BSidesPDX CTF 2019 is using the bsides-ctf-framework. See TTimzen's blog post for a detailed explanation of the framework, motivations, and instructions for writing challenges.
Challenge authors:
The challenge ended with:
- 72 teams registered
- 135 individual players
- 158 flags submitted
- Every single challenge solved
The most solved challenges were:
- 28 solves for Hacking_in_the_clear (forensics)
- 26 solves for Magic Numbers (re)
The least solved challenges were:
- 3 solves for pwnchess (pwn)
- 4 solves for Hell.js (web)
The top 3 teams were:
- OSUSEC - 3378 points
- Attacker Community - 3110 points
- Red Tuxedo - 2844 points
| Challenge Name | Category | Points | Port(s) |
|---|---|---|---|
| Poor Man's 2FA | physical | 100 | N/A |
| Shall we play a game? | physical | 200 | N/A |
| Forgot my password | physical | 300 | N/A |
| Gravedigger101 | data recovery | 100 | N/A |
| OffWithYourHeads | data recovery | 300 | N/A |
| rot13 | pwn | 100 | 1337 |
| pwnchess | pwn | 300 | 31337 |
| Magic Numbers | re | 100 | N/A |
| Bad CryptXor | re | 300 | N/A |
| Trust Game | misc | 100 | N/A |
| Hacking_in_the_Clear | for | 100 | N/A |
| Polybius | for | 300 | N/A |
| Signed, Sealed, Delivered, I'm Yours! | web | 100 | 48323, 48324 |
| Yours truly | web | 200 | 8081, 9000, 8080 |
| Hell.js | web | 300 | 27330, 27331, 27332 |
To locally test, deploy or play challenges with Docker, run the following (Ubuntu)
sudo apt install docker-compose gcc-multilib g++-multilib linux-libc-dev:i386makedocker-compose build && docker-compose up -d- Containers are viewable at localhost:PORT (view with docker-compose ps)
docker-compose killto stop the containersmake cleanto clean the source folders
Unfortunately, we had issues getting TrustGame to work in a Docker container. So this challenge must be run on the host system.
cd misc/100-TrustGame/src./server.py
This year we ran all of our challenges in k8s using the Makefile and yamls in the oci directory of all pwn and web challenges. Due to Docker issues with Trust Game, this was manually deployed to a standalone compute instance.