RuCTF RULES
Servers with a pre-installed set of vulnerable services.
The task of the participants is finding vulnerabilities, closing them on their own and using them to retrieve private information (flags) from their opponents. The game is continuously monitored by the checking jury system, regularly placing new flags on the teams' servers. In addition, the system accepts from the teams flags captured from the opponents.
TIt is difficult to give a complete set of rules for a CTF challenge, so these rules can change without notice at any moment prior to game start. That is why we recommend checking the rules one more time before the competition starts. Just in case :)
- Do whatever they want within their network segment. Most likely the team would like to patch vulnerabilities in their services or block exploitation of vulnerabilities;
- Attack other teams. Didn't expect that, huh?
- Attack the game infrastructure operated by organizers;
- Attack the game infrastructure operated by organizers;
- Generate excessive amounts of traffic that pose a threat to network stability of any other team
Key parameters in the scoring system are SLA and FlagPoints. Their values are individual for each service of each team. Team score is calculated as the sum of the products of the corresponding SLA and FlagPoints of all team's services.
SLA(team, service) is the fraction of the game time in which that service of that team was in the UP state. E.g. if the service was always UP, SLA would be 1. If 4 hours passed from the game start and the service was UP during the first hour and then was not UP for the rest 3 hours, SLA would be 0.25. At the beginning of the game all teams have SLA equal to 1.
FlagPoints(team, service) is the number that correlates with a team's ‘understanding’ of the service. FlagPoints depend on the team attack capabilities (exploiting vulnerabilities against other teams) and defense capabilities (fixing vulnerabilities in their own service). At the beginning of the game all teams have equal FlagPoints, and FlagPoints are updated every game round. If during the round the team failed both in attack and defense of the service, the corresponding FlagPoints will decrease, but will never reach 0. If during the round, the team was only able to defend the service, the corresponding FlagPoints will not change. If the team was able both to attack and to defend, the corresponding FlagPoints will grow.
Flag price is the number of FlagPoints got by attackers for stealing the flag from the victim.
Flag lifetime is the amount of time during which the flag must be available in the service for the checksystem. At RuCTFE it's 15 rounds. Teams should steal the flag and post it to the checksystem until it is expired.
The maximum amount of points awarded/deducted for the flag is equal to the number of the participating teams. If a flag was stolen from a team that was higher on the scoreboard in the previous round, the team that has stolen the flag earns the maximum number of FlagPoints. If a flag was stolen from a team that was below your team on the scoreboard, the number of FlagPoints will decrease based on the difference in teams' positions on the scoreboard, but will never go below 1. FlagPoints for a flag are awarded when that flag expires.
Luckily all this complex text can be expressed in pseudocode:
def on_game_start(team): team.sla = [1] * number_of_services team.flagpoints = [0] * number_of_services def on_flag_post(attacker, flag): victim = flag.owner victim_pos = scoreboard[victim] attacker_pos = scoreboard[attacker] service = flag.service max = number_of_teams flag_score = attacker_pos > victim_pos ? max : exp(log(max) * (max - victim_pos) / (max - attacker_pos)) attacker.flagpoints[service] += flag_score victim.flagpoints[service] -= min(victim.flagpoints[service], flag_score) def get_score(team): return sum(map(lambda x: x[0] * x[1], zip(team.sla, team.flagpoints)))
Apart from FlagPoints, SLA and total score, the scoreboard shows the state of each service. There are four possible states of a service:
UP — means that service is online, serves the requests, stores and returns flags and behaves as expected.
CORRUPT — means that service is online, but past flags cannot be retrieved.
MUMBLE — means that service is online, but behaves not as expected, e.g. if HTTP server listens the port, but doesn't respond on request.
DOWN — means that service is offline.