banner
破影岚歌

破影岚歌的博客

bilibili
twitter
github
HomeArchives笔记系列关于我捐赠

CTF Competition Mode

#CTF学习笔记26
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
CTF competitions have different modes, including theory questions, Jeopardy-style challenges, Attack with Defense mode, Attack Defense Plus mode, Robo Hacking Game, Real World mode, King of Hill mode, and a Mix mode that combines different formats. Participants solve challenges to earn points and compete for victory.

CTF competition modes are divided into several categories:

Main Text#

Theoretical Knowledge#

Theoretical questions are common in domestic competitions and are usually multiple-choice questions. They include single-choice and multiple-choice questions, and participants need to answer based on their relevant theoretical knowledge. The final score is obtained. The theoretical part is usually more common in the preliminary rounds or the pre-selection before the preliminary rounds.

Jeopardy-Problem Solving#

Teams can participate in the competition through the Internet or on-site networks. Teams can interact with the online environment or analyze files offline to solve network security technical challenges and obtain corresponding scores. It is similar to ACM programming competitions and informatics olympiads, and rankings are based on total scores and time.

The difference is that this problem-solving mode generally sets up "First Blood", "Second Blood", and "Third Blood". In other words, the first three teams to complete the tasks will receive additional scores. So this not only encourages the team that solves the problem first, but also indirectly reflects the team's ability.

Of course, there is also a popular scoring rule that sets the initial score for each question and gradually reduces the score of the question based on the number of teams that successfully answer it. In other words, if more people answer this question, the score for this question will be lower. It will eventually decrease to a minimum score and will not decrease further. This is generally referred to as "dynamic scoring".

The types of questions mainly include Web network attack and defense, RE reverse engineering, Pwn binary vulnerability exploitation, Crypto cryptographic attacks, and Misc security miscellaneous. Some competitions may expand based on the types of questions.

AwD-Attack and Defense Mode#

Attack with Defense (AwD) is a full attack and defense mode. In the AwD mode of the CTF competition, participating teams connect to the same network space. The organizer will assign a "GameBox" to each participating team in advance, which is the host that needs to be defended. The GameBox configuration and vulnerabilities are completely consistent between teams. Participants need to protect their own GameBox from being attacked while discovering vulnerabilities and attacking opponent services to score points. In AwD, the organizer runs a program called "Checker" to periodically check the running status of the participants' GameBox. If the status is found to be incorrect, the GameBox is considered to be down, and a certain score will be deducted according to the rules. The AwD mode of the CTF competition can reflect the competition situation in real-time through scores, and the final result is directly determined by the scores. It is a highly competitive network security competition with strong observability and transparency. In this competition mode, it not only tests the intelligence and skills of the participants, but also their physical endurance (because the competition usually lasts for about 24 to 48 hours), as well as the division of labor and cooperation between teams.

AwD usually only includes two types of questions: "Web" and "Pwn". Each team may be assigned multiple GameBoxes, and as the competition progresses, the earliest GameBoxes may go offline, while new GameBoxes may come online.

ADP-Attack and Defense Enhancement#

Attack Defense Plus (ADP) is a full attack and defense enhancement mode. In this mode, participating teams connect to the same network space. The organizer places questions on the platform, and participants need to log in to the platform to obtain question information.

In the attack mode, the platform will provide the access link to the question. Participants can complete the attack by submitting the flag according to the solving mode. After completing the attack, the attack score of the question will be calculated in each round.

In the defense mode, participants need to discover vulnerabilities in the question and create a vulnerability patch package to upload to the platform, and then click to verify. During the verification, the platform will create a completely clean question environment and use the preset exploit to attack. If the attack is successful and the verification passes (that is, the patch has been completed), the score of the question will be considered as defense in each round.

In other words, for each question, only one successful attack and one successful defense are required to consider the question as completed, and no further attention is needed.

ADP usually only includes two types of questions: "Web" and "Pwn". As the competition progresses, the earliest questions may go offline, and new questions may come online.

Compared to AwD, participants in ADP do not need to write batch attack scripts or pay attention to whether the question environment is being attacked or whether the service is abnormal, etc. They only need to attack once and defend once, so participants can focus more on the questions that have not been completed. From the perspective of the organizer, it greatly reduces the hardware and operation and maintenance costs of the competition.

RHG-Automation [AI Automation]#

Robo Hacking Game (RHG) uses artificial intelligence, AI, or automated attack programs to automatically discover and exploit vulnerabilities, testing participants' understanding of vulnerabilities and engineering capabilities. Before the start of the competition (usually about 1-4 weeks), the organizer will provide a test environment and related interface documents. Participants need to write automated programs to request interfaces and obtain question-related information. Such programs are usually called "bots". In the program, the target vulnerabilities are automatically accessed and exploited, and the flag obtained is automatically submitted. Since RHG is fully automated by bots, the competition can be considered over once it starts. The remaining work depends on the performance of the automated bot written by the participants.

During the competition, participants are not allowed to perform any operations on the bot (including debugging/patching, etc.). Participants can only see which questions their bots have completed and the current score situation.

RW-Real World#

Real World (RW) first appeared in the RealWorldCTF hosted by "Chaitin Technology" in 2018. This competition mode focuses on testing participants' ability to discover and exploit vulnerabilities in a real environment. Usually, the RW mode of question setting revolves around vulnerabilities that can be applied to real penetration attacks, such as VM/Docker escape, browser attacks, attacks on IoT/Car devices, web attacks, etc.
In the RW mode, there will be a "Show Time". When participants believe that they can complete a question, they can submit an application to showcase it on the competition platform. The staff will schedule the showcases based on the order of application. Before the showcase, participants need to go on stage and connect to the relevant network. At the same time, the big screen on-site will switch to the normal page of the target. After the participant confirms the connection and tests it OK, the timing starts. In general, the attack time on stage is "5 minutes". Once the participant completes the attack, the big screen on-site will see the attack effect in real-time. At this time, the referee will judge whether the question is completed based on whether the effect meets the requirements of the question. If the showcase effect is not seen within the attack time, the attack is considered a failure. Nowadays, to prevent participants from maliciously scheduling showcases, there is usually a limit on the total number of showcases for each team (for example, in the 2019 Digital Economy Cloud Security Public Test Competition, each team is only allowed to showcase 30 times). Participants also need to ensure the success rate of the attack after going on stage.

For example, if the question requires attacking a website in the competition network and replacing the homepage with a page containing the team name, the question provides some information about the website (source code, database, etc.). After the participant discovers the vulnerability locally, they submit an application for a showcase and schedule it. Note that because the RW mode uses the showcase effect as the criterion for whether the question is completed, there is "no flag" in the RW mode.

KoH-King of the Hill#

King of Hill (KoH) is a new type of competition mode that has emerged in recent years. This competition mode is somewhat similar to AwD, but it is also different from AwD. Participants face a black box target and need to discover vulnerabilities and control the target through exploiting the vulnerabilities. They need to write their team identifier ("team name" or "token") into the specified file. Then they need to reinforce the host to prevent attacks from other teams. The organizer will regularly check the identification file and determine the score for each team based on the team identifier in the file. It can be seen that KoH is also a highly competitive mode that tests participants' penetration and defense reinforcement capabilities.

Mix#

The mixed mode combines multiple modes mentioned above. Nowadays, a single mode is no longer sufficient to meet the competition and participants' needs, so most competitions use multiple modes simultaneously. For example, participants can obtain some initial scores through problem-solving (Jeopardy), and then increase or decrease scores through attack and defense (AwD), and finally determine the winner based on the scores.

FLAG#

ctfhub{d452bfcf91e0a1f8e4a1b26a03c59c9c}

Author: CTFHub
Link: https://writeup.ctfhub.com/Skill/ 基础知识 /mmJYyc569kAXHvfam4qont.html

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.