===== WELCOME ===== Welcome to the 25C3-CTF. This is a normal CTF with some additions: One of the services is not included; you will have to write it from scratch. (Consult the provided RFC (Request For Creation)) ;-) You may choose the tools and programming languages to create that service. Use c# or vb.net or whatever you like ;-) Your code doesn't even have to be open source. see 1) You may share your code or part of your code with others. It is permissible to include malicious code, as long as the code is only distributed to other participating CTF teams and doesn't cause any harm outside the CTF network. Note that DoS-Attacks are not allowed. You are permitted to accept "payment" for your code in the form of "payment flags", see below section. You may not accept real money ;-) ===== PAYMENT FLAGS ===== You may offer your services (code writing, code auditing) to other CTF teams. The recommended way of communicating is via IRC queries or private channels. You may accept "payment flags" as payment for your services. Simply have some program listen to tcp connection on port 12345. The scorebot will regularily try to connect to that port to deliver 'payment flags'. Payment flags are valid as long as normal flags, however, they do never earn defensive points. You are not allowed to voluntarily give flags of other services to other teams. It would mess up our statistics. ;-) ===== REPORTING FLAGS ===== You *can* use the python script found at http://ctf.hcesperer.org/gameserver/repflag.py.txt . This script can also be used as a python module. You can also connect to the scoring bot directly, using port 8080. The syntax is: reportflag(TEAMNAME, "FLAG")\n ===== REPORTING ADVISORIES ===== You *must* use the python script found at http://ctf.hcesperer.org/gameserver/repadv.py.txt to report advisories. Advisories will be published immediately after filing. Please note that there is an RSS feed for advisories; it is linked from the status / advisory pages of the scorebot, which can be found at http://10.131.1.2/score/status.html . (URL of the RSS Feed: view-source:http://10.131.1.2/score/rss.xml) Advisoriy rating decisions are final. We will try to rate them as fair as possible; please do not argue with us in the IRC-Channel. ===== NOTES ===== 1) However, the CTF organizers reserve the right to log into your vulnimage and copy and analyze anything on it, for the duration of the CTF. ===== WHAT ELSE TO SAY ===== Have fun!