Double Kill CTF Competition – The Rules
Art. 1 “Double Kill” is an offensive CTF (Capture The Flag) competition in which competitors are ranked based on their individual/team skill level and their ability to use their professional skills in compliance with applicable legislation and international Internet communications regulations. The competition’s difficulty level has been designed for participants of beginner and intermediate skill levels.
Art. 2 The “Double Kill” competition is scheduled to commence on July 26 at 15:00 UTC and conclude on July 27 2014 at 15:00 UTC. If, for any reason, the competition cannot be held on the scheduled date mentioned above, the competition will be rescheduled. In the event of a reschedule, participants will receive prior notification detailing the new competition schedule.
Art. 3 To help ensure impartiality and eliminate unfair advantages, all “Double Kill” organizers, staff members, and affiliates are excluded from participating in the competition.
Art. 4 Only those participants who agree to have their name published on the website, http://ctf365.com/, are eligible to be declared a winner and receive the corresponding prize.
Art. 5 The competition will have the following technical rules:
- The ranking in the competition is based on the time it takes you to complete the challenges. You have 24 hours of VPN access to complete the challenge. The timer stops when you provide the correct “superuser” trophy.
- The trophies are listed as such:
- superuser-trophy.txt – found in the home or desktop directory of the superuser (root or Administrator)
- user-trophy.txt – found in the home or desktop directory of the unprivileged user and may be used to gain a foothold on the machine. This trophy is not present on the machines that can be compromised without elevating your privileges.
Each trophy file contains a distinct SHA-1 hash encoded as HEX.
- Attacking our infrastructure is not part of the competition and will result in immediate disqualification. If you’re disqualified, you will not be eligible to win a prize or participate in the raffle.
- In order to validate your time, we require that you submit a “proof of work” within 24 hours after the competition ends. “Proof of work” includes:
- a screenshot showing your superuser access or, if you were unable to obtain superuser access, a screenshot showing your unprivileged access.
- a technical report describing in detail each step needed to compromise the machine.
We must be able to use your report to reproduce your work. If we are unable to do so, the next contestant with a valid report will replace you. We do not have unlimited resources; therefore, only reports for the prize winning places will be evaluated. You must submit your report and screenshots in an email to [email protected]. To ensure all of the details are readable, your screenshots must be high quality JPEG or PNG files. If the details are not clearly visible in your screenshots, your screenshots will be discarded. Your report must be a text file, a PDF document, or an ODT document. Your report and screenshots must be placed in a single archive file before emailing them to us. Acceptable archive formats include RAR, Zip, Gzip, and Bzip2.
- After the competition is finished and the winners are announced, we will publish the machine images that took part in our competition. We will also publish some explanations.
- In the event of a dispute, we may disclose the rejected reports to the competition participants for peer review.
- You don’t need to waste your stash of 0-days for our competition. All of the challenges are designed by using public exploits and/or software misconfigurations. We use Kali and the basic tools for the purpose of demonstrating the concept of a CTF challenge when we discuss the technical aspects of a competition.
- The use of mass-vulnerability scanners is discouraged. It will likely drop your VPN connection or freeze the target machine.
- We don’t provide any hints during the competition. We provide you the same advice as the awesome folks at Offensive Security: Try Harder™. If technical problems are experienced, we will answer properly formulated questions about certain aspects of the competition. A properly formulated question is something like: “I tried to use the foo with the arguments bar over the protocol baz in order to obtain information X”. Do not abuse the support.
- Submitting a Flag:
- Use the up right corner “Hackers Dome” button from CTF365 website (you must be logged in)
- There are two ways to report technical-related issues (e.g. VPN connection, sending flags):
- Online on CTF365 IRC chat, by sending private messages to all operators in the #Lobby channel. IRC server: irc.ctf365.com channel: #lobby
- By e-mail at [email protected]
Remember that there are hundreds of competitors; therefore, nontechnical issues will be ignored. Please do not abuse our time.
Art. 6 Participants may submit appeals to [email protected] within 24 hours after the competition results become publicly available. Appeals will be reviewed and responded to within 7 days of receipt. Appeal responses will be sent to the appealing participant by e-mail.
Art. 8 For premium access prizes, winners will receive their login information and credentials by email.
Art. 9 Players should not interfere with other player’s experience. We may ban you from the competition if you are being reckless as it is not the purpose of these CTFs.