Differences
This shows you the differences between two versions of the page.
|
isc:info:practical_exam [2025/01/17 17:46] florin.stancu |
isc:info:practical_exam [2025/01/17 22:38] (current) florin.stancu [VM MOTD] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== ISC Practical Exam Guidelines ====== | + | ====== Practical Exam Guidelines ====== |
| - | ===== Organization: ===== | + | ===== Organization (2024-2025): ===== |
| - | * **Date**: Saturday, 18 Jan 2025 | + | * **Date**: Saturday, 18 Jan 2025 09:00 |
| * **Location**: EC004, EC101, EC105 & EG301 (check gradebook / "Practic" column !!! ) | * **Location**: EC004, EC101, EC105 & EG301 (check gradebook / "Practic" column !!! ) | ||
| + | * **Duration**: 4 hours; you can leave whenever you wish, though you must notify an assistant (who will then deactivate your CTFd account & VM); | ||
| * **Prerequisites:** Laptop with web browser (for CTFd scoreboard + Guacamole) + you must be able to authenticate with the university account! | * **Prerequisites:** Laptop with web browser (for CTFd scoreboard + Guacamole) + you must be able to authenticate with the university account! | ||
| * **Seating**: no specific ordering, just to ensure adequate spacing: one empty desk between each student + middle row of each classroom should remain completely empty! | * **Seating**: no specific ordering, just to ensure adequate spacing: one empty desk between each student + middle row of each classroom should remain completely empty! | ||
| Line 17: | Line 18: | ||
| * After registering to CTFd and connecting to your VM, you can run the exam preparation script (just once) and start hacking! | * After registering to CTFd and connecting to your VM, you can run the exam preparation script (just once) and start hacking! | ||
| - | <note warning>The exam is open-book, everything is allowed (including ChatGPT) except human2human conversations!</note> | + | <note warning>The exam is open-book, everything is permitted (including ChatGPT) except human2human conversations!</note> |
| ===== Challenges ===== | ===== Challenges ===== | ||
| Line 24: | Line 25: | ||
| * For maximum grade, you will only need to solve 10 (ANY) of them (the rest are bonus, though it doesn't count towards your final grade!); | * For maximum grade, you will only need to solve 10 (ANY) of them (the rest are bonus, though it doesn't count towards your final grade!); | ||
| * Challenges will be categorized jeopardy-style (e.g., crypto, binary, web, networking, misc) on the CTFd platform, which shall give you a hint of the methods to use to approach them; | * Challenges will be categorized jeopardy-style (e.g., crypto, binary, web, networking, misc) on the CTFd platform, which shall give you a hint of the methods to use to approach them; | ||
| + | * Most categories will have an easy challenge and one difficultish one; | ||
| * Each task will have a CTFd score (i.e. a number of in-game points) assigned, used for competition ranking BUT **DOES NOT MATTER FOR YOUR GRADE** (again: if you solve any 10 of them, you will receive 100%)! | * Each task will have a CTFd score (i.e. a number of in-game points) assigned, used for competition ranking BUT **DOES NOT MATTER FOR YOUR GRADE** (again: if you solve any 10 of them, you will receive 100%)! | ||
| * The score is also helpful for determining a (somewhat subjective) difficulty level of the task; for example, we will use a starting score of 200 for easy challenges, a score of 400 for an average task and 600+ for difficult ones; | * The score is also helpful for determining a (somewhat subjective) difficulty level of the task; for example, we will use a starting score of 200 for easy challenges, a score of 400 for an average task and 600+ for difficult ones; | ||
| * CTFd scores for the tasks will be diminished (by a little) as more users solve them, rewarding the speedy ones! | * CTFd scores for the tasks will be diminished (by a little) as more users solve them, rewarding the speedy ones! | ||
| + | * Also note this: you do not need to bruteforce your way in any challenge, and you don't have to leave your home directory (/home/student) for any of it! | ||
| + | * **Oh, and:** you don't have root/sudo acces on the VM and if you think you need it, it is most certainly NOT the way to do it! | ||
| + | ===== Hints ===== | ||
| + | * Start with the easy ones! | ||
| + | * Set a countdown timer to 3-5 minutes; on expiration, move on to another task, repeat! | ||
| + | * Use Google and ''man'' a lot! You can also scan the labs / remember what you did in your homework... | ||
| + | * Don't panic! [[https://www.youtube.com/watch?v=pOyK9qQpdyQ|Always trust in yourself]]. | ||
| + | * Periodically watch out for hints broadcasted via CTFd in-system notifications, if any ;) | ||
| ===== VM MOTD ===== | ===== VM MOTD ===== | ||
| Line 60: | Line 70: | ||
| For this, you can use the free flag from the `test` challenge and copy it to | For this, you can use the free flag from the `test` challenge and copy it to | ||
| the CTFd platform. If everything went according to plan, it should be accepted | the CTFd platform. If everything went according to plan, it should be accepted | ||
| - | as the correct flag (but gives 0 points!) | + | as the correct flag (but gives 0 points and doesn't count towards your final grade!) |
| You should also practice copy+pasting on Guacamole: | You should also practice copy+pasting on Guacamole: | ||
| Line 67: | Line 77: | ||
| (ask the assistants for help if you can't find it) | (ask the assistants for help if you can't find it) | ||
| - | Note: ALL flags have the same format, "ISC{...}", and length (with a single | + | Note: ALL flags have the same format, "ISC{...}", and length (with some |
| - | exception: the `osint` one)! | + | exceptions, e.g. `osint` & `hiddenports`)! |
| 4. For each task tried / solved, please leave the scripts used behing on the VM. | 4. For each task tried / solved, please leave the scripts used behing on the VM. | ||
| Line 81: | Line 91: | ||
| </code> | </code> | ||
| - | <color gray>If you read all that, congratulations! triple click here: </color> <color white>a flag will be posted here on the exam day!</color> | + | <color gray>If you read all of this, congratulations! triple click here: </color> <color white>ISC{4lw3ys_r3d3h_f1n3_m4nu0l} DO NOT GIVE TO THE UNWORTHY WHO DID NOT RTFM! K?THX</color> |
