Capture the Flag 🚩 , win prizes 🎁



We'll be hosting a capture the flag 🏳contest this fall. If you love Linux 🐧 and you are familiar with PHP+MySQL, please join us and have some fun.

Registration deadline: 8pm Wednesday 12/06/2017. 

Please shoot your name, 700 id, uname of BB to Dr. Xiang Fu (Xiang.Fu@hofstra.edu).

In the following please find contest rules (draft, will be finalized 12/07/2017):

 
HU 2017 Capture the Flag (Sponsored by Department of Computer Science, SEAS, Hofstra University)
Contest Rules:


Contest Date: 2:20pm Tuesday 12/12/2017 – 2:19pm Wednesday 12/13/2017 (24 hrs)

Eligibility of Participants: (1) students in csc115/215 or (2) you know very well about Linux, PHP, and MySQL.

Top 3 winners (see rank criteria in 2.e) will receive award plaques and prize gifts from the computer science department.

(1) Each participant will have:
(a) one Linux image on big data lab servers with a fixed IP and fixed MAC address. You need VPN for accessing big data lab, see (b) for instructions.
(b) access to competition tutorial materials (BB->CSC215->CourseDoc->MidtermPrep), including slides, sample metasploit scripts, Backtrack 5 VM image.
(c) is allowed to have at most ONE device connected to big data lab VPN.
              
(2) Ranking rules:
               (a) Attack score is increased by 1 for each successful flag submission to the grading server (located at 10.22.13.251:50505)
               (b) Defense score is increased by 1 for each round (about 10 seconds) for each service that is functioning correctly and is not hacked.
               (c) All participants will be ranked by attack score (rank1)
               (d) All participants will be ranked by defense score (rank2)
               (e) The overall performance is calculated as the rank of (rank1+rank2)/2. If there is a tie on the overall performance, the final winner is determined by the attack score.

(3) Academic Integrity:
(a) No attack in any form is allowed on the grading server (10.22.13.251)
               (b) You should not reveal your IP to any peers
               (c) No collaboration between any two students (e.g., it’s strictly ban to attack one student by collaborated attacks involving two or more students)

(4) Attack Rules:
               (a) All forms of attacks are allowed, including but not limited to attacks on the known OS vulnerabilities, denial of service, command injections on web applications. All actions are allowed, e.g., erasing the entire file system, changing probing/flag submission scripts of the victim so that the flags are redirected to the attacker’s server, and reset of database system.
               (b) No attacks on grading server, in any form.
               (c) No attacks are allowed by flooding network or stressing target system.
               (d) No attacks are allowed to tamper the flag submission mechanism or defense measuremenet mechanism employed by grading server (e.g., it is not allowed to emulate the grading server and insert fake flags into target computers, which interferes with grading server’s heart beating message).
               (e) Courtesy Rule: if you are performing system level damaging actions which disables the access of the opponent (e.g., locking his/her account or erasing entire file system), please restrict the locking action up to 1 hr.
               (f) Fair use of network: you are allowed to send out up to 150 HTTP(s) requests per second. You are allowed to send up to 30 HTTP(s) requests per second to grading server.
               (g) Fairness Rule: the selection of victim should not be based on rank (e.g., if you are currently rank 2, you should not focus on attacking rank 1). Attacks should be ideally uniformly distributed to all participants in the competition.

(5) Defense Rules:
               (a) You are allowed to upgrade the entire OS or re-implement the entire web applications, as long as you keep the same MAC/IP.
               (b) You should not ask for excessive help from computing service for resetting your OS. It’s your responsibility to take snapshot of your VM and reset your default root password.
               (c) No IP blocking unless your system is flooded or stressed by an opponent.