mirror of https://github.com/dirtbags/moth.git
104 lines
3.3 KiB
Markdown
104 lines
3.3 KiB
Markdown
Title: Introduction
|
|
|
|
Welcome to Capture The Flag.
|
|
|
|
|
|
What This Is
|
|
============
|
|
|
|
* A hacking contest
|
|
* A chance to experience the nature of cyber incident response
|
|
* An environment to safely experiment with offensive techniques
|
|
|
|
|
|
What This Is Not
|
|
================
|
|
|
|
* An arena for purely malicious attacks
|
|
* A rave
|
|
|
|
|
|
Rules
|
|
=====
|
|
|
|
Important Rules
|
|
---------------
|
|
|
|
* The contest network is 10.<i>x</i>.<i>x</i>.<i>x</i>. **Do
|
|
not attack machines outside the contest network**. All
|
|
federal, state, and school laws still apply to the outside
|
|
network.
|
|
* If the "outside network" requires you to plug into a different
|
|
switch, do not connect any machine that has been on the contest
|
|
network.
|
|
* Consider this network hostile: your machine may be
|
|
compromised.
|
|
* We expect you to be disruptive within the framework of the
|
|
game (malicious code, network scanning, social engineering,
|
|
etc.). Disruptive behavior outside the game will result in a
|
|
public and humiliating ejection from the contest area.
|
|
* No ARP attacks. While cute, they are not particularly clever
|
|
given our network topology, and would require expensive and
|
|
bulky equipment to prevent. Find something else to do.
|
|
|
|
Less-Important Rules
|
|
--------------------
|
|
|
|
* If IRC is up, you should use it to communicate with the
|
|
contest staff. Staff will have operator status in #ctf.
|
|
* If you think something is wrong with the game, you are
|
|
expected to demonstrate the problem and explain what you think
|
|
is the correct behavior.
|
|
|
|
|
|
Scoring
|
|
=======
|
|
|
|
The contest is made up of multiple categories. Each category is worth
|
|
one point toward the total score; the percentage of the total points
|
|
held by your team is the percentage of one point your team has for that
|
|
category. The team that has 30% of the points in each of five
|
|
categories has 1.5 points, whereas the team that has 80% of the points
|
|
in only one category has 0.8 points. It is typically better to have a
|
|
few points in many categories, than many points in a few categories.
|
|
|
|
There are two kinds of categories: *flags* and *puzzles*.
|
|
|
|
|
|
Flags
|
|
-----
|
|
|
|
Flag categories are challenges with a notion of a *winner* or *service
|
|
availability*. In these categories, the flag-holder (the winner, or
|
|
each team with a running service) makes 1 point per minute for as long
|
|
as they hold the flag. If there is a single flag-holder, and the flag
|
|
changes hands, a point is awarded to the new winner at the moment the
|
|
flag moves.
|
|
|
|
|
|
Puzzles
|
|
-------
|
|
|
|
Most of the categories come in the form of multiple *puzzles*: for each
|
|
puzzle presented, a key (answer) must be found to recieve the amount of
|
|
points that puzzle is worth. Any team may answer any puzzle question at
|
|
any time. A new puzzle is revealed when a team correctly answers the
|
|
highest-valued puzzle in that category.
|
|
|
|
|
|
Hints
|
|
=====
|
|
|
|
If you are really stuck, you can ask for a hint. It will cost you
|
|
points, though. For puzzles, you will lose ¼ of the points for that
|
|
puzzle <em>even if you never solve the puzzle</em>. For other events,
|
|
the staff member will decide how many points it will cost. You can try
|
|
to bribe or otherwise fanagle information out of us or other
|
|
contestants. *It's a hacking contest.*
|
|
|
|
About Us
|
|
========
|
|
|
|
We are the <a href="http://dirtbags.net/">dirtbags</a>. People pay us
|
|
money to do the sorts of things you'll be doing in this contest.
|