Hacker Capture The Flag

**skroo** · April 29, 2002, 21:01

Re: Deconstructing rules

Originally posted by zero

You get an OS given to you which you must protect. This OS is X86 based. Basic real world scheme. Keep it running without hacks.

Fair enough. I'm not happy with being limited to the x86 architecture, though. Cuts down on both the sporting and real-world aspects of the network.

Attacks - use anything you want, but there is no direct connectivity to the 'net. This'll keep slam attacks off of both sides (none going out to annoy the ISP, and none comming in to be a nuisance to the ctf.)

That actually sounds very reasonable to me.

This is pretty straight forward when you break it down. Net admins get what management tells them to use and they have to make it work/safe. The hacker get all the tools and platforms they can lay their hands on. That's about as real world as it gets.

Well, no, because by the sounds of it you're limited to the x86 architecture which is not necessarily the best platform to *use* in the real world. This is why I'm upset at seeing other architectures ostensibly excluded from the network.

Something else that bothers me here (going into full paranoia mode for a moment): we're supposed to be attacking some flavour of accounting package. Fine and dandy. However, I'd like to know what the intentions are for this package post-con - is the code going to be recycled into another product, commercial or otherwise?

I'm not saying that this *is* the case, but it is something I'm curious about. CTF contestants shouldn't be used as QA engineers, nor would I necessarily want to use a product whose security QA was primarily conducted at CTF.

**Not_X86** · April 30, 2002, 08:14

Can I get an official ruling...

Will This year's Capture the Flag contest be able to use non-X86 systems and other Operating systems?

I'dlike an official answer from the Judges, eh Goons... (Just in Case this was an Oversight)

I'd also like a brief reason behind excluding non X86 systems not just speculation...

Judges? Goons?

**Temtel** · April 30, 2002, 23:09

The rules have never stifled anyone's creativity in the past. Seems to me that most years they end up changing the rules two or three times during the game. The essence of the game is hacking, and the essence of hacking is learning. I look forward to new surprises.

Basher Teg boosted us (orange team) up by soldered extra memory chips onto the motherboard of a Mac Classic and managed to get it to boot BSD with full network access. Green (I think) set up a mock porn site with all the passwords to hack the box hidden between the pictures in clear-text, if anyone bothered to look. Ghetto Hackers worked their way into the sysop room at DC8 to root a server, then sent someone at DC9 (anyone remember who that was?) crammed into a box to infiltrate the server room after dark. Someone else at DC9 ( I think it was Purple?) won the Evil Bastards from Hell award for sucking regular attendees onto a wireless network attached to the CTF net where they could be hacked for points. What'll happen next?

**zero** · May 1, 2002, 14:10

X86

I believe the x86 is because of the concept that the OS and App will be given to the teams. That means one OS all the way around, which -tends- to mean one platform. As to skroo's comment on the non-real worldness about it, I don't know. In most places the CEO often chooses the platform. Yeah, the head of IT gets to try and convince him on the merits of system X in their environment, but most often the CEO picks what he read in last weeks new yorker. Any wonder why there's so many MS houses?

**opcom** · May 9, 2002, 18:09

x86 o/s only? Hmm..

Well I suppose it is going to be like NASCAR this time: Everyone is allowed basically the same platform. Personally I think saturday-night street racing is more exciting. Run whatcha brung.

It would have been better if this decision had been announced earlier. Alot of time and $ has been invested in preparation of a variety of non-x86 systems since last year, and not only by myself I am guessing.

No MIPS, Sun, DECompaqHP, RISC.. c'mon, x86 is, well, a terminal device with local storage, best suited for use as a convenient interface to a Computer.

my 2 melancholy cents.

**russ** · May 9, 2002, 19:19

Platform

I would think, at the very least, that the sparc architecture would be allowed as well. But that's not an official answer... just my opinion.

**pc-0x90** · May 9, 2002, 21:40

Ok, I'm not really sure what the big deal is for everyone. From what I remember from last year (although my memory of last year is sketchy at best) There were too many servers defending, not enough rogue computers "Capturing"... which led to my interpretation of the rules as:

- Each team has 1 (one) server which is x86
- The rest of the team can run whatever they want
- You are given x86 software, but the polling station isn't running an OS fingerprint so I'm sure you can port/fake the HMGC software

Direct quote of rulez:
"As long as the scoreboard server sees that your services are up AND your server has your team's flag..."

Notice: server is singular. Non-plural. One. Now this could be taken as to mean each team member's server, but then that blows my whole interpretation apart...

I'm sure we'll all find out later...

**zero** · May 13, 2002, 09:06

Originally posted by pc-0x90
... which led to my interpretation of the rules as:

- Each team has 1 (one) server which is x86
- The rest of the team can run whatever they want
- You are given x86 software, but the polling station isn't running an OS fingerprint so I'm sure you can port/fake the HMGC software

This is how I read it also:
X number of teams with Y number members = X servers with Y-waste attackers.

Hacker Capture The Flag

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment