HC's Capture the Flag site
News
- Sep 8th 2009: published some information about govm
Documents
- How to write a CTF service may help you if you've never written a CTF service before.
- I began work on a document called Writing good CTF services in response to some poorly written services written for a CTF I co-organized.
- Talk: Writing Services and Testscripts.
- The CTDO BBQ CTF talk (in German) is available for download.
CTF Gameserver
The CTF gameserver rates the teams, distributes flags, manages advisories. The gameserver is free software.
CTFs
- CTF at CCCamp07;
- CTF at EasterHegg '08;
- da-op3n in cooperation with TU Darmstadt;
- CTF at the 25C3;
- And upcoming: The HAR CTF.
What is a CTF?
A CTF is a practical IT security exercise, in which you have to search for security-relevant bugs in custom software to a) exploit them; b) fix them; and c) report them (in the form of advisories).
Usually, multiple teams participate in a CTF. Each team hosts a server; the teams try to attack each others' services. The services contain artificially crafted classical security vulnerabilities, such as buffer overflows and SQL injections.
A scoring bot periodically checks all services and awards points to the teams if their services run or if they cracked another team's services.
Teams are also encouraged to hack replacements for a service, if they find that a service's design is too poor to be fixed.
One liners
Please send me cool ones via email!
Python flag generator
Warning: inefficient! ;-)
open('flags.txt','w').write("\n".join(["".join(["ABCDEF0123456789"[__builtins__.__import__("random").randint(0, 15)] for i in range(64)]) for i in range(100)] + ['']))
$Id: index.html 551 2009-09-08 00:21:38Z root $ Impressum