TKCTF

Info

The last lab of the class is a 24-hour Capture The Flag (CTF) with challenges from various topics of the class. The challenges will be created by the staffs and participating students. Teams of students will compete in the competition and earn points for lab 10.

The CTF will last from Dec 1, 3:30 pm EST until Dec 2, 3:30 pm EST.

Teams

Each team has 2-4 students.

Please log into Ed Discussion and check the link to submit your team information.

There is a link to a spread sheet where you can enter your information. Please provide the names of your team members and the team name.

If there are teams with more than 4 or less than 3 students, we will adjust the teams at random to match the size requirement.

For the competition, we recommend you to create a team chat where you can easily communicate. Voice chat and screen sharing may be very helpful when you work on challenges together.

Scoring

The details of the scoring may be subject to change!

1. CTF scoring

The score in the CTF consists of two parts: attack points and defense points. This is NOT your actual class score – see the next section.

  • Attack score: up to 20 points for each solved challenge

    • +1 for first blood

    • Dynamic scoring decreases the points per challenge as more teams solve it

  • Defense score:

    • 0 teams solve your challenge: 0 points

    • N/2 teams solve your challenge: 40 points

    • N teams solve your challenge: 20 points

    • Otherwise, your score is linearly interpolated within those ranges.

      • Example: N/4 teams solve your challenge = 20 points

      • Example: N * 3/4 teams solve your challenge = 30 points

2. Translation of CTF score to class score

The class score is calculated as the sum of base points and ranking points.

  • Base points:

    • 20 points, awarded for solving at least one challenge

  • Ranking points:

    • First-place team, which scored F CTF points, gets 180 ranking points.

    • “First-place team” might be either per-section or overall, depending on how many online-section teams participate.

    • Other teams, which scored X CTF points, get 180 * X/F ranking points.

In other words, the first-place team gets 200 class points, and everyone else’s CTF scores will be scaled accordingly, with a minimum of 20.

Example: Team A scored 1500 points in the CTF, Team B scored 2000 points and wins the competition. Thus, Team B gets 200 class points: 20 base points + 180 ranking points. Team A also gets 20 base points. In addition, they get (1500/2000)*180=135 ranking points (linear scaling). Overall, Team B gets 155 (=20+135) points for the class ranking.

We may increase the base points if the average score is too low. In that case, the maximum possible ranking score decreases by the amount we increase the base points (in other words, the first team will always have 200 points).

Challenge Template

# all files to run your service
/docker/Dockerfile   : Dockerfile
       /target       : target bin
       /flag         : flag: tkctf{please submit this flag!}
       /service.conf : xinetd

# all files to be released to participants
/release/README      : guideline
       /target       : bin if you want to release

# source code and exploit for your team and organizer
/source/test.sh      : build docker, run, run exploit.py and print out flag
       /exploit.py   : exploit (must be reproducible)
       /writeup.txt  : detailed solution
       /src/         : source code

  1. Change the NAME file to your challenge name: teamname:challenge (e.g., staff:fmtstr)

  2. Change the docker/flag file as you wish, but wrap it inside tkctf{...} (e.g., tkctf{please submit this flag!})

The source code of the challenge locates in source/src/, which contains its source (fmtstr.c) and makefile (Makefile). The makefile includes various defense options you can enable (e.g., CFLAGS += -fstack-protector). Please carefully enable them as you’d like for your challenge.

$ wget https://tc.gts3.org/cs6265/2023-fall/_static/ctf-template.zip
$ unzip ctf-template.zip

$ cd ctf-template
$ make help
dist  : build the target and distribute to docker/release
build : build the docker image
run   : run the docker container
test  : test the exploit
submit: zip for submission

Be imaginative but keep in mind that, the best challenge should be fun and educational. Please don’t design the challenge that requires any random/pure guessing (but well-designed bruteforcing is fine).

You can replicate real security vulnerabilities, like mini-sudo or mini-heartbleed. There are a few sources that you can refer: