CS615A -- Aspects of System Administration
Capture The Flag!
In this group assignment, your task is to "capture the flag" by solving a few exercises and problems of increasing difficulty.
The final "flag" is to take control of a web server.
Each level has one intended solution. Solving all levels in order should allow you to capture the flag. However, it is possible that you can solve a level in a way not anticipated by the instructor, or that you can capture the flag without solving all or some of the levels. That's perfectly fine.
The final flag is to take control of this site: https://cs615ctf.stevens.netmeister.org by having the site display your team's name and members. Once you have accomplished this, you need to defend it against take-over by another team.
Capturing (and defending) the flag will gain each of your team's member 100 points.
Individual levels may gain you partial credit along the way. If you solve all individual levels and capture the flag, you will gain a total of 100 points; if you find another way to capture the flag, you will gain 100 points. That is, you cannot gain more than 100 points, but if you attempt to capture the flag without solving any of the levels and then fail, you will not get any points.
All work is to be done in groups. All members of the group are expected to participate equally in solving all levels, and are expected to be able to fully explain the solution for any level.
If your team is stuck on a particular level, you can request a hint. Such a request will cost you 5 points.
A request for a hint must be submitted in the same form as a valid submission: a README describing what you tried and where you are stuck, signed by all team members.
A hint will then be sent to the class mailing list.
In order to claim the points for a given level (including the final flag), you must write a document describing how you solved the problem. The document must be:
Your submission must be in the form of a tar archive named "$GROUP-level$level.tar" (where "$GROUP" is your group's name and "$level" is the level in question) that extracts into a directory named "$GROUP". For example, a valid submission for level 3 from team "quokka" with team members "jschauma", "setonix", and "brachyurus" could be verified like this:
$ tar xvf quokka-level3.tar quokka/README quokka/brachyurus.asc quokka/jschauma.asc quokka/setonix.asc $ for f in quokka/*asc; do gpg --verify $f quokka/README 2>/dev/null || echo "Invalid signature $f" done $
Please send your submissions via PGP encrypted email to email@example.com, CC'ing all your team members. Within 24 hours of your submission, you will receive a response consisting of either instructions for how to proceed to the next level or the words "incorrect submission".
Submissions may be rejected as incorrect for a number of reasons, including failure to follow the format and instructions above, inability to validate the signatures, or an incorrect solution to the problem in question. An invalid submission sets off a 24 hour timer during which time no other submissions are evaluated.
48 hours after a level (other than level 0) has been solved by any one team, it will be opened up and the points will no longer be available.
A scoreboard of the teams' progress is available here.