CS615A -- Aspects of System Administration

Capture The Flag!

Introduction

In this group assignment, your task is to "capture the flag" by solving a few exercises and problems of increasing difficulty.

The final "flag" is to take control of a web server.

Each level has one intended solution. Solving all levels in order should allow you to capture the flag. However, it is possible that you can solve a level in a way not anticipated by the instructor, or that you can capture the flag without solving all or some of the levels. That's perfectly fine.

Final Flag

The final flag is to take control of this site: https://cs615ctf.stevens.netmeister.org by having the site display your team's name and members. Once you have accomplished this, you need to defend it against take-over by another team.

Points

Capturing (and defending) the flag will gain each of your team's member 100 points.

Individual levels may gain you partial credit along the way. If you solve all individual levels and capture the flag, you will gain a total of 100 points; if you find another way to capture the flag, you will gain 100 points. That is, you cannot gain more than 100 points, but if you attempt to capture the flag without solving any of the levels and then fail, you will not get any points.

Groups

All work is to be done in groups. All members of the group are expected to participate equally in solving all levels, and are expected to be able to fully explain the solution for any level.

Proving levels

In order to claim the points for a given level (including the final flag), you must write a document describing how you solved the problem. The document must be:

  • plain ascii text
  • well-formatted with paragraphs and line-breaks < 80 chars
  • spell checked
  • named README
  • accompanied by detached PGP signatures of all team members, each named "$user.asc" (where "$user" is the username of the user signing the document)

Your submission must be in the form of a tar archive named "$GROUP-level$level.tar" (where "$GROUP" is your group's name and "$level" is the level in question) that extracts into a directory named "$GROUP". For example, a valid submission for level 3 from team "quokka" with team members "jschauma", "setonix", and "brachyurus" could be verified like this:

$ tar xvf quokka-level3.tar
quokka/README
quokka/brachyurus.asc
quokka/jschauma.asc
quokka/setonix.asc
$ for f in quokka/*asc; do
        gpg --verify $f quokka/README 2>/dev/null || echo "Invalid signature $f"
done
$ 

Please send your submissions via PGP encrypted email to jschauma@stevens.edu, CC'ing all your team members. Within 24 hours of your submission, you will receive a response consisting of either instructions for how to proceed to the next level or the words "incorrect submission".

Submissions may be rejected as incorrect for a number of reasons, including failure to follow the format and instructions above, inability to validate the signatures, or an incorrect solution to the problem in question. An invalid submission sets off a 24 hour timer during which time no other submissions are evaluated.

48 hours after a level (other than level 0) has been solved by any one team, it will be opened up and the points will no longer be available.

A scoreboard of the teams' progress is available here.


Levels


[Course Website]