fa0cb9fa68ea
Protocol for checksystem (for Destructive Farm):
https://github.com/DestructiveVoice/DestructiveFarm/blob/master/server/protocols/forcad_tcp.py


Teams ips: 10.80.[0-N].2 (N is the number of teams).
There also will be an NPC team (with ip 10.80.0.2 )
Flag regex: [A-Z0-9]{31}=
Scoreboard will be available on http://10.10.10.10 inside the wireguard network and on http://cbsctf.live in global network.
Flags are accepted at 10.10.10.10:31337 (tcp service)

Actual formula of service points change can be found here:

https://github.com/pomo-mondreganto/ForcAD/blob/master/backend/scripts/create_functions.sql#L41

Service statuses:

- OK: service works perfectly
- DOWN: service is inaccessible
- CORRUPT: checker can't get one of the old flags
- CHECK FAILED: organizers mistake, oops
- MUMBLE: everything else

IMPORTANT
There will also be checksystem api route to help you during the game. It will be accessible on http://10.10.10.10/api/attack_data during the game and will contains JSON data of the following format:

{
    "task_name": {
        "ip1": ["hint1", "hint2", ...],
        "ip2": ["hint1", "hint2", ...]
    }
}

Hints are useful for situations when there are a lot of traffic on services and you can't find users with flags.
So hints will be ids, usernames, etc of users with alive flags.

Information about hints for each service will be posted after the game start.

Configs arhive:

- 2 configs for team members
- 1 config for vulnbox (*)
- readme.txt, here you can find information about connection to your cloud machine

(*)
If you choose Cloud hosting, you don't need it. Config will be automatically loaded to the your machine. Services can be found in /tasks directory.
If you choose Self-Hosted , you have to activate vulnbox config with and download services from bot with /game command.

Round lasts 30 seconds.
Flag is alive for 15 rounds.

Teams ips: 10.80.[0-47].2

Don’t forget to install wireguard. We are not using OpenVPN this time

You can get password-protected services and configs in bot with /game command

Services archive password is: 54b75342382e022c17828982689d5968
Team configuration archive password is: cd80340b184a5f505f7893b6c084a1a3