The next #CyberF2F qualifiers are now live. With special thanks to NCC Group, who will be hosting our September competition. Sign up today for your chance to win a place.
These challenges will test a range of skills. The first, an infrastructure assessment with a difference. This game will stretch your knowledge of protocols and how they can be used and abused. Many of the tools and functions we use on a regular basis can be re-appropriated into exfiltration data from systems or accessing data; this is what you will explore. The second involves exploiting a text adventure game, causing it to read a flag. In addition, a chance to practice some practical reverse engineering. We have given you a common debugging tool and were even kind enough to provide the source code! The code is in the C language, but the skills being tested are your knowledge of buffers, stacks, and most of all deduction.
Both challenges are tricky and will not be trivial to complete. Don’t worry if you only get part of the solution, NCC Group would still be interested in what you managed to do and why you think it worked.
Your user has access to a Hitchhikers’ Guide text adventure game and has the option to travel North, South, East, or West. Calling these functions in the correct way will get you the flag. It would be that simple, however, the game only lets you make one move before your character comes to a sticky end.
You have access to the source code of the game and a few common debugging tools. Your task: exploit the game to get the flag using your knowledge of reversing, stacks, buffers, and C.
Game location: Vulnerability Assessment Level – Hard (POD ID No: 223)
Challenge courtesy of Pete Beck – Principal Security Consultant.
Fortress is an infrastructure assessment consisting of a single host running a number of services. Your goal is to gain access to the host and to escalate your privileges in order to read the flag file.
This challenge will test your knowledge of protocols and will require you to consider novel solutions to accessing data on a host. You will need to be able to think creatively about ways to bypass constraints, in order to access data outside of the normal avenues. It will also test the usual infrastructure skills.
Game location: Secure Development/Coding Level – Medium/Hard (POD ID No: 224)
Challenge courtesy of Dean Dungo – Security Consultant.
These qualifiers will close at 5pm on Friday 18th August with invites to attend the Manchester event to follow the week after.