CInsects CTF

The CInsects irregularly organize the CInsects CTF, which is an attack/defense CTF. The next CInsects CTF is planned for February 2022.

CInsects CTF 2022

The CInsects CTF 2022 is planned for February 19, 2022.

Registration

The registration for the CInsects CTF 2022 is no longer open since February 16, 2022, 12:00 UTC.

CTF Information

You and your team have been promoted. You are now responsible to improve the security of your new company location. To your disappointment, your predecessors had some very specific visions of IT security. For example, they believe that firewalls are only there to break important applications. This is just as bad for revenue as is touching any running system. For this reason, the corporate policy disallows any changes on the central servers – they are already working as they are supposed to. To maximize the productivity of the staff, all locations are – of course! – connected to each other. Evil tongues say that hackers have already infiltrated all other locations and cannot wait to learn all corporate secrets and access customer data.

The CInsects CTF consists of multiple services involving multiple virtual machines. The teams` virtual machines are hosted by us. They may have different operating systems – let yourself be surprised. The level of access to the different virtual machines is different for each service and virtual machine. Each teams can start, stop, and reset their own virtual machines.

We will provide you with an OpenVPN configuration to connect to the game network shortly before the start of the competition. These will allow multiclient connection so you can participate at the CTF from home with multiple team members.

Network traffic between teams will be allowed starting from 12:00 UTC, i.e., one hour after beginning of the competition.

Communication

In case there are any problems, feel free to write us at ctf@cinsects.de We will also have an IRC channel #cinsectsctf22 @ irc.hackint.org.

Network and Infrastructure

Authentication will only be activated shortly before the begin of the CTF, a login is not yet possible. This is intended and not a bug.

We will send an OpenVPN configuration file to each team to the email address that was used for registration.

All VMs are hosted by us. The VMs can be managed (started, stopped, restarted) at https://ctf.ctf.cinsects.de using the credentials from the registration. Initially, we will start the VMs of all teams.

The CTF information will not be visible before the start of the CTF, i.e., not before 11:00 UTC.

Network Ranges

Each team gets a dedicated subnet for their VMs. The VM IP addresses per team will be within a /29 subnet underneath the 172.16.0.0/12 IP range. For the VPN, each team gets a subnet 10.36.X.X/28. This means that multiple clients can connect per team VPN configuration.

The VM IP addresses will be dynamically mapped and may also change if a team decides to restart their VMs. All currently mapped IP addresses of the other teams will be available via our CTF dashboard.

VMs

Each team has multiple VMs. On all VMs, a user ctfadmins with sudo permissions exists. We may use this account to make changes to the VMs or deploy additional services during the competition. Thus, you should rather not delete or restrict that account.

Teams receive the credentials of a user for every VM. Except for one of the VMs, teams also can obtain root privileges on their own VMs via sudo.

CTF Dashboard

Authentication will only be activated shortly before the begin of the CTF, a login is not yet possible. This is intended and not a bug. The dashboard will only be available shortly before the connections between teams are opened, i.e., around 11:50 UTC.

The CTF dashboard contains information about the teams and the scoreboard. It is available at https://dashboard.ctf.cinsects.de and allows logins with the credentials from the registration.

Flag Format

Flags have the format FLG\w{30}.

Prize Money

We are very pleased to announce that there will be price money for the top teams of CInsects CTF 2022. The price money is sponsored by IABG.

IABG

Congratulations to the winning teams!

  1. Bushwhackers (350€)
  2. saarsec (200€)
  3. RedRocket (100€)

There will be additional prize money of 55€ for the best write-up per service. We invite all teams that have participated to publish well-written write-ups for the services of CInsects CTF 2022. If you publish a write-up and want to participate, please send an email to cinsects-poc.inf@uni-hamburg.de indicating the URL of the published write-up. For each service, we will award the team with the best write-up for that service that we have received before the 15th of March 2022 with the prize money.

Taxes, charges and so on need to be paid by the receiving teams. We require a SEPA bank account number to transfer the price money to.

Previous CInsects CTFs

CInsects CTF 2019

The CInsects CTF 2019 took place on July 12, 2019.