RuCTF2008/rules
Contents The spirit of the game
Definitions
Schedule
Gaining points
Prohibitions
Permissions
Network
Jury
Exceptions
The spirit of the game

  It is difficult to give a complete set of rules of CTF game.
  Aim of this game is not to find out the best. True professionals are
  incomparable. The main goal is to share experience and knowlege in
  the field of computer security. Nevertheless, the luckiest team
  will become a winner :)

  Destructive attacks (like "rm -rf /"), as well as DoS attacks
  with a great amount of garbage traffic contradict with the spirit
  of the game.

  Be ready for any oerating system and any programming
  language. You're professionals, aren't you?
Definitions
 

  Team

    A group of people, consisting of 1-7 players. One of them is captain.

  Service

    A vulnerable application written for the game.

  Flag

    String that matches regex: /^=[_a-zA-Z0-9\+\-\/\\]{63}$/.

Schedule
 

  11:00:00 - Teams are given an encrypted VMWare image of game server.

  11:59:59 - The decryption key is available for teams.

  12:00:00 - Game starts. Teams' networks are not yet connected with
             each other. Jury doesn't check the services yet.

  13:00:00 - Routing between teams is enabled, jury starts to check
             the services.

  22:00:00 - Game is over. Teams's networks are disconnected from
             each other.
Team is given points for

    * correct work of their services;
    
    * capturing flags from others teams' services;
    
    * sending advisories, which contain description of
      vulnerability, patch and exploit;

    * solving quests;
    
    * jury's special descision.
Teams are prohibited to:

    * attack check system and servers of jury;
    
    * filter (by IP or in any other way) other teams;
     
    * generate large amount of network traffic;
    
    * run DoS attacks with large amount of network traffic;
    
    * run destructive attacks (e.g., "rm -rf /").
Permissions
 

  Teams may use any amount of computers and network
  equipment (not higher than 2nd OSI level).

  Teams may patch vulnerabilities in ther services or block
  exploitation of vulnerabilities.

  Teams may change topology of their sub-networks.

  Each team member will be given one computer for the time of the game
  (if it is necessary).

  Each team will be given a router and administrator's account on it.
Network
   

  Network layout is a part of the rules.
Jury

  * may specify rules more precisely at any moment before the game starts;
 
  * may penalize/disqualify team for rules violation;

  * determines the winner. Descision is based on teams' earned points.
Exceptions

  Teams should meet jury's decisions in critical situations,
  which may not have been listed here, with understanding.
  
  Still organizers and jury do their best to steer clear of such.
(c) 2008 www.RuCTF.org, www.hackerdom.ru