Capture The Flag

Hackfest CTF Quals is an online, multi-team hacking challenge in which contestants compete independently to win slot for the final round. If you are from Tunisia, take your chance and make IT Security in Tunisia great again ! The game is open to anyone (Student/Professionals/Teachers) with an interest in computer science.

The CTF is jeopardy based and consists of a series of challenges in the following categories:

  • Reverse Engineering: In this category You’ll receive a program, but not the source, so you need to disassemble it, look at the assembly, and figure out what it does. Programs can be x86 Windows, x86 Linux, ARM Linux, obfuscated Java, and a whole bevy of more obscure formats.
  • Cryptography: In this category, you’ll attack poorly implemented crypto, outdated crypto, or use well-known vulnerabilities to attack encrypted messages. You might be given for example a few RSA keys whose modulus share a factor, and you decrypt a message encrypted by one of these keys.
  • Web Exploitation: These challenges involve attacking common vulnerabilities in web technology. For example, you might need to use SQL injection to read the “secret_flag” table of a database, use directory traversal to get a web server to serve you “flag.txt”, use Cross-Site Scripting to trick a simulated user to send you their password, or bypass some client-side checks implemented by obfuscated javascript.
  • Forensics: This is a fairly broad category. You might receive an image of a disk in FAT format, and you’ll need to un-delete “flag.txt”. Maybe you receive a zip file, that contains a 7z file, that contains a tar archive, that contains some obscure file format you’ve never heard of, and unpacking the entire chain eventually gives you a flag.
  • Binary Exploitation: The program you received is running as a service on a remote machine. Reverse-engineer it, figure out its vulnerability, and use that to take exploit the remote service into serving you a flag. Often, there’s a flag.txt you can get the program to read, or perhaps it has a flag in memory you need to get it to accidentally send you.

Players will compete in teams of up to 4 members. Points are given for answering each challenge. Only 20 teams will qualify for finals. Hackfest CTF 2k18 Quals is meant for both beginners and experienced CTFers and consists of tasks ranging from simple to extremely difficult in various categories. If you have any questions, email us at maroueneboubakri[at]gmail.com

 

hackfest_medals

Important Dates

03 December 2017:  Registration open

05-07 January 2018: Hackfest CTF Qualification round

03-04 February 2018: Hackfest CTF Finals

Rules

Eligibility

Hackfest CTF Quals is an online, multi-team hacking challenge in which contestants compete independently to win slot for the final round. If you are from Tunisia, take your chance and make IT Security in Tunisia great again ! The game is open to anyone (Student/Professionals/Teachers) with an interest in computer science.

Rules and Restrictions

  1. The CTF is jeopardy based and consists of a series of challenges in the following categories (Pwning, Web, Crypto and Forensics).
  2. Teams can have up to 4 members. But be fair !
  3. Registration form is live and will be closed when the number of 60 regsitred teams is reached.
  4. Every member must give his full name not his nickname.
  5. Any registration which does not follow the rules, will be discarded.
  6. Incomplete teams will be completed by us using individual players
  7. Individual players will be assigned to a an incomplete team
  8. Registered teams will receive within a week an email with credentials
  9. Teams should login to the CTF platform before the game start. No Login/Password will be recovered after game start.
  10. Flags sharing and trading with other teams is not allowed.
  11. You are allowed to use any tool to solve a challenge.
  12. Denial of Hackfest service/servers is prohibited.
  13. Finding bugs in infrastructure can bring more points to the team, but do not scan please !
  14. Besides the team ranking, each team member will be ranked based on his performance in solving the tasks.
  15. Prizes TBA
  16. Have fun and learn

Scoring

  1. Each task has a score listed. The team who earns the most points wins the competition. If two teams tie, the submission times will be used to judge.
  2. More prizes will be annonced soon (depends on sponsorship).

Anyone who violates these rules will be disqualified. All decisions made by Hackfest CTF committee are final.

Prizes

To be announced

Questions? Email us at maroueneboubakri@gmail.com, or ask on the IRC channel (#hackfestctf on Freenode) during CTF.

 

‘2k16 CTF Teaser