We just published all services, including source code, checkers, and exploits for all vulnerabilities. If you want to look up solution, you can do so now.
=> https://github.com/saarsec/saarctf-2024
We hope you had a nice experience. See you next year!
Dear Participants,
thank you for making saarCTF2024 a fun and exciting time. We hope that despite the unfortunate last hour, everyone was having a good time overall.
About that last hour: We want to clarify, that we were not DoSed "within the game". Up until the very last moment we were quite firmly in control of what was happening within the games network. Unfortunately, at about 21:17 UTC someone decided that the fun was going to end prematurely by launching a DDoS attack on our vpn endpoint from the public internet. By doing so, the attacker used up almost all of the bandwidth Hetzner made available for this machine and therefore the performance within the game network went to shambles, making the game pretty much unplayable. We will perform a thorough investigation on this attack and make sure to keep you updated about what we find.
To provide some closure at least on your end, we have decided to discard anything that happened after tick 211 (21:17 UTC) from our score calculation, essentially like the game was supposed to end after that round. The results are now available on the website.
An especially big congratulations to C4T But S4D, Bushwhackers, and KuK Hofhackerei for achieving the top three places.
Please make sure to rate the event on ctftime and fill out our feedback form.
Hey folks, we are obviously subject to a DoS. Apparently, someone does not like people having fun in a fair competition. Unfortunately, that means, the competition has to end prematurely. We will perform a scoreboard recalculation after doing some digging in our extensive logs and notify you with more information as soon as we have some clarity.
The game starts now! Here is the key: iChjpjxvjzd98gyC
We are delaying start for a few minutes because it's taking longer than usual to provision cloud boxes from our hosting provider.
That means:
Time to panic-call your friends in the other teams! (You can continue adding players to your team even throughout the game)
The encrypted vulnbox preload for selfhosters is available: Vulnbox ova file
$> sha256sum *
c8682a4acc6cd31802d687ba936defbd435b2f4076dda6fa05bee7a6413051c3 router.ova
1009c1d7927c8d786cb3946015839f3a16954a60e591c5c8af458cdddadae1f9 testbox.ova
339d2881b09b1e3fec6519f3d077ddcb14cf9a3eb924285f80e7b282bb8c5a9e testbox.tar.xz
900f2e83eb00a67e8b3d60a73833245d9f81959a5317b3b12658d44218e67114 vulnbox.7z
10bbcbb615a8884dc1f33f663fbbfd4060acfbda9bfe1a1ee350f3f34ed13cba vulnbox.tar.xz.gpg
For those who want us to host their vulnbox in the cloud: You don't need to download or prepare the encrypted vulnbox.
The VPN configuration is now accessible!
Please note:
If you are self-hosting, you can download router and test-box images (see above)
On https://vpn.ctf.saarland you can see whether our infra thinks you are connected or not
We do not allow communication between VPN clients up until shortly before the game. For now, you should merely check the aforementioned web page and whether 10.32.250.2
responds to your pings.
We have updated the Setup page to reflect this years changes to the VPN. Make sure to check it out! You will be able to connect to our vpn server soon™️.
Also: Users can now reset their password through their E-Mail.
We're happy to announce that saarCTF is a qualifier for the Deutsche Hacking Meisterschaft (DHM)! The DHM is a prestigious CTF event for the current top teams from the DACH region (Germany, Austria, Switzerland). The highest-ranking eligible DACH team from saarCTF will secure a spot in the DHM. The winning DACH team should contact dhm@nfits.de to confirm their qualification and to receive further instructions for DHM participation.
The waiting has come to an end. You can now register for saarCTF2024!
Beware that the registration has changed. You will create a team account with the "Sign Up" form. Afterwards your team mates can join via an invite link. Having your team mates sign up will probably™ save you some work down the line.
Our fifth iteration, saarCTF 2024 will take place on Saturday, 30.11.2024, 13:00 UTC and last for 8 hours, plus one hour preparation time where network is closed. The competition is open to everybody.
We invite you to a classical attack-defense competition. This year, we offer you to host your vulnbox VM in the cloud for you, making things much easier to set up! We will likely provide Virtualbox images as a usual alternative.
The registration is available soon, and will stay open until a few hours before the competition starts.