LiveCTF at DEF CON 33 CTF Qualifiers

Submit Exploits Here

Welcome to the DEF CON 33 CTF Qualifiers LiveCTF challenges! Throughout the event, six challenges will be released which you have to solve as fast as possible. This page describes the rules and the technical details for these LiveCTF challenges.

Overview

Starting 12 hours into the event, i.e. 12:00 UTC, the first LiveCTF challenge will be released. You will solve the challenge by downloading the materials, developing a solve script, testing it, and then uploading it to our servers. There, we will run it against the challenge to validate the solution. Scores will be based on how fast your team can submit a working solution relative to the first team to solve the challenge. Each challenge is worth a maximum of 50 points. After four hours, the challenge closes completely. This goes on for six challenges, i.e. 24 hours in total and 300 points maximum.

Challenge Goal

Unless otherwise specified, the goal of each challenge is to execute "./submitter" which will print the flag. Your solution should then output the flag to stdout.

LiveCTF Stream

After each challenge is released we will start a stream on our LiveCTF YouTube channel. During this stream, we will talk through the solutions to the challenge we just closed. This will include explaining the idea of the challenge and showcasing solutions from the teams as well as an update on solves and scores. After the final challenge we will do a wrap-up of the whole LiveCTF portion of the qualifiers.

Scoring

At the start, each challenge is worth 50 points. The first team to solve the challenge will be awarded these points. From that moment, the challenge starts to drop in value by 1 point every 6 minutes. It is important to note that it is the submission time of the solution that counts, not when the evaluation pipeline actually validates the solution.

This means that even if our pipeline is slow or a technical error occurs which requires re-evaluation, this will not negatively affect your score. This also means that there will be a slight delay from your solution being marked as correct until points are awarded in the specific case where you are the first solver but there are still unfinished evaluations in the queue submitted before your solution.

Rules

Do not attack the infrastructure itself
Do not deliberately use a large amount of resources
Do not hinder the other teams' ability to solve the challenges
Admins' decisions are final

Schedule

There is a test challenge open from the start of the event which you can use to try out the process of solving a challenge and uploading a solution. Starting at April 12 12:00 UTC, one challenge at a time will be open, for four hours each. The live stream will begin one hour after a challenge is released and immediately after the closing of the last challenge.

Technical Details

Solving a challenge will require you to upload a .tar.gz archive containing a Dockerfile and any other required materials. This archive may be at most 10MB compressed and 50MB when unpacked. To make a submission, you will need a challenge token that you may get from the main DEF CON CTF Qualifiers scoreboard. When you upload your solution, you will get back a submission id which can be used to check the status of your submission. The submission will be used to build a docker image. During the build, the container has internet access (i.e. for installing packages). This image will then be used to launch a container in a network without internet access, along with a container running the challenge. The challenge container will contain a randomly generated flag. If your solution container outputs this flag to stdout, it is a valid solution.

Do not submit additional submissions if one is still processing! Subsequent submissions will cancel prior pending submissions and lose your original submission time.

We will provide reasonable resource limits on containers both in the build phase and the run phase, but excessive use of resources may lead to your attempt being rejected. While building your solution, you are allowed 2GB of RAM, 20GB of disk space, one CPU core, and 2 minutes of wall-clock time. While running the challenge, you are allowed 2GB of RAM, 10GB of disk space, and 2 minutes of wall-clock time. Attempts to abuse the infrastructure may disqualify your team from future submission attempts.
stdout and stderr for failed and successful runs will be provided, up to the first 1024 characters per stream. However, if your run exceeds the time-limit, no output will be provided.

To test the whole process and make sure you are prepared when the first challenge is released, we are providing a test challenge. You can download the materials for this test challenge in the same way as the other challenges using the api and use it to write a solution, test it locally and upload it to the server.

LiveCTF Exploit Base Image

Since many teams write their exploits using Python and Pwntools, we have prepared a base image with the latest version of Pwntools pre-installed. If you base your exploit on this image, the building of your image should be very fast. Of course you are also allowed to use whatever base image you prefer but keep in mind that long installations might time out the build process.

API Specification

The base URL for all the endpoints below is https://play.livectf.com. Every request needs to contain a header named "X-LiveCTF-Token" with the value set to the challenge specific token you get from the DEFCON CTF quals scoreboard. For the endpoints related to a challenge, the challenge specific token needs to match the challenge. For the other endpoints, any valid token is acceptable.

See the specification here

Example

Below is a full example of how to build and submit a solution for the test challenge. You can also use the helper script provided in the materials.

        
$ echo <<<EOF > Dockerfile
FROM livectf/livectf:quals-exploit
COPY solve.py /
WORKDIR /
CMD ["python3", "solve.py"]
EOF

$ echo <<<EOF > solve.py
from pwn import *
HOST = os.environ.get('HOST', 'localhost')
PORT = 31337
r = remote(HOST, int(PORT))
r.recvline_contains(b'Give me input: ')
r.sendline(b'WIN')
r.recvline_contains(b'You sent: ')
r.sendline(b'./submitter')
flag = r.recvline_contains(b'LiveCTF{').decode().strip()
log.info('Flag: %s', flag)
EOF

$ tar czf solution.tar.gz Dockerfile solve.py
$ curl https://play.livectf.com/api/challenges/7 -F exploit=@solution.tar.gz -H "X-LiveCTF-Token: challenge1..."
{"exploit_id": "FOO", ...}

$ curl https://play.livectf.com/api/exploits/FOO -H "X-LiveCTF-Token: challenge1..."
{"exploit_id": "FOO", ..., "status": "Building"}

$ sleep 60
$ curl https://play.livectf.com/api/exploits/FOO -H "X-LiveCTF-Token: challenge1..."
{"exploit_id": "FOO", ..., "status": "RunSolved"}

$ curl https://play.livectf.com/api/exploits/FOO/output -H "X-LiveCTF-Token: challenge1..."
{"stdout": "[x] Opening connection to df6987...\n", "stderr": "", ...}

Licensing

By submitting a solution to a challenge you agree to license the materials you submit under an Apache 2.0 license with attribution to your team.