Contest rules / CTF Hack da Night 2010
The Night da Hack 2010 Capture The Flag (CTF) challenge allow computer systems security addicts to test and assess their knowledge over a dedicated LAN, both in an offensive and defensive way.
The basic idea of this CTF is pretty simple: all teams have to protect their own server, and attack the other teams' servers. First of all, this contest is a game, which result will depend on each team's technical skills.
Each team will have to manage a server that is identical to the other teams'. Moreover, a common platform will contain vulnerabilities that can be exploited by all participants. Some of these vulnerabilities will be easier, in order to be found and exploited by people that are not acquainted to hacking challenges and CTF principles.
Articles below explains rules that apply to this contest. This list is not thorough, and can change according to participants' behavior. The staff is allowed to change those rules until the day of the event.
Rules
-Art 1
Each team is composed of a maximum of 5 people. It is forbidden to change, add or remove a member of a team once the challenge has started. Thus, every communication outside the members of a team is forbidden.
-Art 2
Each participant must bring his own computer (laptop or desktop computer) to be able to take part in the challenge. This computer must have an Ethernet interface. It is strongly advised that each participant installs all his tools on his computer before the event.
-Art 3
It is forbidden to attack any machine other than other teams' servers and computers. Thus, is it strictly prohibited to attack the staff server and websites outside the LAN (Internet websites), etc.
-Art 4
It is forbidden to physically interract with computer supplies other than one team's participants during the challenge.
-Art 5
If a service (part of the challenge) is stopped/unricheable on a server, the team responsible for this server will be removed a given amount of points per minute. See " Counting points " for more details.
-Art 6
Attacks on opposite teams' computers are allowed. Thus, we are not responsible for confidentiality, integrity and availability of data that are stored on participants' computers.
-Art 7
Participants are not allowed to prevent other teams to access a service by enforcing techniques that are not part of patches validated by one of the challenge umpires. Except patches, it is allowed to install Intrusion Detection Systems in order to block attacks, but they should not block legitimate connections. Defence points can only be granted using patch enforcement.
-Art 8
Denial Of Services are allowed, in order to make a service unreachable. However, it is strictly forbidden to target the staff monotoring system.
-Art 9
It is stricly forbidden to perform network attacks (such as ARP spoofing or ARP flooding) on subnets hosting the staff monitoring server and team servers.
-Art 10
Each team will have access to the Internet. Participants are free to use this access to look for information and download tools. According to Art. 1, communication with people not part of the team (using forums, mails, instant messaging, etc.) is strictly forbidden.
-Art 11
The challenge will start at 12 am (midnight) and will last until 7 am. The final ranking will be determined by the amount of granted points of both common and CTF challenges.
-Art 12
Each team captain will act as a go-between for his/her team and the staff. Umpires' job is to manage and solve CTF-related problems and validate challenge solutions and patches.
-Art 13
Hate and violence are forbidden. Keep in mind that it is a game.
-Art 14
The best three teams will receives prizes: computer hardware, security certifications etc. Players will be able to attend these certifications in Sysdream training center within a year.
-Art 15
The lack of obedience of these rules will result in consequent loss of points (determined by challenge umpires), or even disqualification of the faulting team.