The UCLA LUG + ACM Capture the Flag event was held in Spring 2016 using the FBCTF platform. Teams of 1-3 people competed to solve as many security-related challenges as possible in a 3 hour timeframe. All of the challenges were custom designed by students for students.
The challenges were divided into two types: quizzes and flags.
Quiz questions generally ask you to find certain pieces of information, for instance, the IP address of a site or the open ports of a server. These can usually be done relatively quickly, although some questions require clever applications of tools in order to get what you want.
Flag questions ask you to find a "flag", typically a random string of alphanumeric characters, within a website, server, or binary executable. The range and difficulty can be much higher; you may need to exploit a website to hand you database credentials, or bruteforce a password file, or reverse engineer an executable and extract its secrets.
Entering the correct answer/flag yielded points for the team. Hints could be obtained for certain challenges at the cost of some points.
Here is the list of challenges (detailed solutions are in progress!)
Quizzes:
- HTTPS certificate
- Ports
- Cookies
- Webserver
- CMS 1
- CMS 3
- SSH Key Generation 1
- SSH Key Generation 2
- HHVM
- User 0
- Compiler Help
Flags: