RU EN

DEFINITIONS

TEAM

A group of people with a captain.

SERVICE

A vulnerable application written for the challenge.

FLAG

A string that matches regex: /[A-Z0-9]{31}=/.

GAME ROUND

A period of time for checksystem to check and score all the teams. It usually takes about 2 minutes.

ORGANIZERS

A group of people that run the whole competition. Organizers do their best to provide quality and fun to all participants. Still organizers are to penalize/disqualify teams for rules violation and to solve the critical situations not described in these rules. Teams should be prepared to meet such decisions with understanding. Also organizers do determine the winner. In general, this decision is based on the scoreboard.

TEAMS ARE ALLOWED TO

  • Do whatever they want within their network segment. Most likely the team would like to patch vulnerabilities in their services or block exploitation of vulnerabilities;
  • Attack other teams. Didn't expect that, huh?

TEAMS ARE PROHIBITED TO

  • Filter out other teams' traffic;
  • Generate large amount of traffic that poses a threat to network stability of organizers' facilities;
  • Generate large amount of traffic that poses a threat to network stability of any other team;
  • Attack the game infrastructure facilities operated by organizers.

SCORING SYSTEM

Key params in scoring system are SLA and FlagPoints. Their values are individual for each service of each team. Team's score is calculated as the sum of the products of the corresponding SLA and FlagPoints of all team's services.

SLA(team, service) is the percentage of the game time, during which that service of that team was in the UP state. E.g. if the service was always UP, SLA would be 1. If 4 hours passed from the game start and the service was up only during the first hour and then was not UP for the rest 3 hours, SLA would be 0.25. At the beginning all teams have SLA equal to 1.

FlagPoints(team, service) is a non-negative number, which correlates with the team's 'understanding' of that service. If the team can exploit service's vulns to get flags and has fixed those vulns in its own service, its FlagPoints will increase during the game. On the other hand if the team can't exploit service vulns and doesn't bother itself with fixing them, its FlagPoints will rapidly approach zero while its service is being exploited by other teams. If the team can only fix vulns but not exploit them, its FlagPoints will not change. At the beginning all teams have equal FlagPoints. During all game the sum of FlagPoints of all teams for each service is constant.

Flag's price is the number of FlagPoints got by attackers for stealing the flag from the victim. It is equal to the number of all playing teams.
Flag's lifetime is the amount of time during which the flag should be available in the service for checksystem. Teams should steal the flag and post it to checksystem until it is expired.

Flag scores only if the attacking team has this service in the UP state at the moment of posting this stolen flag to the checksystem.

FlagPoints(team, service) of the victim decreases by the flag's price for each flag stolen (and successfully posted to the checksystem) from this service of this team until it reaches zero.

FlagPoints(team, service) of the attacker increases by the flag's price for each flag stolen (and successfully posted to checksystem) from this service of another team if that team has non-zero FlagPoints for this service. If the same flag is posted by several teams, each of them receives an equal portion of the flag's price.

FlagPoints score at the moment of each flag's expiration.

Luckily all this complex text can be expressed in pseudocode:

    def on_game_start(team):
        team.sla = [1] * number_of_services
        team.flagpoints = [BAZILLION] * number_of_services

    def on_flag_post(attacker, flag):
        if attacker.service_states[flag.service] == 'UP':
            flag.attackers.append(attacker)

    def on_flag_end_of_life(flag):
        team = flag.owner
        service = flag.service
        if team.flagpoints[service] == 0:
            return
        flag_score = min(number_of_teams, team.flagpoints[service])
        team.flagpoints[service] -= flag_score
        flag_score /= len(flag.attackers)
        for attacker in flag.attackers:
            attacker.flagpoints[service] += flag_score
    
    def get_score(team):
        return sum(map(lambda x: x[0] * x[1], zip(team.sla, team.flagpoints)))
  

SCOREBOARD

Apart from FlagPoints, SLA and total score, scoreboard shows statuses of each service. Statuses are as following:

  • OK — means that service is online, serves the requests, stores and returns flags and behaves as expected.
  • MUMBLE — means that service is online, but behaves not as expected, e.g. if HTTP server listens the port, but doesn't respond on request.
  • CORRUPT — means that service is online, but past flags cannot be retrieved.
  • DOWN — means that service is offline.

NETWORK SCHEME RuCTF

Схема сети