Man, I’m so excited! The DefCon Capture the Flag contest prequalification round is starting tonight. There goes my whole weekend! I’m very curious how this is going to turn out. This year I’m part of a much smaller team than the last two years, and the game organizers are new. (Well, they’re new to organizing; they’ve been competitors in CTF before.) The last 3 years CTF was run by the Ghetto Hackers, and the last two years had enough applicants that a prequalification round was needed. The same thing is happening this year.
Two years ago, I joined the Immunix CTF team late (who had played the year prior as well), and heard details about the web-based puzzles used for the CTF prequal. Last year, we got to do active attacks against executables on a provided machine. After overflowing each executable, you gained the group privs to run the next executable. Additionally, there was a text string token that you emailed to the GH to prove that you had gotten through that stage. Each stage was progressively more difficult to exploit.
So far this year the early clues are pretty shallow. They have mentioned “tokens” again, and a contest website. Maybe the website will give instructions on a machine to log into. Maybe it’ll all be web based again. Either way, I’m stocking up on beef jerky and water.
© 2005, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.