You're competing in the DEF CON CTF game because you enjoy difficult challenges and you want to win the game, so please play the game as we have presented it. Know that all teams will be facing the same difficulties and we ll be enforcing the same rules on all.
The DEF CON CTF game is designed to test each team's ability to protect and attack a prescribed set of services over a network. Physical attacks, rooting your jail, and attacking our game infrastructure are all out of bounds.
The listed rules are simple. The rules are not to be gamed. Need clarification? Please ask.
- Eight (8) people per team.
- No swapping.
- Do not attack infrastructure.
- No physical attacks.
- Tables will be organized with team privacy in mind. Use the
provided stanchions and ropes to prevent spectators from getting
behind your tables.
- If someone is bothering your team, ask them to leave or tell us
- Time spent breaking your jail is time wasted. This is not the
competition to throw your Linux 0-day. Breaking out is an
accomplishment and we ll congratulate you on it, but we ll also
take it away and make you stop. Don t waste your time.
- Rooting your box breaks the game in a number of ways and we consider the jail to be a part of our infrastructure.
- Team captains speak for their team.
- A captain token will be given to each team
- No person approaching the organizer s table without a captain token can make decisions for their team
- Protect your captain tokens
- Your team's client certificate and private key submits flags
and uses the scoring system for your team.
- Protect your private key; we can revoke a client certificate but only with the captain token.
- Loss of flags
- Network cables cut
- The purpose of the game is to defend your services (keep other teams from taking your tokens) and to attack other teams' services (and steal their tokens).
- Steal tokens to win flags.
- Keep your services protected and functioning to keep flags.
- You'll have SSH keys and HTTPS client certs (provided by us) to log in to your system and the scoring system. Bring a drive that can read CD-R discs. It s okay if it s built in.
Flags vs Tokens
- Tokens are long alphanumeric strings you steal from another team's box and submit to the scoring server.
- Flags are the points you see on the scoreboard.
- When you submit another team's token, it will be worth a certain number of flags. Your score will go up by the number of flags the token was worth.
This game will be zero-sum; the total number of flags in the game will remain the same.
- When you steal flags from another team, they lose flags.
- Each stolen flag will be placed in a bin for the same service
it was stolen from.
- Those flags can be lost again through that service when it is exploited by others.
- Given enough time, it is possible to lose all flags for a
- There will be nothing left to steal from you until you steal flags from another team.
You will score flags in the following way:
- Exploit a team's service and steal their token. Submit their token to the scoring server.
- You will score 19/N flags, where N is the number of teams who also scored on the same team/service combination.
- Example: You steal and submit a token from team BAR s service X, and so did two other teams during the same scoring period. You will get 19/3 (6) flags.
You will lose flags in the following ways:
- Another team exploits your service and steals a token. You will lose 19 flags for this. If more than one team score on the same service, they split the 19 flags.
- Example: If your X, Y, and Z services all get exploited in the same round, you lose 19 flags from each service s bin (assuming you have flags left to lose).
- Your service fails an SLA check. You will lose 19 flags for this (distributed evenly to all other teams who still have that service up).
- Tokens change every scoring period.
- Each token can only be redeemed once per team.
- The scoring period may be changed throughout the game.
- Once during every scoring period:
- All teams services will be checked for responsiveness
- All submitted tokens to the scoring server will be tallied
- All earned and lost flags will be allocated.
- There is ONE network cable to connect your team to the game network
- Each team has its own dedicated /24
- Your subnet is 10.5.<your team #>.0/24
- The default gateway is 10.5.<your team #>.1
- Internet access is provided by the DEF CON network; availability may vary.
- You can use 10.5.<your team #>.1 as a nameserver
- A DHCP server will provide addresses to you in the .100 - .200 range if you choose to accept them
- Your vulnerable image is running at 10.5.<your team #>.2
- Packet captures are available from the server at 10.5.<your team #>.3 (more about this below)
- You can assign any other IP address on your subnet if you want a static IP
- SSH is the only port blocked between teams.
- We will provide packet captures to you with a 10 minute delay
- Each capture file will contain 5 minutes worth of data and will be named latest.cap
- Captures can be obtained by SFTP-ing to 10.5.<your team
#>.3 using the capture ssh key pair provided on the CD
- The key pair files are named based on your team name and that name is the username for the SFTP connection to the capture server
- So, for example, if your capture SSH key pair on your CD was
named xxx-capture and you are team 30, then you would get the
latest capture file by running:
sftp -i xxx-capture [email protected]:latest.cap .
- SSH shell access to the capture server is not permitted. You must use SFTP to copy your latest capture file.
- You can ssh to your vulnerable image at the start of the game
using the username
ctfand using the SSH key pair named
<teamname>-vulnprovided to you on the CD
- Your ctf user has group membership and sudo access to all of the game service users
- You do not have root access on this image
- All services must be run from the provided image