The objective of the game is for teams (maximum of 3 participants per team) to gain as many points as possible by defending their servers and attacking other teams’ servers. Teams will be given identical pre-configured vmware image of an Linux installation – the root password will not be given to the team. There will be daemons running on the server. Some daemons are puzzle or contain vulnerabilities such as buffer overflows, format string and so on. The teams’ objective is to analyze the daemons, find vulnerabilities and write exploits.
A working exploit will enable the team to attack other teams servers, retrieving the flag associated with each daemon running on the server and thus scoring an offensive point. The ability to keep the daemons running will enable the teams to score a defensive point.
Offensive Points = Gained by hacking into other team’s server and retrieving their flags.
Defensive Points = Gained by keeping your server’s daemons running.
Challenge Points = Gained by submit the correct flags for challenges
Total points = offensive points + defensive points + challenge points
In order to score an offensive point, all that a team needs to do is hack into other team’s server, retrieve the flag, and submit it to the score server. In order to get a defensive score, teams must keep their daemons running and accessible by the crew. Flag checks will be done randomly. If a flag check fails, teams will not gain a defensive point. Flags will be reset randomly as well, thus teams are allowed to harvest flags to gain more offensive points.
Higher points are given for offensive attacks as opposed to defensive scores. Defensive scores are the same for all daemons while offensive scores vary depending on the complexity level of the exploit needed. The first team able to exploit the daemon will gain a ‘breakthrough point’.
At the end of the competition, the team with highest total points will be the one who rules the world! In case of two different teams having the same points, whichever team is quickest to reach the highest points will be declared the winner. As such, teams are advised to submit the flags as soon as they obtain them.
The CTF network will be isolated from the rest of the conference network and we will NOT provide Internet access on the CTF network. You are free to use the HITB conference wireless network.
1st prize – 1000 USD
2nd prize – 750 USD
3rd prize – 500 USD
Team which solved the most challenges first – 1.337 BTC
The game will run for 16 hours over the 2 days of the conference (15th & 16th October), 8 hours per day. Each team is limited to a maximum of 3 members.
Capture the Flag:Age of Extinction is open for public to register now, however, registration is on first come first serve basis. To register for this event, please send an email to ctfinfo@hackinthebox.org with the following details.
– Team Name + Country of origin
– Team Leaders Name/Handle + Email Address
– Team Members Names/Handle + Email Address
We try hard to keep the competition as free and exciting as possible; however we do require teams to adhere to simple rules such as:
At all times, the decision of the CTF Crew is final on any matter in question.
The CTF Crews reserve the rights to release or not to release the source code of the daemons.
If you have any questions, please send an email to ctfinfo@hackinthebox.org
