FAUST CTF is an online attack-defense CTF competition run by FAUST, the CTF team of Friedrich-Alexander University Erlangen-Nürnberg. Its ninth edition took place on 28 September 2024.
View resultsResults
Congratulations to TeamGeramy who won FAUST CTF 2024 and scored amazing 55268.79 points. The top-three teams are:- TeamGeramy, 55268.79 points
- Bushwhackers, 54502.96 points
- Superflat, 50606.33 points
Facts
Once again, the competition will work in classic attack-defense fashion. Each team will be given a Vulnbox image to host itself and VPN access. You will run exploits against other teams, capture flags and submit them to our server.
The service decryption password will be released at 2024-09-28 12:00 UTC. The actual competition will start at 13:00 UTC and run for eight hours.
Prizes
For each service, the first team to exploit it, submit a valid flag and provide a write-up will win 64 €. We're sorry, but this year there will be no monetary prizes beyond that.
Please check our rules page for information on payout restrictions.
Qualifier for the "Deutsche Hacking Meisterschaft"
FAUST CTF is proud to be a qualifier for the Deutsche Hacking Meisterschaft (DHM), offering top teams from the DACH region (Germany, Austria, Switzerland) a chance to compete in this prestigious event. The highest-ranking DACH team from FAUST CTF will secure a spot in the DHM, which is a 6-person team competition, bringing together the best talent in cybersecurity from across the region.
The DHM qualification process is split into two paths: half of the participants earn their spot through the CSCG (Cyber Security Challenge Germany), an individual competition lasting for two months, while the other half qualify through team-based events like FAUST CTF. The winning DACH team should contact dhm@nfits.de to confirm their qualification and receive further instructions for DHM participation.
News
Decryption Key Released
🚨 Agents, incoming transmission! 🚨Your first clue is now live. To access the next stage, use the following key:
Password:
D0_y0u_3xp3ct_m3_t0_t41k?_N0_M1573r_B0nd,_1_3xp3ct_y0u_t0_PWN!_8955f5
The mission intensifies from here. Stay focused, agents—your journey has just begun. 🕵️♂️💼
Vulnbox Download
The vulnbox is ready! You have these download options:- An OVA container tested with VirtualBox
- A QCOW2 image tested with libvirt/KVM
To verify the integrity of your download, you may check the SHA256 sums.
As stated in the rules, the decryption password will be released at 2024-09-28 12:00 UTC via email and Discord, and thereafter also here. Please make sure you can run the testbox and connect to the VPN before the CTF.
Testing Vulnbox
Testing Vulnbox images are available. On first login, the Vulnbox will ask you for some information and configure itself properly. You can log in as root using any of the following ways:- Use SSH with the generated random password (may need port forwarding, for the NAT Network)
- Connect to the serial port of the VM (may need configuration)
- Use the graphical console of your virtualization software - not recommended if you want to deploy SSH-Keys or configure VPN.
- When hosting on a cloud provider, chances are that you can enter your SSH-Key when creating the VM (cloud-init is installed).
If you run into problems with the setup, try our suggestions from Basic Vulnbox hosting.
We provide two options for download:- An OVA bundle tested with VirtualBox
- A QCOW2 image tested with libvirt/KVM
To verify the integrity of your download, you may check the SHA256 sums.
Both images are identical, so use the one that fits your needs. The serivces inside are located in `/srv` and are encrypted with the password test
.
To decrypt and start them, use the command /srv/extract-services.py /srv/testbox_services.tar.xz.gpg
.
Note: Testbox and Vulnbox can not be connected to the game VPN at the same time, so make sure to shutdown the Testbox when the real Vulnbox is released.
Registration open
You can now head over to the Registration page to sign up for the competition.
Date is released
We are happy to announce, that the FAUST CTF 2024 will take place on 2024-09-28 at 12:00 UTC. Registration will open soon.