FAUST CTF is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg. Its second edition took place on 26 May 2017.View Scoreboard
Yesterday's second edition of FAUST CTF was and a lot of fun for us and really successful. We watched an exciting race for the top places, interesting exploits, mostly fair play and smoothly running infrastructure (at least for the most part).
We congretulate the top teams, which are:
- Bushwhackers, 27460 points
- EatSleepPwnRepeat, 22630 points
- saarsec, 21421 points
The first valid flags per service were submitted by:
- Smartscale: saarsec, tick 11 (as soon as submission started working)
- Toaster: Bushwhackers, tick 11 (as soon as submission started working) – beat M.I.S.T by 17 seconds
- Tempsense: Bushwhackers, tick 13
- Toilet: khack40, tick 16
- Doodle: EatSleepPwnRepeat, tick 24
- Alexa: TokyoWesterns, tick 62 – beat c00kies@venice by 2.5 minutes
- Smartmeter: EatSleepPwnRepeat, tick 69
- Doedel: Bushwhackers, tick 80
These teams are eligible four our "first blood" awards if they publish a write-up within the next weeks.
We will be in touch with the winners soon to figure out prize pay-out details. We thank all teams for participating, hope you had fun and see you next year!
The competition will work in classic attack-defense fashion. Each team will be given a Vulnbox image to host itself and VPN access. You will run exploits against other teams, capture flags and submit them to our server.
The vulnbox decryption password will be released at 2017-05-26 13:00 UTC. The actual competition will start at 14:00 UTC and presumably run for eight hours.
Thanks to our prime sponsor SySS, we can again provide nice prize money:
- First place: 512 €
- Second place: 256 €
- Third place: 128 €
Additionally, for each service the first team to exploit it, submit a valid flag and provide a write-up will win 32 €.
We will now deploy some hotfixes to the Vulnboxes. If you left our SSH key on your Vulnbox, you shouldn’t notice. Else, please get the files toaster.service and uwsgi.service put them into
/etc/systemd/system. If you already edited those files yourself, we put them next to the others with extension „.patched“.
The decryption password for the Vulnbox is: "0n th3 1nt3rn3t 0f th1ng5 n0b0dy kn0w5 y0u ar3 a fr1dg3" (without quotes)
Vulnbox Images Available for Download
We have prepared the download for the Vulnbox images. Please download one of these two images:
Remember, the decryption password will be released once the competition starts at 13:00 UTC.
If you haven't set up your network yet, better do so very soon: The closer the CTF, the less we will be able to assist you in case of problems.
Registration closed, Rules released
With less than 24 hours till the competition and 182 registered teams, we have now closed the registration.
We have also released our rules. Make sure to read and understand them, as they are binding for all participants!
Registration about to close
We're planning to close registration at 2017-05-25 13:00 UTC. So if you wanna participate and haven't registered yet, make sure to do that soon.
VPN configs and Test Vulnbox out
We just emailed OpenVPN configs to all teams which have registered so far. If you're going to register now, you will still get a VPN config but you'll have to wait a bit until we send out the next batch.
Please set up and test your network soon, as we will only be able to provide limited support during the competition. If you don't know how to do this, have a look at Basic Vulnbox Hosting.
After a long wait, this year's website is finally online and the registration is open. The CTF is already around the corner, so make sure to sign up now.