This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:OWASP CTF Project"

From OWASP
Jump to: navigation, search
(FAQs)
 
(24 intermediate revisions by 5 users not shown)
Line 1: Line 1:
==== Main ====
+
=Main=
<b>Welcome to the OWASP Capture The Flag (CTF) project!</b><br>
 
  
== What is the CTF ==
 
  
The OWASP CTF project is a web base hacking challenge application with challenges categorized in web, network and ‘others’. You require creativity, resourcefulness and networking skills to solve the various challenges.
 
  
== Open Source? ==
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
First of all... sorry, but of course, we can not make the CTF and all challenges opensource.
+
==OWASP CTF Project==
Hereby my apologies for not being as open as I want OWASP and OWASP projects to be. <br>
+
 
 +
The OWASP CTF Project is designed to be used during (OWASP) conferences as an 'entertainment' to all the sessions that are available. Due to this nature, as it contains various challenges that allow participant to win prices at an event, the source code of the challenges is not disclosed, but the framework is publicly available.
 +
This framework is designed to be open for modification, extension so that people can use it as a base to hold their own CTF events.
 +
 
 +
==Introduction==
 +
 
 +
The purpose of this Project is to create a competitive environment which can be used at conferences and to have fun and teach in a playful way the various mistakes which are made in regards to web applications.
 +
 
 +
 
 +
==Description==
 +
The OWASP CTF Project a web base hacking challenge application with challenges categorized in web, network and ‘others’. You require creativity, resourcefulness and networking skills to solve the various challenges. (a copy of the Live CD can help as well)
 +
 
 +
'''Open Source?'''
 +
 
 +
First of all... sorry, but of course, we can not make the CTF and all challenges opensource. Hereby my apologies for not being as open as I want OWASP and OWASP projects to be.  
 
..I know you understand!
 
..I know you understand!
 +
Ahead of the OWASP AppSec-NY in 2009, the idea came up to supply an OWASP CTF event. This has been repeated successfully for the AppSec-EU 2009. Both developed by volunteering individuals, putting in a big amount of work, building the CTF from scratch. As the CTF event was warmly welcomed by those who participated, it was clear, the CTF has to become a event available for each OWASP event. To make this possible, the CTF project has been created!
 +
 +
Unfortunately, and I guess you understand, we can't share the current used CTF freely. For previous CTF applications and challenges, please see the download section.
 +
To get the CTF at your (OWASP) event, send an email to steven.van.der.baan 'at' owasp.org.
 +
 +
 +
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
== What is CTF? ==
 +
[[Image:CTFLogo.jpg|right]]
 +
 +
 +
OWASP CTF Project  provides:
 +
 +
* web related challenges
 +
* entertainment at conferences
 +
 +
== Presentation ==
 +
 +
 +
== Project Leader ==
 +
 +
[mailto:[email protected] Steven van der Baan]
 +
 +
== Related Projects ==
 +
 +
 +
 +
== Ohloh ==
 +
 +
 +
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 +
== Quick Download ==
 +
As we can not make the current CTF and challenges available, so what is available to download? We will share previous used CTF applications, not longer used!
 +
Further, we are currently working on a plug-in system for the challenges. We will release a setup where to install challenges as plugins, soon. Also, we will continuously make obsolete challenges available to download!
 +
Available downloads:
 +
*Framework
 +
*Initial challenge
 +
 +
[https://code.google.com/p/owaspctf/ Google Code]
 +
 +
== Email List ==
 +
 +
[https://lists.owasp.org/mailman/listinfo/owasp-ctf Sign Up!]
 +
 +
== News and Events ==
 +
* [20 Nov 2013] News 2
 +
* [30 Sep 2013] News 1
 +
 +
 +
== In Print ==
  
Ahead of the OWASP AppSec-NY in 2009, the idea came up to supply an OWASP CTF event. This has been repeated successfully for the AppSec-EU 2009. Both developed by volunteering individuals, putting in a big amount of work, building the CTF from scratch.
 
As the CTF event was warmly welcomed by those who participated, it was clear, the CTF has to become a event available for each OWASP event. To make this possible, the CTF project has been created!
 
  
  
==== the CTF at your event ====
+
==Classifications==
  
Unfortunately, and I guess you understanFirst of all... sorry, but of course, we can not make the CTF and all challenges opensource. Hereby my apologies for not being as open as I want OWASP and OWASP projects to be.  
+
  {| width="200" cellpadding="2"
There is no download where to get the CTF from.
+
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Midlevel projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
  
..I know you understand!
+
|}
Nevertheless, I am sharing as much as I can.
 
  
 +
=Playing the CTF=
  
= past events =  
+
==Playing the CTF==
  
* AppSec-EU Polen
+
The rules to participate and playing the CTF might change depending to the event the CTF is organized at. What you find below is what we think, the CTF should be done..
* AppSec-DC
 
  
 +
==Participating==
  
= future events =
+
Register at the CTF organizer with your MAC address and participant name. Once you have access to the application, register with your chosen game name and the game is started. You can join whenever you like when the game has started until the declared end of the game.
* AppSec- Research
 
* AppSec-Ireland
 
  
==== Playing the CTF ====
+
==Rules==
The rules to participate and playing the CTF might change depending to the event the CTF is organized at.
 
What you find below is what we think, the CTF should be done.. ;-)
 
  
== Participating: ==
+
* You play with your own laptop.
Register at the CTF organizer with your MAC address and participant name. Once you have access to the application, you register with your chosen game name and the game is started.
 
You can join whenever you like when the game started until the declared end of the game.
 
== Rules: ==
 
* You play with your own laptop
 
 
* The game is open during the conference time.
 
* The game is open during the conference time.
* Attacking the CTF outside of the challenges results in disqualification
+
* Attacking the CTF outside of the challenges results in disqualification.
* Attacking CTF competitors results in disqualification
+
* Attacking CTF competitors results in disqualification.
== Scoring: ==
+
 
For each solved challenge you get one point.  
+
==Scoring==
 +
 
 +
* For each solved challenge you get one point.
 
* Who has the most challenges solved wins.
 
* Who has the most challenges solved wins.
 
* By same score, first scored wins.
 
* By same score, first scored wins.
 
* Groups and single player are treated the same
 
* Groups and single player are treated the same
 +
* This is a proposal of rules. Those can be changed, depending on the event where the CTF is held.
  
This is a proposal of rules. Those can be changed, depending on the event where the CTF is hold!
+
==Who can anticipate in the CTF?==
=== who can anticipate in the CTF ===
+
* Single Players, every one can participate in a CTF event by themselves.
* Single Players, every one can anticipate on a CTF event by him self
+
* Groups, you can team up with others and participate as a group. Dividing the prices is the responsibility of the group members, though.
* Groups, you can up with others and anticipate as group. Dividing the prices is the responsibility of the group members though
 
  
+
==Pointing System==
=== pointing system ===
+
* With each challenge you can get a certain score, depending on the difficulty of the challenge. After solving a challenge, a key is gained. You will have to insert that key into your account screen and points are added to your account. In case of same number of points, whoever scores first wins.
With each challenge you can get a certain score, depending on the difficulty of the challenge. After solving a challenge, a key is gained. You will have to insert that key in your account screen and points are added to your account. In case of same number of points, who ever scores first wins!
+
* With the current CTF system all challenges are worth one (1) point.
  
 +
==Categories==
  
== categories ==
+
The challenges are categorized in Web, Networking and Forensic.
The challenges are categorized in Web, Networking and Forensic.  
 
 
* Web challenges
 
* Web challenges
 
* Networking challenges
 
* Networking challenges
 
* Forensic challenges
 
* Forensic challenges
 +
 
The current CTF contains the following categories:
 
The current CTF contains the following categories:
* Web
+
* Web; your "default" web challenges
* Networking
+
* Networking; networking related challenges
* Others
+
* Others; all other challenges that can't be fitted under the other categories.
 +
 
 +
==Score Board==
 +
 
 +
The scoreboard will display the ranking of all playing users.
 +
 
 +
=Past Events=
 +
*Confidence 2008
 +
*OWASP Appsec Europe 2008
 +
*AppSec-EU Poland 2009
 +
*AppSec-DC 2009
 +
*AppSec-EU Stockholm 2010
 +
*HITB Amsterdam 2010
 +
*AppSec-USA 2010
 +
*GovWare Singapore 2010
 +
*AppSec-Brazil 2010
 +
*OWASP BeNeLux day 2010
 +
*HITB Amsterdam 2011
 +
*AppSec-EU Dublin 2011
 +
*AppSec-USA Minneapolis 2011
 +
*OWASP Benelux day 2011
 +
*OWASP Appsec EU Athens 2012
 +
*AppSec-USA Austin 2012
 +
*OWASP BeNeLux day 2012
 +
*OWASP Appsec EU Hamburg 2013
 +
*AppSec-USA New York 2013
 +
*OWASP Appsec EU Cambridge 2014
 +
 
 +
=FAQs=
 +
 
 +
; Can I have a copy of the challenges?
 +
: Short answer, no. Long answer, depending on the 'strength' of the challenges they will be reused across multiple Capture the Flag events. Releasing the challenges might bring an unfair advantage to some of the players.
 +
 
 +
; How can I help?
 +
: Everybody can help by providing challenges, or ideas for challenges.
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
CTF is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* [mailto:[email protected] Martin Knobloch]
 +
* [mailto:[email protected] Brad Causey]
 +
* [mailto:[email protected] Ralf Allar]
 +
* [mailto:[email protected] Andres Riancho]
 +
* Danny Chrastil
 +
 
 +
 
 +
= Road Map and Getting Involved =
 +
As of 2014, the priorities are:
 +
*Development
 +
**Framework
  
== score board ==
+
The framework is almost finished. The final quirkes are tested at the Owasp BeNeLux days and will be uploaded afterwards. <br> The latest design and logo (thanks to my wife) are used, waiting on some feedback from actual players.<br> The next version of the framework will contain a better template mechanism for customisation and a construction to be able to play network challenges without having to worry of you hackers taking over the complete system&nbsp;;)
For each category, there will be 4 challenges in different difficulty:
 
* 200 pointsu
 
* 300 points
 
* 500 points
 
* 750 points
 
  
==== Downloads ====
+
*Challenges
As we can not make the current CTF and challenges available, we do release obsolete CTF's and challenges
 
at [http://code.google.com/p/owaspctf/  its home on Google Code]<br>
 
All available downloads can be found at [http://code.google.com/p/owaspctf/downloads/list its Google Code download location]
 
  
==== Roadmap ====
+
The various challenges that will be released depend on the feedback from the various events where the CTF has been held. The easiest challenges will slowly disapear from the CTF and will be made available for download.
  
* Development
+
*Obsolete
** Challenges
 
  
* Obsolete
+
Involvement in the development and promotion of the CTF is actively encouraged!
==== Project Identification ====
+
We need people who can help in designing and building challenges. Feel free to send ideas (or even finished challenges) to Steven ([email protected]) and he'll try to include it in the CTF.
  
[[Category:OWASP Project|CTF Project]]
+
=Project About=
[[Category:OWASP Document]]
+
{{:Projects/OWASP CTF Project | Project About}} 
[[Category:OWASP Alpha Quality Document]]
 
  
{{:GPC Project Details/OWASP CTF Project | OWASP Project Identification Tab}}
+
__NOTOC__ <headertabs />
  
__NOTOC__
+
[[Category:OWASP Project]]  [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]]  [[Category:OWASP_Document]]
<headertabs/>
 

Latest revision as of 09:43, 14 February 2015

OWASP CTF Project

The OWASP CTF Project is designed to be used during (OWASP) conferences as an 'entertainment' to all the sessions that are available. Due to this nature, as it contains various challenges that allow participant to win prices at an event, the source code of the challenges is not disclosed, but the framework is publicly available. This framework is designed to be open for modification, extension so that people can use it as a base to hold their own CTF events.

Introduction

The purpose of this Project is to create a competitive environment which can be used at conferences and to have fun and teach in a playful way the various mistakes which are made in regards to web applications.


Description

The OWASP CTF Project a web base hacking challenge application with challenges categorized in web, network and ‘others’. You require creativity, resourcefulness and networking skills to solve the various challenges. (a copy of the Live CD can help as well)

Open Source?

First of all... sorry, but of course, we can not make the CTF and all challenges opensource. Hereby my apologies for not being as open as I want OWASP and OWASP projects to be. ..I know you understand! Ahead of the OWASP AppSec-NY in 2009, the idea came up to supply an OWASP CTF event. This has been repeated successfully for the AppSec-EU 2009. Both developed by volunteering individuals, putting in a big amount of work, building the CTF from scratch. As the CTF event was warmly welcomed by those who participated, it was clear, the CTF has to become a event available for each OWASP event. To make this possible, the CTF project has been created!

Unfortunately, and I guess you understand, we can't share the current used CTF freely. For previous CTF applications and challenges, please see the download section. To get the CTF at your (OWASP) event, send an email to steven.van.der.baan 'at' owasp.org.


What is CTF?

CTFLogo.jpg


OWASP CTF Project provides:

  • web related challenges
  • entertainment at conferences

Presentation

Project Leader

Steven van der Baan

Related Projects

Ohloh

Quick Download

As we can not make the current CTF and challenges available, so what is available to download? We will share previous used CTF applications, not longer used! Further, we are currently working on a plug-in system for the challenges. We will release a setup where to install challenges as plugins, soon. Also, we will continuously make obsolete challenges available to download! Available downloads:

  • Framework
  • Initial challenge

Google Code

Email List

Sign Up!

News and Events

  • [20 Nov 2013] News 2
  • [30 Sep 2013] News 1


In Print

Classifications

Midlevel projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Playing the CTF

The rules to participate and playing the CTF might change depending to the event the CTF is organized at. What you find below is what we think, the CTF should be done..

Participating

Register at the CTF organizer with your MAC address and participant name. Once you have access to the application, register with your chosen game name and the game is started. You can join whenever you like when the game has started until the declared end of the game.

Rules

  • You play with your own laptop.
  • The game is open during the conference time.
  • Attacking the CTF outside of the challenges results in disqualification.
  • Attacking CTF competitors results in disqualification.

Scoring

  • For each solved challenge you get one point.
  • Who has the most challenges solved wins.
  • By same score, first scored wins.
  • Groups and single player are treated the same
  • This is a proposal of rules. Those can be changed, depending on the event where the CTF is held.

Who can anticipate in the CTF?

  • Single Players, every one can participate in a CTF event by themselves.
  • Groups, you can team up with others and participate as a group. Dividing the prices is the responsibility of the group members, though.

Pointing System

  • With each challenge you can get a certain score, depending on the difficulty of the challenge. After solving a challenge, a key is gained. You will have to insert that key into your account screen and points are added to your account. In case of same number of points, whoever scores first wins.
  • With the current CTF system all challenges are worth one (1) point.

Categories

The challenges are categorized in Web, Networking and Forensic.

  • Web challenges
  • Networking challenges
  • Forensic challenges

The current CTF contains the following categories:

  • Web; your "default" web challenges
  • Networking; networking related challenges
  • Others; all other challenges that can't be fitted under the other categories.

Score Board

The scoreboard will display the ranking of all playing users.

  • Confidence 2008
  • OWASP Appsec Europe 2008
  • AppSec-EU Poland 2009
  • AppSec-DC 2009
  • AppSec-EU Stockholm 2010
  • HITB Amsterdam 2010
  • AppSec-USA 2010
  • GovWare Singapore 2010
  • AppSec-Brazil 2010
  • OWASP BeNeLux day 2010
  • HITB Amsterdam 2011
  • AppSec-EU Dublin 2011
  • AppSec-USA Minneapolis 2011
  • OWASP Benelux day 2011
  • OWASP Appsec EU Athens 2012
  • AppSec-USA Austin 2012
  • OWASP BeNeLux day 2012
  • OWASP Appsec EU Hamburg 2013
  • AppSec-USA New York 2013
  • OWASP Appsec EU Cambridge 2014
Can I have a copy of the challenges?
Short answer, no. Long answer, depending on the 'strength' of the challenges they will be reused across multiple Capture the Flag events. Releasing the challenges might bring an unfair advantage to some of the players.
How can I help?
Everybody can help by providing challenges, or ideas for challenges.

Volunteers

CTF is developed by a worldwide team of volunteers. The primary contributors to date have been:


As of 2014, the priorities are:

  • Development
    • Framework

The framework is almost finished. The final quirkes are tested at the Owasp BeNeLux days and will be uploaded afterwards.
The latest design and logo (thanks to my wife) are used, waiting on some feedback from actual players.
The next version of the framework will contain a better template mechanism for customisation and a construction to be able to play network challenges without having to worry of you hackers taking over the complete system ;)

  • Challenges

The various challenges that will be released depend on the feedback from the various events where the CTF has been held. The easiest challenges will slowly disapear from the CTF and will be made available for download.

  • Obsolete

Involvement in the development and promotion of the CTF is actively encouraged! We need people who can help in designing and building challenges. Feel free to send ideas (or even finished challenges) to Steven ([email protected]) and he'll try to include it in the CTF.

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP CTF Project (home page)
Purpose: The purpose of this Project is to create a competitive environment which can be used at conferences and to have fun and teach in a playful way the various mistakes which are made in regards to web applications.
License: N/A
who is working on this project?
Project Leader(s):
Project Contributor(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

This category currently contains no pages or media.