CTF competition 2020 for “white hackers”. Registration of participants

December OTUS with the support of VolgaCTF and CTF.Moscow invites everyone who is close to the area of ​​information security to an online competition to find vulnerabilities. Learn more and register here… In the meantime, we will tell you more about the format and participation, and also remember how the event went in 2019.

Format

The abbreviation CTF stands for Capture the flag. There are 2 formats of such competitions:

  1. Attack-defensewhere teams get their server or network and must keep them running. The task is to score as many points as possible for defense or stolen information (“flags”) from the opposing teams.
  2. Task-based, where each participant receives a set of tasks and must send solutions in the allotted time. The answer, aka a flag, can be a character set or a phrase

Our CTF competitions are organized in the format task-based

How was it last year?

In 2019, 217 people took part. The participants had to solve 9 tasks, three in each direction: reverse engineering, penetration testing and Linux security. It took 5 hours to complete.

The tasks have different difficulty levels and, accordingly, the cost in points. Last time, only 40% of the answers sent were accepted. Here are examples of solving last year’s tasks:

1. Reverse engineering

Tasks for code decompilation, restoring program logic using exclusively low-level code, researching the operation of mobile applications.

example task

Title: Bin
Points: 200

Description:
This time we came across a binary file. The task is the same, to get the secret password.
Attachment: task

Decision:
Given a binary file. Load it into the disassembler and see six check functions written in C ++.

They are made identically and are called in each other, checking the flag in pieces of 5 elements.

We restore step by step using information from the disassembler. We get the flag in parts:

0) length check
1) flag {
2) feefa
3) _172a
4) k14sc
5) _eee}

Combine and get the flag:

flag {feefa_172ak14sc_eee}

2. Pentest

Participants search for vulnerabilities in websites using penetration testing methods.

example task

Title: Databases
Points: 100

Description: The site is actively using databases. Try SQL Injection.
Link: 193.41.142.9: 8001 / shop / login

Decision:
We go to the main section of the store / shop / products /, poking into the search field, we find a sql injection.

Enter 1 “OR” 1 “=” 1 “-, scroll down and see the previously absent product, the flag is in its description.

Flag: flag {5ql_1nject10n_15_t00_51mpl3_f0r_y0u}

3. Linux security + development security

The tasks are aimed at checking the correctness of the server configuration and finding errors in software development.

example task

Title: Algo
Points: 50

Description: We have a new task. Check safe development. The customer provided an archive with an open part of the site being developed. To test his hashing algorithm, he provided a hash: 666c61677b32646733326473323334327d. Check the algorithm for the reverse transformation.

The archive contains the source code of a part of the site.
Link: 193.41.142.9: 8002 /
Attachment: task.7z

Decision:
There is a password hashing algorithm in the source codes. In fact, this is not a hashing algorithm, but simply converting data from string to hexadecimal format.

Using Python:

import binascii binascii.unhexlify (“666c61677b32646733326473323334327d”)

We get the flag: flag {2dg32ds2342}

You can see all the tasks of CTF-2019 here.

What will happen this year?

We have added the 4th discipline “Web Application Security”. For 6 hours, participants will have to solve 12 tasks – 3 in each direction.

Dates and prizes

The competition will take place on December 5 from 10 am to 16. In each category: reverse engineering, penetration testing, Linux security, and web application security, winners are determined.

Registration is open until December 4 at 19:45

The main prizes – free training in OTUS courses in information security – will go to those who are the first to solve all 3 problems correctly in one of the categories. Those who take second and third places will receive exclusive discounts on tuition. And of course, all participants will receive new knowledge, pleasure in solving problems and a 10% bonus discount.

On December 8 and 10, the organizers and teachers will hold special webinars, where they will summarize the results, analyze problem solutions, and also tell you more about our courses.

Who can participate in the CTF competition?

The event is open to everyone who is more or less interested in information security.

Want to know more? Then we are waiting for you at the introductory webinar on December 3 at 20:00, where we will tell you about all the conditions of the holding and answer your questions. Sign up so you don’t miss the broadcast

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *