THE INTRO It's 9am and somebody is franticly knocking on your door... You open the door and Jack Bauer is right there on your doorstep looking at you with spirited eyes. He screams "Somebody set up us the bomb!" You don't understand and reply: "What you say!", and then you slap Jack several times to get him out of his hysteric blubbering. After a few seconds he seems to regain control and starts talking... "There is a nuclear device that is going to explode unless we stop it. We have only seven hours, until 4pm PST. The bomb has been set by a terrorist group called Softerror.com. We have been watching them for months. We knew they were up to something big. But we never would have imagined something of this size." You are still incredulous and ask: "So what do you want from me?" Jack says: "The bomb can only be stopped by breaking into the Softerror.com network and neutralizing the program that will detonate the bomb. I heard that you participated in hacking competitions at UCSB and proved to be a l33t h4x0r. Now it's time to prove it for real! You need to stop the bomb!" Without waiting another second, you rush in front of your custom-order desktop machine, which has been loaded with all sorts of attack tools and start typing. You ask: "So what information do we have?" Jack replies: We know very little. These guys have a public web site, at the address X.X.X.X. Nobody has been able to penetrate that. There are rumors that behind the web site there are several different networks, one for the development of cyber-terror tools, one to handle their financial data, and one where the bomb has been set. But we don't know much about these networks: You are our only hope!" "Where do you get your information", you ask. "We have several sources inside and outside Softerror.com. However we have to pay a lot of money for everu little piece of information. These guys are greedy bastards!," Jack answers, his voice starting to sound hopeless. You stare at your browser and you type in the address that Jack gave you. You know that this is only the beginning.... THE RULES This year's iCTF is a completely new competition. We have created for you 40 replicas of the Softerror.com network. Each team has access to one of the replicas. Your task is to break into the Softerror.com network and stop the bomb from exploding. Nobody will be attacking you. You will not have to patch your services. You will just have to penetrate the network and reach the server that is running the bomb's timer, and figure out a way to stop the timer. You will be given an initial pool of points, which you can increase by answering the side challenges that we have prepared for you. The challenges are available at http://X.X.X.X. You can also get bragging points by sending us your exploits, which demonstrate your l33tness. Exploits can be uploaded here: http://X.X.X.X. You can trade some of your points for hints from insiders within Softerror.com. The more expensive the hints, the more helpful they are. This can be very useful if you are stuck somewhere in the network. The hints are accessible here: http://X.X.X.X. The network is monitored by both signature-based and anomaly-based intrusion detection systems. Whenever your activity is detected (no matter what type of activity you are carrying out) you lose points. Therefore, try to be stealthy, or at least not too noisy. The winner of the competition is the team that has completed the challenge (and stopped the bomb) with the most points. Note that if you finish first, you don't get any special kudos. You will have to wait until the end to see who is the one with the most points... A semi-real-time scoring system is available at http://X.X.X.X. This is a first time for us in setting a system like this. It required an enormous amount of work and resources. Please help us in running this competition in a smooth fashion and be patient if something goes wrong. We have tested the system, but we don't know what you guys are going to do (and usually you come up with some crazy stuff). The following are a set of rules: 0) We might create rules on the fly, if we need to do so. :-) 1) Do not break stuff permanently. In the original CTF you could just reboot your VMware machine. In this case, if you screw up your target, your target STAYS SCREWED. This might even mean that you are out of the competition (e.g., if you make a mistake and change the routing system or a firewall rule). Therefore, be careful. Also, services might run as root (you will have to break root in most cases anyway). Make sure you know what you are doing. If you are really stuck, please contact us (ctf-admin@lists.cs.ucsb.edu), but we cannot guarantee that we can recover from the damage. 2) Do not perform DOS attacks or spoofing. No attack requires spoofing your source address. Spoofing malicious traffic so that other teams are penalized is considered lame and will be punished with immediate exclusion from the competition. Also, the resources that you are using are shared with other teams (using virtualization), even if you cannot see them. So if you overload your network, you are making life miserable for everybody else. We will soon make the IP addresses marked as X.X.X.X available...