FAUST CTF is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg. It took place for the first time on 18 December 2015.

View scoreboard


Wow – Friday was quite a ride for us. We apologize for any inconveniences our infrastructure has caused and we hope you had fun nevertheless. We learned a lot by hosting our first attack/defense CTF and hope everything will be running more smoothly next time.
Thank you all for participating and creating an exciting competition for everybody! The fight for the first place was crazy.

Now, for our results. The top three teams are:

  1. Bushwhackers, 39975 points
  2. FluxFingers, 39469 points
  3. HackerDom, 28969 points

It was a close race with FluxFingers gaining points quickly. Accompanying it was some last minute exploitation, which caused DoS for the "Sell your soul" service. We have investigated the incident and are confident that it didn't cost FluxFingers the win.

Most of our "first blood" awards (Goethe Gallery, Bashing, Faust Quiz, notekeeping and Wichteln) go to HackerDom, who used a cool way to get a root shell on another team's vulnbox early on. "First bloods" through exploits for the actual services were:

  • Faust2048: Bushwhackers, tick 80 (wins award)
  • Goethe Gallery: M.I.S.T, tick 25
  • Bashing: FluxFingers, tick 33
  • Faust Quiz: Bushwhackers, tick 35
  • Notekeeping: LosFuzzys, tick 47
  • Wichteln: censored, tick 79
  • Sell your soul: FluxFingers, tick 75 (wins award)

Congratulations to the winners and all other teams who gave their best and thanks to our sponsors DATEV and noris network!
We will be in touch with the winners soon to figure out prize pay-out details.

We would be glad if you posted write-ups for the services you solved, so that everybody can learn from each other's experiences. One for "Sell your soul" has already landed in the "write-ups-2015" repository on GitHub, for example.
In terms of improvements for a potential next edition, we realize most of them would be related to our infrastructure and the required bug fixes in some services. We would still like to ask you a few questions about your experience.


Update: CTF delayed 30 minutes, see updated times.

The competition will work in classic attack-defense fashion. Each team will be given a vulnbox image to host and VPN access. You will run exploits against other teams, capture flags and submit them to our server.

The vulnbox decryption password will be released at 2015-12-18 15:00 15:30 UTC. The actual competition will start at 16:00 16:30 UTC and presumably run for eight hours.


  • First place: 512 €
  • Second place: 256 €
  • Third place: 128 €

Additionally, for each service the first team to submit a flag will win 32 €.


Vulnbox password released

The information which you all are waiting for. First of all, the password for vulnbox decryption is: "On 16 November 1797, Goethe slept in Erlangen."

The network will be live in 1 hour at 16:30 UTC. You should get everything running by this time, since the checkers will start immediately. Our submissions interface is at, use netcat or similar to submit flags.

New vulnbox images

Unfortunately, we had to generate a new vulnbox image at last minute*. Please download it now. The old images you have already downloaded will not work.

In order to give you enough time for preparation, we will delay vulnbox decryption and competition start by half an hour: The password will be released at 15:30 UTC and the network will be open by 16:30 UTC.

Apologies for the inconvenience!

* Always check if the password you think you set really works, people!

Official rules released

It’s less than two hours till vulnbox decryption and our official rules have finally arrived. Make sure to read them, as they will be binding for all teams.

Unfortunately, we didn’t get around to deliver the network status page we promised you. You should be good to go if you can ping submission.faustctf.net at and talk to the submission server on port 666. When the network is open from 16:00 UTC, you of course have to have the right IP (10.66.<team_ID>.2) configured for the vulnbox.

Remember that we will release the password for vulnbox decryption at 15:00 UTC. If you haven’t already, join us in the IRC channel #faustctf on Freenode! It’s best if you prefix your nick with your team name, as we might use IRC to contact you rapidly.

Vulnboxes are ready

FAUST proudly presents you the final vulnboxes for FAUST CTF. The boxes should have the IP 10.66.<team_ID>.2 configured.

Procedures for login and network configuration are the same as for the demo box.

Again, we provide two options for download:

Both images are encrypted with a password and are otherwise identical, so use the one that best fits your needs. The password will be released via Twitter, IRC and email at 15:00 UTC on Friday.

To verify the integrity of your download, all files have a detached gpg signature available. Append .sig to the filename for download.

To verify the download, run gpg --verify vulnboxbox.ova.gpg.sig vulnboxbox.ova.gpg. To decrypt the vulnbox, use gpg --decrypt vulnboxbox.ova.gpg.

Registration closed

With more than 180 teams registered, sign-up is now closed. If you have registered, don't show up in the team list and did not receive our recent messages (VPN config and demo image), your probably didn't activate your account. In this case, contact us soon!

Demo vulnbox released

FAUST proudly presents you the demo vulnboxes for FAUST CTF. These are intended to help you configure your setup properly. The test boxes should have the IP 10.66.<team_ID>.3 configured, while the actual vulnboxes will use .2.

On first login the demo box will ask you for your team ID and configure itself properly. You can log into the box using any of the following ways:

  • Use the graphical console of your virtualization software
  • Connect to the serial port of the VM (may need configuration)
  • Before configuration the testbox will try to configure network using DHCP, you can then SSH into it using the private key

We provide two options for download:

Both images are encrypted with the password "test" and are otherwise identical, so use the one that best fits your needs.

The VPN configuration containing your secret key should have been received by your formal contact address yesterday. A status page showing your network and demo image status will be only in the next days.

Supported by

DATEV noris network

Organized by