hxp


Organizing our first CTF

As most of you probably know by now, we held our first CTF last weekend and with it there was a lot to learn for us. Since most (or probably even all) of our readers here are CTF players and organizers themselves, we thought it would be a nice touch to compile everything into a blog post to give all of you the chance to laugh about our stupid mistakes and maybe even learn something new. :)

Selecting the date

We actually picked the date for our CTF quite carefully. We used ctftime.org to choose a more or less free weekend, and at the time we did that, neither Hack.lu, EKOPARTY nor WhiteHat Grand Prix had been announced there. We know all those are linked to conferences so I guess there would have been a way to know that would happen. If someone knows a better source for this kind of information, please let us know so we can choose a better date next time.

Sponsors & “the real world”

Since all of us are students we are more or less used to “ad-hoc decision making”. When we reached out to sponsors most of them were quite eager to work with us, but since we informed them only about a month prior there was no chance to get anything done in this time frame (most of them are large corporations with a lot of bureaucracy attached).

Deadlines and “the curve of productivity”

We set ourselves some strict deadlines to finish the tasks and infrastructure so we would have it done around two weeks before the CTF. Well… Let’s phrase it this way: In the end the CTF was just around the corner and literally nothing was finished completely. Luckily we noticed that our productivity skyrocketed exponentially with the nearing real deadline; we jokingly called this “the curve of productivity” (while crying and coding in the corner).

Productivity graph

Always expect the Spanish inquisition unexpected

Two hours before the official start, all of our network connections suddenly got killed. After a bit of panicking our admin manged to contact a guy at LRZ (the “somewhat internet provider” for our university) and it turned out every host making more than 60 ssh connections within one minute gets kicked from the network. This was a real problem since we all used the same IP (we have a CTF network running here) and therefore were all blocked from our own infrastructure (which was in a different network). This is the reason why the CTF was delayed by one hour; luckily our admin managed to get someone to unblock us (which is quite hard on a Saturday here) so hooray to that! Also, shoutout to More Smoked Leet Chicken for pwning the scoreboard! (yeah, yeah, yeah, add a constraint to your challenges_solved table or use a mutex, I fucked this one up ;))

Our infrastructure

We had a total of eight machines running. One big web server hosted in a datacenter, one “controller” machine, and six workers. The workers hosted all the challenges ([2-7].ctf.link) in docker containers (which we found out how to use just the night before the CTF, really neat by the way) and were not accessible from the outside. We then forwarded all challenge ports to 1.ctf.link (the controller) which made everything visible to the public. The web server hosted only the scoreboard and downloadable files, but still managed to produce about 60 gigabytes of traffic within the 24 hours of the CTF. Before the CTF we were really concerned about this setup: Every worker machine was only equipped with a 2.6 GHz AMD dual core and 8 gigabytes of RAM. We really feared this wouldn’t be enough because some challenges (like cloud gaming or turbo) were expected to be quite hardware intensive. Luckily nothing bad happened and the machines did their job really well, no reboots, no freezes, whatsoever! (Except when our challenge authors fucked up ;).)


To close this long post with a funny note: We had a log file with all submitted flags which was streamed into our “command center” so we could congratulate in the IRC channel. This also streamed the failed submissions which, sometimes, were real comedy gold, so here’s an (anonymized) best of wrong flags:

Should have gone with boots instead…

03:54:41 [ FAIL ] AnonTeam tried to solve webshop with shoes
03:56:31 [ FAIL ] AnonTeam tried to solve webshop with hxp{shoes_preview.html}

I know that there are a lot of bullshit web challenges, but how do you even get those ideas..?!

02:57:29 [ FAIL ] AnonTeam tried to solve webshop with hxp{US$28.00 ~PHP1,210.44}
03:29:20 [ FAIL ] AnonTeam tried to solve webshop with PHP1,210.44
06:26:30 [ FAIL ] AnonTeam tried to solve webshop with hxp{Found nothing.}

Nice try…

03:02:11 [ FAIL ] AnonTeam tried to solve bad_apple with bad
14:00:40 [ FAIL ] AnonTeam tried to solve c0unter with 1

Thanks for the exploit script, but you have to run it first :D

03:40:52 [ FAIL ] AnonTeam tried to solve bad_apple with require 'hashpump' require 'socket' data = File.binread('good.bin') digest, data = data[0,32], data[32..-1] (0..64).each do |key_len| new_digest, new_data = HashPump::hashpump(digest.unpack("H*")[0], data, 'flag pls', key_len) puts "Key-Length: #{key_len}" TCPSocket.open('1.ctf.link', 1027) do |s| s.print [new_digest].pack("H*") + new_data s.flush s.close_write puts s.read end end
03:41:04 [ SUCCESS ] AnonTeam solved bad_apple with hxp{M3rkL3_D4mg4rd_h4s_s0m3_Pr0bl3mZ}

When in doubt, just bruteforce it…

04:00:50 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m_t0_th3_jungl3}
04:01:02 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m_t0_th3_junggl3}
04:01:13 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m_t0_th3_junl3}
04:01:25 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m_t0_th3_jung3}
04:01:51 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m3_t0_th3_jungl3}
04:02:08 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m3_t0_th3_junl3}
04:02:15 [ FAIL ] AnonTeam tried to solve Sanity Check with hex{w3lc0m3_t0_th3_junggl3}
04:03:12 [ SUCCESS ] AnonTeam solved Sanity Check with hxp{w3lc0me_t0_th3_jungl3}

We really thought this challenge wouldn’t be that hard…

03:04:09 [ FAIL ] AnonTeam tried to solve Sanity Check with hxp{yes}
04:30:05 [ FAIL ] AnonTeam tried to solve Sanity Check with hxp{base64}
07:21:17 [ FAIL ] AnonTeam tried to solve Sanity Check with hxp{yes}
07:49:20 [ FAIL ] AnonTeam tried to solve Sanity Check with hxp{yes}
07:49:27 [ FAIL ] AnonTeam tried to solve Sanity Check with hxp{true}
11:11:16 [ FAIL ] AnonTeam tried to solve Sanity Check with hxp{password1}

I really have to limit the upload size next time…

06:30:17 [ FAIL ] AnonTeam tried to solve t9 with [the whole fucking t9 words.txt file pasted into the flag submission box]

And we all thought you guys would take the recon category as the joke it was /O.O\

12:09:25 [ FAIL ] AnonTeam tried to solve Never with hxp{never}
12:09:39 [ FAIL ] AnonTeam tried to solve Never with hxp{never}
12:09:46 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:09:59 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:10:07 [ FAIL ] AnonTeam tried to solve Never with hxp{Sometimes}
12:10:12 [ FAIL ] AnonTeam tried to solve Never with never
12:10:15 [ FAIL ] AnonTeam tried to solve Never with hxp{Ever}
12:10:33 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:10:51 [ FAIL ] AnonTeam tried to solve Never with hxp{XorDDoS}
12:10:54 [ FAIL ] AnonTeam tried to solve Up with hxp{Down}
12:10:56 [ FAIL ] AnonTeam tried to solve Never with hxp{never_gona_give_you_up}
12:11:09 [ FAIL ] AnonTeam tried to solve Never with hxp{gonna_give_you_up}
12:11:22 [ FAIL ] AnonTeam tried to solve Never with hxp{say_never}
12:11:24 [ FAIL ] AnonTeam tried to solve Never with hxp{never}
12:11:38 [ FAIL ] AnonTeam tried to solve Never with hxp{never}
12:11:43 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:11:50 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:12:04 [ FAIL ] AnonTeam tried to solve Never with hxp{never}
12:12:09 [ FAIL ] AnonTeam tried to solve Never with hxp{gonna}
12:12:10 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:12:11 [ FAIL ] AnonTeam tried to solve Never with hxp{gonna_give_you_up}
12:12:15 [ FAIL ] AnonTeam tried to solve Never with hxp{Gonna}
12:12:26 [ FAIL ] AnonTeam tried to solve Never with hxp{Fuck-you}
12:12:30 [ FAIL ] AnonTeam tried to solve Up with hxp{down}
12:12:38 [ FAIL ] AnonTeam tried to solve Never with hxp{http://ctf.link/challenges/25/}
12:12:43 [ FAIL ] AnonTeam tried to solve Never with hxp{never_give_up}
12:13:18 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:13:21 [ FAIL ] AnonTeam tried to solve Never with Never
12:13:32 [ FAIL ] AnonTeam tried to solve Never with hxp{gonna}
12:13:33 [ FAIL ] AnonTeam tried to solve Never with hxp{Rick_Astley}
12:13:38 [ FAIL ] AnonTeam tried to solve Give with hxp{Let}
12:13:40 [ FAIL ] AnonTeam tried to solve Never with hxp{rick_astley}
12:13:41 [ FAIL ] AnonTeam tried to solve Up with hxp{Down}
12:13:41 [ FAIL ] AnonTeam tried to solve Never with hxp{Gonna}
12:13:51 [ FAIL ] AnonTeam tried to solve Gonna with hxp{Rick_Astley}
12:13:55 [ FAIL ] AnonTeam tried to solve Never with hxp{Never}
12:14:00 [ FAIL ] AnonTeam tried to solve Never with Never
12:14:00 [ FAIL ] AnonTeam tried to solve Gonna with hxp{rick_astley}
12:14:12 [ FAIL ] AnonTeam tried to solve Never with hxp{Niemals}
12:14:28 [ FAIL ] AnonTeam tried to solve Up with hxp{up}
12:14:31 [ FAIL ] AnonTeam tried to solve Never with hxp{Rick Astley}
12:14:35 [ FAIL ] AnonTeam tried to solve Up with hxp{Rick Astley}
12:14:38 [ FAIL ] AnonTeam tried to solve Never with hxp{reveN}
12:14:39 [ FAIL ] AnonTeam tried to solve You with hxp{Rick Astley}
12:14:41 [ FAIL ] AnonTeam tried to solve Give with hxp{Rick Astley}
12:14:41 [ FAIL ] AnonTeam tried to solve Give with hxp{turn}
12:14:41 [ FAIL ] AnonTeam tried to solve Never with hxp{reven}
12:14:43 [ FAIL ] AnonTeam tried to solve Gonna with hxp{Rick Astley}
12:14:44 [ FAIL ] AnonTeam tried to solve Give with hxp{Turn}
12:14:53 [ FAIL ] AnonTeam tried to solve Up with hxp{down}
12:15:09 [ FAIL ] AnonTeam tried to solve Gonna with hxp{rick_astley}
12:15:20 [ FAIL ] AnonTeam tried to solve Give with hxp{rick_astley}
12:15:25 [ FAIL ] AnonTeam tried to solve Give with hxp{Rick_Astley}
12:15:26 [ FAIL ] AnonTeam tried to solve Up with hxp{Rick}
12:16:14 [ FAIL ] AnonTeam tried to solve Never with hxp{https://www.youtube.com/watch?v=dQw4w9WgXcQ}
12:16:21 [ FAIL ] AnonTeam tried to solve Up with hxp{down}
12:16:31 [ FAIL ] AnonTeam tried to solve Up with hxp{Arrow}
12:16:56 [ FAIL ] AnonTeam tried to solve Never with hxp{Niemals}
12:16:57 [ FAIL ] AnonTeam tried to solve Never with hxp{Never_gonna_give_you_up}
12:17:22 [ FAIL ] AnonTeam tried to solve Up with hxp{Never_gonna_give_you_down}
12:18:19 [ FAIL ] AnonTeam tried to solve Up with hxp{Never}
12:18:45 [ FAIL ] AnonTeam tried to solve Up with hxp{never}
12:19:14 [ FAIL ] AnonTeam tried to solve Gonna with hxp{when_you_gonna}
12:19:58 [ FAIL ] AnonTeam tried to solve Up with hxp{dQw4w9WgXcQ}
12:20:01 [ FAIL ] AnonTeam tried to solve You with hxp{dQw4w9WgXcQ}
12:20:05 [ FAIL ] AnonTeam tried to solve Give with hxp{dQw4w9WgXcQ}
12:20:10 [ FAIL ] AnonTeam tried to solve Gonna with hxp{dQw4w9WgXcQ}
12:20:13 [ FAIL ] AnonTeam tried to solve Up with Down
12:20:14 [ FAIL ] AnonTeam tried to solve Never with hxp{dQw4w9WgXcQ}
12:20:19 [ FAIL ] AnonTeam tried to solve Up with hxp{Down}
12:20:53 [ FAIL ] AnonTeam tried to solve Up with hxp{let you down}
12:21:11 [ FAIL ] AnonTeam tried to solve You with hxp{DFCI}
12:21:22 [ FAIL ] AnonTeam tried to solve You with hxp{Player}
12:21:28 [ FAIL ] AnonTeam tried to solve Up with hxp{dQw4w9WgXcQ}
12:21:38 [ FAIL ] AnonTeam tried to solve You with hxp{dQw4w9WgXcQ}
12:21:48 [ FAIL ] AnonTeam tried to solve Give with hxp{dQw4w9WgXcQ}
12:22:00 [ FAIL ] AnonTeam tried to solve Gonna with hxp{dQw4w9WgXcQ}
12:22:11 [ FAIL ] AnonTeam tried to solve Never with hxp{dQw4w9WgXcQ}
12:23:00 [ FAIL ] AnonTeam tried to solve Up with hxp{Down}
12:23:51 [ FAIL ] AnonTeam tried to solve Up with hxp{Rickroll}
12:24:27 [ FAIL ] AnonTeam tried to solve Never with hxp{dQw4w9WgXcQ}
12:25:39 [ FAIL ] AnonTeam tried to solve Up with hxp"
12:26:10 [ FAIL ] AnonTeam tried to solve Up with hxp{Rick Astley}
12:26:33 [ FAIL ] AnonTeam tried to solve Up with hxp{Up You Give Gonna Never}
12:27:35 [ FAIL ] AnonTeam tried to solve Never with
12:28:02 [ FAIL ] AnonTeam tried to solve Never with hxp{never}

My personal favorites, really creative!

13:29:06 [ FAIL ] AnonTeam tried to solve You with hxp{somebody}
13:34:29 [ FAIL ] AnonTeam tried to solve Up with hxp{schroedingers_challenge}
12:16:31 [ FAIL ] AnonTeam tried to solve Up with hxp{https://www.youtube.com/watch?v=dQw4w9WgXcQ}

And again, thank you all for participating and playing! :)