Team and Ground Rules

Ground Rules

  • You may not attack or tamper with Scoreboard in any way whatsoever.

  • You may not try and DoS/DDoS your vulnerable application or indeed anything else related to the challenge.

  • You may not tamper with another team’s instance, another team’s traffic or anything else related to another team or the organisers.

  • You may not use Burp Scanner – it probably won’t help you much and even if it does trigger a flag you won’t understand why it worked.

  • You may not search the Internet or ask anyone other than the organisers for anything related to the specific application, the specific challenges or the application’s source code. You may only search for general information about attacks. You have a PDF containing lots of hints about the challenges.

  • You may not tamper with the database table related to your challenge progress.

  • If you aren’t sure about anything, ask.

  • You may have points deducted if you break the rules!

TEAM RULES:

  • Each team has their own, Heroku hosted, instance of the vulnerable application. Your scope is limited to that URL, port 443.

  • Before the CTF starts, you need to go register your team details in the scoreboard app: http://leaderboard.ctfscore.xyz (one account per team)

  • Once the CTF starts, you can use the “Challenges” screen to enter your flags. You should search for the challenge name on the challenges screen.

  • If you miss your flag for some reason, you can go to the scoreboard screen of the vulnerable application and click on the green button to see it again.

  • The clock will start and stop at a set time, at which point you will not be able to record any additional flags.

  • Be organised and plan your efforts! (Divide and Conquer!)

PreviousArchitecture overviewNextHacking preparations

Last updated