Practical Exam Guidelines
Organization (2024-2025):
Date: Saturday, 18 Jan 2025 09:00
Location: EC004, EC101, EC105 & EG301 (check gradebook / “Practic” column !!! )
Duration: 4 hours; you can leave whenever you wish, though you must notify an assistant (who will then deactivate your CTFd account & VM);
Prerequisites: Laptop with web browser (for CTFd scoreboard + Guacamole) + you must be able to authenticate with the university account!
Seating: no specific ordering, just to ensure adequate spacing: one empty desk between each student + middle row of each classroom should remain completely empty!
Power outlets: we will bring 20+ power strips of varying lengths, but it would help if some of you bring their own (especially if you have some with >4 receptacles to also help your colleagues 😇).
Basic Exam Workflow
The exam is open-book, everything is permitted (including ChatGPT) except human2human conversations!
Challenges
There will be 14 tasks of various difficulty levels, each will contain 1 flag;
For maximum grade, you will only need to solve 10 (ANY) of them (the rest are bonus, though it doesn't count towards your final grade!);
Challenges will be categorized jeopardy-style (e.g., crypto, binary, web, networking, misc) on the CTFd platform, which shall give you a hint of the methods to use to approach them;
Each task will have a CTFd score (i.e. a number of in-game points) assigned, used for competition ranking BUT DOES NOT MATTER FOR YOUR GRADE (again: if you solve any 10 of them, you will receive 100%)!
The score is also helpful for determining a (somewhat subjective) difficulty level of the task; for example, we will use a starting score of 200 for easy challenges, a score of 400 for an average task and 600+ for difficult ones;
CTFd scores for the tasks will be diminished (by a little) as more users solve them, rewarding the speedy ones!
Also note this: you do not need to bruteforce your way in any challenge, and you don't have to leave your home directory (/home/student) for any of it!
Hints
Start with the easy ones!
Set a countdown timer to 3-5 minutes; on expiration, move on to another task, repeat!
Use Google and man
a lot! You can also scan the labs / remember what you did in your homework…
-
Periodically watch out for hints broadcasted via CTFd in-system notifications, if any ;)
VM MOTD
####################################################
## Welcome to the ISC CTF practical exam! ##
####################################################
Carefully READ THE FOLLOWING INSTRUCTIONS before getting started:
0. First, we hope you've seen this: https://ocw.cs.pub.ro/courses/isc/info/practical_exam
1. Create an account on the web-based CTFd platform:
Link: https://isc2024.root.sx
* use your UPB email (e.g. "prenume.nume@stud.acs.upb.ro" -- the domain is
irrelevant, just the Moodle username counts!);
* use whatever pseudonym you wish as username.
2. On this VM, run `sudo isc_prepare_exam MOODLE_USERNAME` (replace
variable with your moodle username similar to the part before the '@'
of the email above -- MANDATORY, otherwise the flags won't work)!
After running the prepare command, you will find the custom tasks in
`~/challenges/` subdirectory.
3. It would be a good idea to test that you have correctly filled in the same Moodle
ID on the CTFd interface & prepare argument.
For this, you can use the free flag from the `test` challenge and copy it to
the CTFd platform. If everything went according to plan, it should be accepted
as the correct flag (but gives 0 points and doesn't count towards your final grade!)
You should also practice copy+pasting on Guacamole:
https://guacamole.apache.org/doc/gug/using-guacamole.html#copying-pasting-text
TLDR: press Ctrl+Shift+Alt to display the side menu, the same to close it!
(ask the assistants for help if you can't find it)
Note: ALL flags have the same format, "ISC{...}", and length (with some
exceptions, e.g. `osint` & `hiddenports`)!
4. For each task tried / solved, please leave the scripts used behing on the VM.
!!!IMPORTANT!!! For backup/safety reasons, you should also create a `flag.txt`
file inside challenge directory to store it!
We are not to be held responsible for any lost flags on CTFd!
(happened once :D )
GL HF!
If you read all of this, congratulations! triple click here: ISC{4lw3ys_r3d3h_f1n3_m4nu0l} DO NOT GIVE TO THE UNWORTHY WHO DID NOT RTFM! K?THX