saarCTF

News:

Service Open Source Release 21.11.2023 18:29

We just published all services, including source code, checkers, and exploits for all vulnerabilities. If you want to look up solution, you can do so now.

=> https://github.com/saarsec/saarctf-2023

For some services the authors also provided writeups:

Django Bells: Writeup
German Telework: Writeup
Pasteable: Writeup
SaaSSaaSSaaSSaaS: Writeup
RedisBBQ: Service Explanation
TuringMachines: Exploit Walkthrough

Our infrastructure is already public, we'll release some updates later this month:

Our gameserver/infrastructure: https://github.com/MarkusBauer/saarctf-gameserver
Our vulnbox build tool: https://github.com/MarkusBauer/saarctf-vulnbox
Conntrack Traffic Analysis: https://github.com/MarkusBauer/saarctf-conntrack-accounting
Server setup scripts: https://github.com/MarkusBauer/saarctf-servers

We hope you had a nice experience. Please don't forget to vote for us on CTFtime! See you next year!

Thanks for playing saarCTF 2023! 19.11.2023 14:14

Hi all,

thanks for playing saarCTF 2023 with us, we hope you enjoyed it.

Congratulations to the top three teams:

C4T BuT S4D
Superflat
WreckTheLine

We have published the final scoreboard on ctftime (voting is open until Nov 25), where we will also collect write-ups!

Please also tell us how you liked the individual services in our feedback form: https://forms.gle/WBvv3y1iEbANyTos8

See you soon

We are live! 18.11.2023 12:59

The vulnbox decryption key is: 50bad544685b6cccca8f27d9c1d39055

Cloud VMs can be created now. Network will open in an hour.

Vulnbox Preload 17.11.2023 00:29

The encrypted vulnbox preload for selfhosters is available: Vulnbox ova file

$> sha256sum *
a740aa285349452a839cf0a0cf2c106e136c41c3970090abd0368fbf4c6d6478 saarctf-vulnbox.7z
4a77faba30a5c97f4ea890d76ba0efc0bb0bece79e507732e4446d2a1c3f0724 saarctf-vulnbox.tar.xz.gpg

For those who want us to host their vulnbox in the cloud: You don't need to download or prepare the encrypted vulnbox.

VPN , VMs and Cloud Hosting 16.11.2023 00:28

Dear saarCTF participants,

with less than 3 days to go, we release VPN configurations and VM images on our website. Teams can now setup router VM and testbox VM. Please contact us per mail or IRC if things break.

Check vpn.ctf.saarland to see if your setup is functional.

If you want us to host the box for you, you do not need to prepare any VM - just distribute the cloud VPN configuration with your mates.

$> sha256sum *
0f13992be6b63168f3d28341644b6b6b13a24a997d75254340f5e9b998bcbee3 saarctf-router.ova
7188dbe3c979e164fcaff7fc44220f427ad6a41fe3512e1cecd550820d044ac4 saarctf-testbox.ova
5b6123b14aa6d525ed3e08a42e6287a332afe4a4ba257aac6b4586722a3b9678 saarctf-testbox.tar.xz

saarCTF 2023 announced! 07.07.2023 13:07

Our fourth iteration, saarCTF 2023 will take place on Saturday, 18.11.2023, 13:00 UTC and last for 8 hours, plus one hour preparation time where network is closed. The competition is open to everybody.

We invite you to a classical attack-defense competition. This year, we offer you to host your vulnbox VM in the cloud for you, making things much easier to set up! Of course we will still provide Virtualbox images as a usual alternative.

The registration is available soon, and will stay open until a few hours before the competition starts.