Note: A new release is being prepared with the software from the last iCTF.
The iCTF software, combined with a vulnerable image, allows one to run a capture the flag competition.
The software and images included here are a simplified version of the components used to run and score previous UCSB iCTF competitions. One major simplification is that the scorebot does not include any mechanisms to prevent the competition participants from telling the scorebot traffic from the traffic of other participatns.
The iCTF software package includes a scorebot and a flag submission server. The software is written in Python.
The scorebot is used to store and retrieve flags to and from the services on the vulnerable images. These flags are what the participants have to "capture" and then submit to the flag submission server for points.
The scorebot is implemented by the scorebot.py script. The scorebot spawns several threads. Each thread runs a "scoring script" that interacts with one of the services of the vulnerable image. At the end of the round, the scorebot generates a file (by default, an HTML page) that contains information about the round, including team scores and service status.
The submission server allows teams to submit flags for scoring. The Submission directory contains the flagSubmissionServer.py script, which is a stand-alone web server that handles flag submissions.
The README file contains further information detailing how to set up the scorebot and the submission server.
The scorebot and submission server communicate via TCP sockets. By doing this, the components can be run on separate machines, however the submission server should be up and running before the scorebot is started.
These are vulnerable images that work with this scorebot:
- iCTF 2007: The Copyright Mafia
- iCTF 2005: The Spam Museum
- iCTF 2004: The Bass Tard Corporation
- iCTF 2004: The 2014 United Nations Vote
All the images have a root account with password "password".