HC's Capture the Flag site

News

Jun 14nd 2015: This site is now statically served to archive it; interactive features will not work anymore.
Aug 22nd 2012: A small blind sql injection exercise that I initially wrote for a tech talk and that was subsequently used in one of Dr. Martin Mink's lectures is now online for everyone to have fun with. Write me an e-mail if you've successfully retrieved one of the accounts! ;-)
Dec 30th 2010: Preparations for CIPHER 7 have started.
May 7th 2010: I've tried to answer some questions about organising a CTF
Sep 8th 2009: published some information about govm

Documents

How to write a CTF service may help you if you've never written a CTF service before.
I began work on a document called Writing good CTF services in response to some poorly written services written for a CTF I co-organized.
Talk: Writing Services and Testscripts.
The CTDO BBQ CTF talk (in German) is available for download.

CTF Gameserver

The CTF gameserver rates the teams, distributes flags, manages advisories. The gameserver is free software.

CTFs

CTF at CCCamp07;
CTF at EasterHegg '08;
da-op3n in cooperation with TU Darmstadt;
CTF at the 25C3;
The HAR CTF.

What is a CTF?

A CTF is a practical IT security exercise, in which you have to search for security-relevant bugs in custom software to a) exploit them; b) fix them; and c) report them (in the form of advisories).

Usually, multiple teams participate in a CTF. Each team hosts a server; the teams try to attack each others' services. The services contain artificially crafted classical security vulnerabilities, such as buffer overflows and SQL injections.

A scoring bot periodically checks all services and awards points to the teams if their services run or if they cracked another team's services.

Teams are also encouraged to hack replacements for a service, if they find that a service's design is too poor to be fixed.

One liners

Please send me cool ones via email!

Python flag generator

Warning: inefficient! ;-)

open('flags.txt','w').write("\n".join(["".join(["ABCDEF0123456789"[__builtins__.__import__("random").randint(0, 15)] for i in range(64)]) for i in range(100)] + ['']))

Add two positive integers

let doit n = evalState (tiod n) where tiod alice = get >>= \bob -> if (bob == 0) then return alice else (put (bob - 1) >> tiod (alice + 1))

(non-obvious if you don't know haskell; inefficient; requires the State monad (import Control.Monad.State))

Used like this: doit 4 5

$Id: index.html 551 2009-09-08 00:21:38Z root $ Impressum/Datenschutz