Setup

This page describes the technical details for participation in FAUST CTF. If there are any questions, don't hesitate to ask us!

Vulnbox

The vulnbox image will be available as an x86-64 OVA appliance. It should run in VirtualBox or other hypervisors, but support for hardware virtualization (VT-x) is highly recommended.

A test image to check your virtualization setup will be available soon. To also check your networking setup, the VPN will be online in the week leading up to the CTF (presumably from 2015-12-13).

Network

We will send out OpenVPN configs containing the required passwords as soon as the VPN is online. OpenVPN is supposed to run on a router box under your responsibility. This might be another VM, the box which hosts the hypervisor, or a completely different machine.

You probably want to reach the competition network (your vulnbox, flag submission etc.) from your team member's personal computers. The easiest way to achieve this is to use the "team network" IP space delegated to you. The vulnbox is then bridged into that network (Attached to Bridged adapter for VirtualBox).

This roughly describes a base setup, which can be improved in numerous ways. For example, even though attacks on machines other than the vulnboxes are strictly forbidden, you might want to hide your team member's personal machines behind a NAT.

The IP ranges for VPN routing, other team's networks and competition infrastucture (see below) must not be used otherwise on your router.

Graphic of network setup and IP ranges

IP ranges overview

  • VPN routing networks:
    • 10.65.<team_ID>.1: Competiton gateway
    • 10.65.<team_ID>.2: Team router
  • Team networks: 10.66.<team_ID>.0/24
    • Vulnbox: 10.66.<team_ID>.2
  • Competition infrastructure (flag submission etc.): 10.67.0.0/16

Demo team

An unaltered vulnbox to check your exploits against will be available with team ID 1 (i.e. IP 10.66.1.2). No vulnerabilities will be patched on this machine, but it will receive new flags (which of course won't be valid for submission) and be checked by the gameserver.

Exploitation

You will run attacks against other teams from your infrastructure, using your own tools.

Flag submission will be possible using a plaintext protocol on submission.faustctf.net:666 from within the competition network.

Flag format

Flags will match this regular expression: FAUST_[A-Za-z0-9/\+]{32}

Service status

The gamerserver's checks for the functioning of a service have one of these results:

  • up: Everything is working fine
  • flag not found: The service seems to be working, but flags from past ticks cannot be retrieved
  • recovering: Flags from more recent ticks can be retrieved, but flags from previous ticks are still missing
  • faulty: The service is reachable, but not working correctly
  • down: The service is not reachable