Differences
This shows you the differences between two versions of the page.
|
isc:info:practical_exam [2025/01/17 18:44] florin.stancu [Hints] |
isc:info:practical_exam [2026/02/11 15:20] (current) florin.stancu [VM MOTD] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Practical Exam Guidelines ====== | ====== Practical Exam Guidelines ====== | ||
| - | ===== Organization (2024-2025): ===== | + | ===== Organization (2025-2026): ===== |
| - | * **Date**: Saturday, 18 Jan 2025 09:00 | + | * **Date**: 12-13 feb 2026!! |
| - | * **Location**: EC004, EC101, EC105 & EG301 (check gradebook / "Practic" column !!! ) | + | * **Location**: EC004 & EC105! |
| * **Duration**: 4 hours; you can leave whenever you wish, though you must notify an assistant (who will then deactivate your CTFd account & VM); | * **Duration**: 4 hours; you can leave whenever you wish, though you must notify an assistant (who will then deactivate your CTFd account & VM); | ||
| * **Prerequisites:** Laptop with web browser (for CTFd scoreboard + Guacamole) + you must be able to authenticate with the university account! | * **Prerequisites:** Laptop with web browser (for CTFd scoreboard + Guacamole) + you must be able to authenticate with the university account! | ||
| * **Seating**: no specific ordering, just to ensure adequate spacing: one empty desk between each student + middle row of each classroom should remain completely empty! | * **Seating**: no specific ordering, just to ensure adequate spacing: one empty desk between each student + middle row of each classroom should remain completely empty! | ||
| - | * **Power outlets**: we will bring 20+ power strips of varying lengths, but it would help if some of you bring their own (especially if you have some with >4 receptacles to also help your colleagues 😇). | + | * **Power outlets**: we will bring 20+ power strips of varying lengths, but it would help if some of you bring their own (especially if you have some with >= 4 receptacles to also help your colleagues 😇). |
| ===== Basic Exam Workflow ===== | ===== Basic Exam Workflow ===== | ||
| Line 15: | Line 15: | ||
| * If you don't wish to use Guacamole's web-based SSH, simply use it once to input [[:isc:info:virtualmachine|your own authorized keys]], then use your preferred SSH client (make sure to jump-connect via fep.grid.pub.ro!); | * If you don't wish to use Guacamole's web-based SSH, simply use it once to input [[:isc:info:virtualmachine|your own authorized keys]], then use your preferred SSH client (make sure to jump-connect via fep.grid.pub.ro!); | ||
| * you should have all required CLI tools installed, no port forwarding required (even for the web / networking tasks -- no GUI required); | * you should have all required CLI tools installed, no port forwarding required (even for the web / networking tasks -- no GUI required); | ||
| - | * We will host a [[https://github.com/CTFd/CTFd|CTFd]] instance (open source CTF scoreboard) at [[https://isc2024.root.sx]], where you will need to register an account on exam day (the password will only be given then!), read the VM MOTD below for instructions... | + | * We will host a [[https://github.com/CTFd/CTFd|CTFd]] instance (open source CTF scoreboard) at [[https://isc2025.root.sx]], where you will need to register an account on exam day (the password will only be given then!), read the VM MOTD below for instructions... |
| * After registering to CTFd and connecting to your VM, you can run the exam preparation script (just once) and start hacking! | * After registering to CTFd and connecting to your VM, you can run the exam preparation script (just once) and start hacking! | ||
| Line 22: | Line 22: | ||
| ===== Challenges ===== | ===== Challenges ===== | ||
| - | * There will be 14 tasks of various difficulty levels, each will contain 1 flag; | + | * There will be 13 tasks of various difficulty levels, each will contain 1 flag; |
| * For maximum grade, you will only need to solve 10 (ANY) of them (the rest are bonus, though it doesn't count towards your final grade!); | * For maximum grade, you will only need to solve 10 (ANY) of them (the rest are bonus, though it doesn't count towards your final grade!); | ||
| * Challenges will be categorized jeopardy-style (e.g., crypto, binary, web, networking, misc) on the CTFd platform, which shall give you a hint of the methods to use to approach them; | * Challenges will be categorized jeopardy-style (e.g., crypto, binary, web, networking, misc) on the CTFd platform, which shall give you a hint of the methods to use to approach them; | ||
| Line 29: | Line 29: | ||
| * The score is also helpful for determining a (somewhat subjective) difficulty level of the task; for example, we will use a starting score of 200 for easy challenges, a score of 400 for an average task and 600+ for difficult ones; | * The score is also helpful for determining a (somewhat subjective) difficulty level of the task; for example, we will use a starting score of 200 for easy challenges, a score of 400 for an average task and 600+ for difficult ones; | ||
| * CTFd scores for the tasks will be diminished (by a little) as more users solve them, rewarding the speedy ones! | * CTFd scores for the tasks will be diminished (by a little) as more users solve them, rewarding the speedy ones! | ||
| + | * Also note this: you do not need to bruteforce your way in any challenge, and you don't have to leave your home directory (/home/student) for any of it! | ||
| + | * **Oh, and:** you don't have root/sudo acces on the VM and if you think you need it, it is most certainly NOT the way to do it! | ||
| ===== Hints ===== | ===== Hints ===== | ||
| Line 36: | Line 37: | ||
| * Use Google and ''man'' a lot! You can also scan the labs / remember what you did in your homework... | * Use Google and ''man'' a lot! You can also scan the labs / remember what you did in your homework... | ||
| * Don't panic! [[https://www.youtube.com/watch?v=pOyK9qQpdyQ|Always trust in yourself]]. | * Don't panic! [[https://www.youtube.com/watch?v=pOyK9qQpdyQ|Always trust in yourself]]. | ||
| + | * Periodically watch out for hints broadcasted via CTFd in-system notifications, if any ;) | ||
| ===== VM MOTD ===== | ===== VM MOTD ===== | ||
| Line 50: | Line 52: | ||
| 1. Create an account on the web-based CTFd platform: | 1. Create an account on the web-based CTFd platform: | ||
| - | Link: https://isc2024.root.sx | + | Link: https://isc2025.root.sx |
| * use your UPB email (e.g. "prenume.nume@stud.acs.upb.ro" -- the domain is | * use your UPB email (e.g. "prenume.nume@stud.acs.upb.ro" -- the domain is | ||
| Line 76: | Line 78: | ||
| Note: ALL flags have the same format, "ISC{...}", and length (with a single | Note: ALL flags have the same format, "ISC{...}", and length (with a single | ||
| - | exception: the `osint` one)! | + | exception about length only, for the `osint` challenge)! |
| - | 4. For each task tried / solved, please leave the scripts used behing on the VM. | + | 4. For each task tried / solved, please leave the scripts you used on the VM. |
| - | !!!IMPORTANT!!! For backup/safety reasons, you should also create a `flag.txt` | + | !!!IMPORTANT!!! For backup/safety reasons, you should also create a `flags.txt` |
| - | file inside challenge directory to store it! | + | file inside challenges directory to store them all (you might also wish to copy |
| + | them locally)! Please prefix them with the name of the task (e.g., | ||
| + | `aes_rsa: ISC{asd_1337_xyz}`). | ||
| - | We are not to be held responsible for any lost flags on CTFd! | + | This is in case the CTFd platform crashes and loses its database (happened 2 years |
| - | (happened once :D ) | + | ago :D). |
| GL HF! | GL HF! | ||
| </code> | </code> | ||
| - | <color gray>If you read all that, congratulations! triple click here: </color> <color white>a flag will be posted here on the exam day!</color> | ||
