rwthCTF 2013 (09.11.2013)

Название:
rwthCTF 2013

Организаторы:
Исследовательская группа IT-Security Ахенского университета (Германия) и команда  0ldEur0pe

Начало соревнования:
9 ноября 2013 года в 17-00 (November, 9th, 2pm CET)

Продолжительность:
12 часов

Тип соревнования:
«Классический» CTF

Тип участия:
командное

Ссылка:
ctf.itsec.rwth-aachen.de

13 Comments

 Add your comment
  1. Прошу обратить внимание участников на следующие требования организаторов:

    In order to participate, you will need a stable and relatively fast Internet connection (a few MBit/s in both directions are recommended). Also you will need a computer which is able to host a VirtualBox PC, i.e. a 64-bit host with VT-X technology. You will not need to travel anywhere.

    You should know how to run a VirtualBox instance, set up a shared connection over an OpenVPN tunnel and know how to use PGP/GPG correctly. We expect you to handle your side of the OpenVPN setup yourself (that includes IPv6 inside our VPN this year). Please make sure that you know who’s responsible for the VPN connection and the PGP keys on your team (we had some bad experiences with this).

    По видимому придется иметь дело с IPv6! Делайте соответствующие выводы…

  2. Внутри-то пусть, главное чтобы не снаружи.
    Хотя хзхз, поддерживает ли роутер ip6.

  3. IPv6 будет только внутри VPN. А похоже, что и IPv4 тоже будет доступен. Вот последнее сообщение от организаторов:

    Hey Honeypot,
    welcome to 0ldEur0pe-City — this year’s rwthCTF special event. We are
    pleased to see that you take up the challenge of running a modern city with
    all its electronic pleasantries and convenience gadgets. Is it really
    possible to provide stable, reliable and secure software solutions for the
    critical infrastructure of a whole city? It’s your turn to prove all these
    skeptics out there wrong!

    Your city has been assigned the postal code 51 (your team id).

    Attached, you will find your VPN certificate and config file that enable you
    to connect your city to the world wide city network.

    In order to be prepared for the real challenge, please download our test
    image at

    https://gigamove.rz.rwth-aachen.de/d/id/3hNsQUEBJPB9vs
    (sha256: 84a054ef154e0bdc1e3de27aaac2c0ceccfedf4c1f09e01697235ae992e574b5)

    alternatively, you may use the following torrent

    http://ctf.itsec.rwth-aachen.de/rwthctf2013prevuln.ova.torrent

    and follow the instructions at

    http://ctf.itsec.rwth-aachen.de/vpn/

    to test your VirtualBox and OpenVPN setup.

    Please note that the Internet provider of your city decided some years ago
    to be prepared for the future and upgraded all its systems to dual stack
    mode of IPv4 and IPv6 in parallel. Your citizens got used to the advantages
    of this modern technology. Thus, you should be able to provide a dual stack
    setup for the game. We want to indicate that this only requires an IPv4
    Internet connection. The IPv6 traffic to your city is tunneled via VPN.

    Your city is assigned the networks
    10.22.51.0/24
    and
    fd73:d95d:a475:330::/60.

    All the central services of your city (your vulnbox) must be reachable at
    10.22.51.1 and fd73:d95d:a475:330:1.

    If your setup works, you should be able to ping our national authority
    server (gameserver) at 10.23.0.1 / fd73:d95d:a475:1000::1 and we should be
    able to ping your city’s central services. Everything else (including the
    scoreboard) is firewalled for now. Please remember that due to Service Level
    Agreements (SLAs) IP traffic exchanged between the vulnbox and the VPN MUST
    NOT BE FILTERED.

    The final image of your city will be released for download soon in encrypted
    form. You will receive another email in due time before the start of the
    game. We will open the firewall and start pushing flags at 9th November
    14:00 CET. The decryption key for the city’s image will be published a few
    minutes earlier.

    Feel free to ask questions in #rwthctf at irc.freenode.net.

    In addition to your VPN credentials, you can catch a first glimpse of your
    city attached to this mail.

    See you on Saturday and make your city prosper,

    The 0ldEur0pe-City team

  4. Служебка подписана — всех жду в субботу. Раньше 16.00 смысла нет приходить, но и опаздывать нежелательно! Начало в 17.00.
    Пока под вопросом, чем мы будем пользоваться — сетевыми шнурками или вайфаем. Поэтому у кого дома лежит без дела коммутатор или сетевые шнурки, просьба захватить на всякий случай с собой.
    Также не забываем студенческий или паспорт — могут спросить на вахте.
    Кто-нибудь возьмите еще фотик.

  5. Hey Honeypot,

    we are happy to announce that the encrypted VM image
    of the 0ldEur0pe template city is ready.

    Please download the encrypted image ahead of time at

    https://gigamove.rz.rwth-aachen.de/d/id/rMwMHLzb26tWDU
    (SHA256: c60ab5a43aa26ea82fdaf0e922cc21bd4e510cfb6026e41755fc2eb4201f1d22)

    and in your own interest verify the SHA256 hash.

    The decryption key for the image will be released on Saturday
    a few minutes before the game starts via e-mail.
    The SHA256 hash of the decrypted VirtualBox .ova-file is
    9e13ec995486c068dacd43a232dfc4af2ca2167780840a23e6d54b572f6d183f.

    There will be a special service that is hosted for you by us.
    However, our resources are limited. Thus, only the best 64
    teams 1h after the beginning of the game will get access
    to this special service. So, be on time!

    Feel free to ask questions in #rwthctf on irc.freenode.net.

    Good luck and have fun,
    The 0ldEur0pe-City team

  6. Насчет wi-fi:

    чото я вчера читал, virtualbox может и не мочь с ним в ipv6

    так что шнурки, наверное, скорее всего

  7. Смотрел тут дамп трафика еще сегодня.
    Походу еще одна уязвимость на катакомбах (квесте) была.
    Гляньте.
    http://clip2net.com/s/699yT2

    • Мы с Сергеем пробовали «prettyPrettyPlease?», но ответ был другой, и нам так и не удалось добиться ответа хинтом, по-крайней мере пока я был вечером.

  8. 16 место — наш лучший результат в данном CTF!
    2011 — 22 место
    2012 — 31 место

    16 очков ctftime.org и 54 место в общем рейтинге. Я ожидал большего 🙁

Leave a Comment

Your email address will not be published.

Лимит времени истёк. Пожалуйста, перезагрузите CAPTCHA.