from Hacker News

An informal review of CTF abuse

by tybulewicz on 7/23/22, 5:37 PM with 43 comments

  • by tester756 on 7/23/22, 7:01 PM

    What happened to author's team (Dragon Sector)?

    Until 2020 they were almost always around top3 and a few times top1 teams in the world according to https://ctftime.org/

    but in 2021/2022 I don't see them

  • by znpy on 7/23/22, 8:02 PM

    Dunno, many of those things are occasions for learning.

    Back in like 2014 we were competing in RuCTF and some other team hacked our vulnbox and just shut down the rng, making the box effectively inaccessible via ssh and slow as molasses on tls-enabled services (besides capturing all of our flags).

    It was an enlightening experience.

    Now granted, ructf was pf a particularly spectacular violence… but still, it’s been an experience that has taught me a lot.

  • by Supermancho on 7/23/22, 7:02 PM

    Would be nice if there was the briefest description about what CTF means here, since I expected it to be about gaming (ie Team Fortress)

    https://www.enisa.europa.eu/news/enisa-news/capture-the-flag...

  • by ajolly on 7/23/22, 8:58 PM

    There's been a number of in person ctfs where hacking infrastructure was fair game... And did not have static arp entries set, and I ended up mitming all the traffic to the score server.

  • by prvit on 7/23/22, 7:12 PM

    >(or rather: fun factor after a couple of years passed and folks stopped being annoyed or down right furious at the perpetrators)

    Poor sports, I’ve always struggled to understand people who’d partake in hacking competitions and then get upset because someone got onto their computer and took all the flags.

  • by jrockway on 7/23/22, 6:48 PM

    > There were probably multiple common logic bugs. However one that sticks out in my memory was when the submission system would first check if the team already submitted that flag (fast check in session) and if not, it would check the flag in the database (slow), award points (slow), and finally add the flag to the session (fast). Yup, that's a race condition.

    How is "insert into found_flag (team_id, flag_id, found_at) values ($1, $2, now()) on conflict do nothing" slower than this 4 step race-condition-prone operation? (To get the score, "select count(1) from found_flag where team_id=$1".) You don't even need transactions for this, as long as you can't transition from found to not found somehow ("delete from found_flag where team_id=$1 and flag_id=$2").

    The only problem I see with this is where validating the correct answer is expensive; without another piece of data to show that validation has started, you can overload the checker by submitting your answer before the first validation routine succeeds. But that is also easy to track, with a timeout even, and you still don't need transactions.

  • by charcircuit on 7/23/22, 6:38 PM

    >However there are stories of teams going a step further and hacking home routers from random IPs located in various countries. I guess that's trading in ethics and legality for CTF points.

    Is finding a single proxy in a country that hard that you need to do that? I would assume proxy lists including each country would already exist.

  • by gwern on 7/23/22, 7:19 PM

    > The score is just a number in the database

    The enemy's gate is down!

  • by badrabbit on 7/24/22, 12:54 AM

    I recently learned .bashrc/history abuse is common and learned to do things locally or tunneled when possible.

  • by xeromal on 7/24/22, 1:05 AM

    Flag taken. Flag dropped. Flag taken. Flag dropped.

  • by oblak on 7/23/22, 7:19 PM

    I've been playing shooters for almost 30 years now, and that includes a lot of CTF on top of tons of duel and TDM. Quake, UT, TF2 (just got back to it after a decade).

    That said, I have no idea what this guy is talking about. I thought he was talking about gaming but the more I read, the more confused I get. Especially the facebook part. What is going on here?

    edit: thanks, Retr0id