HackceptionCTF Work Log - Week 1

HackceptionCTF Work Log - Week 1

Anokha is coming! Yeayy! With less than a month to go for Anokha, work needs to be done on Hackception CTF to get it up and running on the big day. This is the second edition of the CTF, and is going to be bigger, better and merrier this time as a lot of planning has been done on the event. First things first, you can find the event page here. What's more? It's free.

This is what the previous years' contestants had to say:

Blog Post of Team Unclassified Errors

Shyam's Blog Post

Sunil's Blog Post

And the prize winning blog post : ~~Abhiram's Blog,err. Code~~ Looks like he took it down.

'Nuff said. Less talks and more hacks this time.

Wondering what a CTF is? Well, Capture-The-Flag events are usually held to test the wit , skills and intelligence of a programmer or/and a hacker. CTF's are broadly categorized into two. Jeopardy and Attack 'n' Defense. Jeopardy is more like an online treasure hunt game where you are given a few puzzles/questions along with a clue for you to solve it. Once you solve it correctly, you usually receive a flag which can be entered into a flag submission portal which will grade you on basis of the correctness of the flag you have entered. Flags are usually long strings of plain-text or a MD5 encrypted hash. Of course, it is not going to be as easy as a treasure hunt. But yeah, it ain't rocket science too ;)

Attack 'n' Defense is the real deal. You might be good with jeopardy but the real test of the skills is done in the Attack 'n' Defense round. It's Survival of the Fittest, no mercy. Make Mistakes and watch your opponent tear your computer apart, savaging all the resources you have. You have to defend yourself from incoming attacks as well as attack the other opponents in a typical Attack n Defense CTF within a limited period of time. The game mechanism is fairly complex too. A gameserver, or the "Big Brother", constantly pushes random MD5 hashes into the vulnerable services of every team every x minutes. A team has to break into any opponent's system and exploit a vulnerability in the hosted service to extract the flag from the user. Every successful submission of a stolen flag will give the attackers' team points and will reduce defense points of the defending team. Told you, IT'S WARRR! The Battle of 0's and 1's, and occasionally idiots.

That being said, I expect to do the following things this week :

Yes, the work is hectic and tweaking source code of an existing application is a nightmare for most programmers. Nevertheless, it's fun and always a learning experience. After all, it's for one of the biggest tech fest of South India ;)