This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Front Range OWASP Conference 2013/CTF"
(minor edits + installation and configuration information) |
m (→Acceptable behavior: added link to new wiki page for scoreboard so I can setup ctf.snowfroc.com to point to it.) |
||
| Line 19: | Line 19: | ||
===Acceptable behavior=== | ===Acceptable behavior=== | ||
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be: | Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be: | ||
| − | * No attacking the scoreboard. Misuse will result in punitive action. | + | * No attacking the [[SnowFROC2013_CTF_Scoreboard| scoreboard]]. Misuse will result in punitive action. |
* No targeting the VM. Do not mount the VM and harvest flags from within. | * No targeting the VM. Do not mount the VM and harvest flags from within. | ||
* No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity. | * No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity. | ||
Revision as of 16:17, 25 March 2013
Capture the Flag Overview
Test your skills with a capture the flag (CTF) hacking competition created specifically for SnowFROC by members of the Boulder OWASP chapter.
Competitors will be provided a series of web applications containing a variety of vulnerabilities. Each discovered vulnerability will earn points. The harder the hack, the more points earned. At the end of the day, the team with the most points wins.
Rules
All conference attendees may participate in the CTF tournament for no additional cost. If you would prefer to attend the general conference proceedings, the competition will be made available to attendees after SnowFROC ends.
Format
Contestants will be provided a virtual machine which will run locally on self-provided devices. This is a BYOD event and all contestants are responsible for providing their own machine. No "loaners" will be made available.
All contestant machines should have:
- A virtual machine player that supports .vmdk files, such as VMware Player, VirtualBox, or Parallels.
- Appropriate penetration testing tool (BackTrack, SamuraiWTF, Mantra OS, and OWASP ZAP will fit in well).
Acceptable behavior
Competitors are only permitted to attack targets running on their local systems. Network traffic will be monitored to ensure there will be:
- No attacking the scoreboard. Misuse will result in punitive action.
- No targeting the VM. Do not mount the VM and harvest flags from within.
- No attacking other teams, whether through coercion, DoS, theft, sabotage, or other malicious activity.
- No collusion. Work only within your own team.
Prizes
Small prizes will be awarded to winners. Anyone who worked on the project or who has access to project-related repositories is ineligible to win prizes.
Both team and individual prizes will be awarded based on merit and other achievements.
Getting Started
Content acquisition
This information will be released closer to the day of the event.
Installation and configuration instructions
- Internet Explorer is not supported in the VM.
- Add the following entries to your hosts file.
- Configure a host-only network on your VM with IP address 10.50.65.254/24
- Load the .vmdk files
- Make sure you are using a browser other than Internet Explorer which for security reasons is not supported by the scoreboard.
Registration instructions
Coming soon.
