The Capture The Flag contest is a multi-site, multi-team hacking contest in which a number of teams compete independently against each other.
This exercise is the latest of a series of live exercises organized as part of the graduate course on "Network Security and Intrusion Detection" taught at UCSB by Giovanni Vigna. Previous versions of this exercise are described in the paper:
This edition of the live exercise is different because instead of having the students of the class compete against each other, it involves different teams at different universities and institutions.
The exercise is loosely based on the DEFCON Capture the Flag contest. Acknowledgments go to the Ghetto Hackers that did such a wonderful (and inspiring) job in organizing the CTF contest at DEFCON.
This exercise is different from the DEFCON contest because it involves several educational institutions spread across the nation. The DEFCON contest includes locally connected teams only.
In addition, the DEFCON contest has always involved a limited number of teams. We tried to develop a new network solution that allows a large number of teams to participate.
The goal of each team is to maintain a set of services available and uncompromised throughout the contest phase. Each team can (and should) attempt to compromise other teams' services.
The services to be provided are implemented as part of an operating system installation running as a VMware image. Each service has a number of associated flags. Initially, the flags are set to the flag of the team that set up the VMware host. The goal of each team is to keep their flag uncompromised while trying to change the flags of other teams to their own.
During the contest phase of the exercise the scoring software will connect periodically to each service and check the corresponding flag values.
Note that each time a flag is tested its value is substituted with a new value computed by applying a secret hash function to the original value. Therefore, simply rebooting a host on a regular basis will not grant points since the hash value will be restored to the original value.
A set of slides presenting the details of the CTF is available here.
The CTF is scheduled to run on December 5th from 9am to 5pm, PST. The exercise will go through three phases.
The VMware images to be installed will be distributed at 9am, PST. The teams will have from 9am to 11am to install their images and configure their VMware hosts. During this phase no network connectivity to the site's box or the main box is required.
From 11am to 1pm PST, the links between team boxes, site boxes, and the main box will be tested. During this phase, the VMware boxes should be configured to allow incoming SSH connections only.
The actual contest will start at 1pm and it will last until 5pm, PST. During the contest phase the VMware boxes must allow incoming connections to the services that have to be provided (e.g., SMTP, Web, FTP).