RuCTFE 2009 Rules

Contents The spirit of the challenge
Definitions
Gaining points
Prohibitions
Permissions
Organizers
Exceptions

The spirit of the challenge

It is difficult to give a complete set of rules of CTF challenge. Aim of this challenge is not to find out the best. True professionals are incomparable. The main goal is to share experience and knowlege in the field of computer security. Nevertheless, the luckiest team will become a winner :)

Destructive attacks (like "rm -rf /"), as well as DoS attacks with a great amount of garbage traffic, contradict with the spirit of the challenge.

Be ready for any operating system and any programming language. You're professionals, aren't you?

Definitions

Team

A group of people with a captain.

Service

A vulnerable application written for the challenge.

Flag

A string that matches regex: /^=\w{31}$/.

Team is given points for

  • correct work of their services;
  • capturing flags from others teams' services;
  • sending advisories, which contain description of vulnerability, patch and exploit;
  • solving quests;
  • organizers special decision.
More details about scoring system here.

Teams are prohibited to:

  • filter (by IP or in any other way) other teams;
  • generate large amount of network traffic;
  • run DoS attacks with large amount of network traffic;
  • run destructive attacks (e.g., "rm -rf /");
  • attack teams outside VPN.

Permissions

Teams may patch vulnerabilities in ther services or block exploitation of vulnerabilities.

Organizers

  • may specify rules more precisely at any moment before the challenge starts;
  • may penalize/disqualify team for rules violation;
  • determine the winner. Descision is based on teams' earned points.

Exceptions

Teams should meet organizers decisions in critical situations, which may not have been listed here, with understanding.
Still organizers do their best to steer clear of such.