HC's Capture the Flag site

News

Documents

CTF Gameserver

The CTF gameserver rates the teams, distributes flags, manages advisories. The gameserver is free software.

CTFs

What is a CTF?

A CTF is a practical IT security exercise, in which you have to search for security-relevant bugs in custom software to a) exploit them; b) fix them; and c) report them (in the form of advisories).

Usually, multiple teams participate in a CTF. Each team hosts a server; the teams try to attack each others' services. The services contain artificially crafted classical security vulnerabilities, such as buffer overflows and SQL injections.

A scoring bot periodically checks all services and awards points to the teams if their services run or if they cracked another team's services.

Teams are also encouraged to hack replacements for a service, if they find that a service's design is too poor to be fixed.

One liners

Please send me cool ones via email!

Python flag generator

Warning: inefficient! ;-)

open('flags.txt','w').write("\n".join(["".join(["ABCDEF0123456789"[__builtins__.__import__("random").randint(0, 15)] for i in range(64)]) for i in range(100)] + ['']))

Add two positive integers

let doit n = evalState (tiod n) where tiod alice = get >>= \bob -> if (bob == 0) then return alice else (put (bob - 1) >> tiod (alice + 1))

(non-obvious if you don't know haskell; inefficient; requires the State monad (import Control.Monad.State))

Used like this: doit 4 5


$Id: index.html 551 2009-09-08 00:21:38Z root $ Impressum