• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Dash-based CTF (Capture The Flag) Competition

Introduction

Capture The Flag is a competition which involves hosting deliberately vulnerable servers/infrastructure for people to attempt to breach, for examples see Vulnhub or Tryhackme. They generally attract a younger crowd interested in attempting to breach services, often a server will have a few services running and you have to go through steps to try to gain root access, with hints (or not) along the way. They provide spaces for people to use existing vulnerabilities and even make their own tools to attempt to gain access... a typical 'easy' box may look like this:

* Port scanner reveals 22,80,443 open. Directory scan 80 and find /secret which is a wordpress website, brute force (or look for other vulnerabilities) and gain access, upload a malicious script to gain access to the server as www-data then use a kernel vulnerability to gain 'root' access. The secret (or flag) is often in /root

It's not the faint of heart but there is a large community interested in CTF's and it would be fantastic to bring our name into that. Since I can't publish any links here google for "hacking capture the flag" and see how much interest there is. This proposal wouldn't be for those that are already here, it'd be to get our name out there and get some interested people to come try

How does this relate to Dash?

Prizes can be paid in Dash at certain areas of the competition, for example maybe there's a /data that most people would miss with a riddle inside that reveals a Dash private key/24 words ;)

How often?

A one off for now. All servers will come up at a set time and be up for 24 hours - if it's a success then I will think about running more events throughout the year. The servers will be provided by AWS, we'll use their "Game" form to get amnesty for the servers used.

Why?

CTF's often attract a younger crowd who are interested in learning about penetration testing, hacking and thinking outside the box. This competition would give some exposure to Dash to a crowd I believe Dash sorely needs.

How much?

Well, it's just me! So all I'd ask for is server hosting costs (probably a few hundred US), prizes and the 5 Dash back for the proposal if there's interest. Prizes will depend on what you guys think, I'm thinking a large prize for one particular (very hard) server, and smaller prizes dotted around the servers.

Who even are you?

I'm mostly active on the Discord so ping me and say hi if you're there, and I've been in Dash quite a long time :)

It will take me about a month to actually make these boxes, some very difficult but not impossible and some warm up ones.
 
Last edited:
Back
Top