IoT Village CTF, Sunday 10:00-13:00

**Chapoly1305** · August 6, 2024, 06:13

The website is 404. I assume it's not on purpose, right?

**Spl0ite** · August 6, 2024, 07:07

im getting connection not private is that part of this as well?

**number6** · August 6, 2024, 09:40

Originally posted by chapoly

The website is 404. I assume it's not on purpose, right?

I do not run this contest/event, but I will try to provide suggestions...

Originally posted by Spl0ite

im getting connection not private is that part of this as well?

Cert error is because the given name in the URL does not match the TLS cert provided by the server.

I am not the organizer for this event, but this is what it looks like:
This contest is relying on "ctfd.io" service for CTF.
From: https://docs.ctfd.io/hosted/manageme...ustom-domains/

it looks like the organizers need to login to their "iotv.ctfd.io" account on ctfd.io and make sure the 3 CNAME records in DNS work according to their given settings.

A casual test based only on *assumptions* not necessarily what their account on ctfd.io tells them:

Code:

# dig +short -t cname scoreboard.iotvillage.org
iotv.ctfd.io.
# dig +short -t cname ctfdio1._domainkey.scoreboard.iotvillage.org
dkim1.cloud.ctfd.io.
# dig +short -t cname ctfdio2._domainkey.scoreboard.iotvillage.org
dkim2.cloud.ctfd.io.

So, after that, assuming all is good, the people running this are supposed to (according to the URL above) click on the "UPDATE DOMAIN" form-submit-button in their ctfd.io account page.

(It is possible their account has provided them with different values to set for each of these CNAME for this domain: sometime example data in help docs is not a 100% match for values users need to set based on data shown in their account page.)

Docs suggest there are special considerations when using claudflare (which this domain appears to be using for DNS.)

Docs mention a provisioning process, and mention an "SSL Cert" but do not state explicitly that the provisioning process (when the account owner selected the submit button "Update Domain") automatically gets and signs a host cert (like maybe from letsencrypt ?) for the given cname "scoreboard.iotvillage.org" so that you get a cert that matches that name, or if the account holder is expected to generate their own CSR, get it signed, then upload a private key and signed cert through their ctfs.io account.

That is what it all looks like to me.

Hopefully one of the people running this will be able to reply to let you all know when they plan to have service available with a valid host cert for scoreboard.iotvillage.org

It is possible the organizers know about this issue, but are delaying making it available until after their team is ready.

Good luck!

**Chapoly1305** · August 6, 2024, 12:29

The link was for more info but not the scoreboard, so I assume they have provided an incorrect link to number6.
Maybe the link just iotvillage.org/

IoT Village CTF, Sunday 10:00-13:00

IoT Village CTF, Sunday 10:00-13:00

Comment

Comment

Comment

Comment