HC's Capture the Flag site


  • Jun 14nd 2015: This site is now statically served to archive it; interactive features will not work anymore.
  • Aug 22nd 2012: A small blind sql injection exercise that I initially wrote for a tech talk and that was subsequently used in one of Dr. Martin Mink's lectures is now online for everyone to have fun with. Write me an e-mail if you've successfully retrieved one of the accounts! ;-)
  • Dec 30th 2010: Preparations for CIPHER 7 have started.
  • May 7th 2010: I've tried to answer some questions about organising a CTF
  • Sep 8th 2009: published some information about govm


CTF Gameserver

The CTF gameserver rates the teams, distributes flags, manages advisories. The gameserver is free software.


What is a CTF?

A CTF is a practical IT security exercise, in which you have to search for security-relevant bugs in custom software to a) exploit them; b) fix them; and c) report them (in the form of advisories).

Usually, multiple teams participate in a CTF. Each team hosts a server; the teams try to attack each others' services. The services contain artificially crafted classical security vulnerabilities, such as buffer overflows and SQL injections.

A scoring bot periodically checks all services and awards points to the teams if their services run or if they cracked another team's services.

Teams are also encouraged to hack replacements for a service, if they find that a service's design is too poor to be fixed.

One liners

Please send me cool ones via email!

Python flag generator

Warning: inefficient! ;-)

open('flags.txt','w').write("\n".join(["".join(["ABCDEF0123456789"[__builtins__.__import__("random").randint(0, 15)] for i in range(64)]) for i in range(100)] + ['']))

Add two positive integers

let doit n = evalState (tiod n) where tiod alice = get >>= \bob -> if (bob == 0) then return alice else (put (bob - 1) >> tiod (alice + 1))

(non-obvious if you don't know haskell; inefficient; requires the State monad (import Control.Monad.State))

Used like this: doit 4 5

$Id: index.html 551 2009-09-08 00:21:38Z root $ Impressum/Datenschutz