Practical Exam Guidelines

Organization (2024-2025):

  • Date: Saturday, 18 Jan 2025 09:00
  • Location: EC004, EC101, EC105 & EG301 (check gradebook / “Practic” column !!! )
  • Duration: 4 hours; you can leave whenever you wish, though you must notify an assistant (who will then deactivate your CTFd account & VM);
  • Prerequisites: Laptop with web browser (for CTFd scoreboard + Guacamole) + you must be able to authenticate with the university account!
  • Seating: no specific ordering, just to ensure adequate spacing: one empty desk between each student + middle row of each classroom should remain completely empty!
  • Power outlets: we will bring 20+ power strips of varying lengths, but it would help if some of you bring their own (especially if you have some with >4 receptacles to also help your colleagues 😇).

Basic Exam Workflow

  • You will use UPB Grid's Guacamole instance, where each student will have their own VM (based on the lab VM); you will need to authenticate with your UPB account to access it!
    • If you don't wish to use Guacamole's web-based SSH, simply use it once to input your own authorized keys, then use your preferred SSH client (make sure to jump-connect via fep.grid.pub.ro!);
    • you should have all required CLI tools installed, no port forwarding required (even for the web / networking tasks – no GUI required);
  • We will host a CTFd instance (open source CTF scoreboard) at https://isc2024.root.sx, where you will need to register an account on exam day (the password will only be given then!), read the VM MOTD below for instructions…
  • After registering to CTFd and connecting to your VM, you can run the exam preparation script (just once) and start hacking!

The exam is open-book, everything is permitted (including ChatGPT) except human2human conversations!

Challenges

  • There will be 14 tasks of various difficulty levels, each will contain 1 flag;
  • For maximum grade, you will only need to solve 10 (ANY) of them (the rest are bonus, though it doesn't count towards your final grade!);
  • Challenges will be categorized jeopardy-style (e.g., crypto, binary, web, networking, misc) on the CTFd platform, which shall give you a hint of the methods to use to approach them;
    • Most categories will have an easy challenge and one difficultish one;
  • Each task will have a CTFd score (i.e. a number of in-game points) assigned, used for competition ranking BUT DOES NOT MATTER FOR YOUR GRADE (again: if you solve any 10 of them, you will receive 100%)!
    • The score is also helpful for determining a (somewhat subjective) difficulty level of the task; for example, we will use a starting score of 200 for easy challenges, a score of 400 for an average task and 600+ for difficult ones;
    • CTFd scores for the tasks will be diminished (by a little) as more users solve them, rewarding the speedy ones!
  • Also note this: you do not need to bruteforce your way in any challenge, and you don't have to leave your home directory (/home/student) for any of it!
    • Oh, and: you don't have root/sudo acces on the VM and if you think you need it, it is most certainly NOT the way to do it!

Hints

  • Start with the easy ones!
  • Set a countdown timer to 3-5 minutes; on expiration, move on to another task, repeat!
  • Use Google and man a lot! You can also scan the labs / remember what you did in your homework…
  • Periodically watch out for hints broadcasted via CTFd in-system notifications, if any ;)

VM MOTD

  • The virtual machine will present you with this, make sure to read it (again):
####################################################
## Welcome to the ISC CTF practical exam!         ##
####################################################

Carefully READ THE FOLLOWING INSTRUCTIONS before getting started:

0. First, we hope you've seen this: https://ocw.cs.pub.ro/courses/isc/info/practical_exam

1. Create an account on the web-based CTFd platform:

   Link: https://isc2024.root.sx

   * use your UPB email (e.g. "prenume.nume@stud.acs.upb.ro" -- the domain is
     irrelevant, just the Moodle username counts!);
   * use whatever pseudonym you wish as username.

2. On this VM, run `sudo isc_prepare_exam MOODLE_USERNAME` (replace
   variable with your moodle username similar to the part before the '@'
   of the email above -- MANDATORY, otherwise the flags won't work)!

   After running the prepare command, you will find the custom tasks in
   `~/challenges/` subdirectory.

3. It would be a good idea to test that you have correctly filled in the same Moodle
   ID on the CTFd interface & prepare argument.

   For this, you can use the free flag from the `test` challenge and copy it to
   the CTFd platform. If everything went according to plan, it should be accepted 
   as the correct flag (but gives 0 points and doesn't count towards your final grade!)

   You should also practice copy+pasting on Guacamole:
   https://guacamole.apache.org/doc/gug/using-guacamole.html#copying-pasting-text
   TLDR: press Ctrl+Shift+Alt to display the side menu, the same to close it!
   (ask the assistants for help if you can't find it)

   Note: ALL flags have the same format, "ISC{...}", and length (with some
   exceptions, e.g. `osint` & `hiddenports`)!

4. For each task tried / solved, please leave the scripts used behing on the VM.

   !!!IMPORTANT!!! For backup/safety reasons, you should also create a `flag.txt`
   file inside challenge directory to store it!

   We are not to be held responsible for any lost flags on CTFd! 
   (happened once :D )

GL HF!

If you read all of this, congratulations! triple click here: ISC{4lw3ys_r3d3h_f1n3_m4nu0l} DO NOT GIVE TO THE UNWORTHY WHO DID NOT RTFM! K?THX

isc/info/practical_exam.txt · Last modified: 2025/01/17 22:38 by florin.stancu
CC Attribution-Share Alike 3.0 Unported
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0