RUS  ENG
Full version
JOURNALS // Prikladnaya Diskretnaya Matematika. Supplement // Archive

Prikl. Diskr. Mat. Suppl., 2014 Issue 7, Pages 106–108 (Mi pdma168)

Mathematical Foundations of Computer Security

The universal vulnerability exploitation platform for CTF

P. Y. Sviridov, G. Y. Zaytsev, A. S. Ivachev

Tomsk State University, Tomsk

Abstract: Capture the Flag (CTF) is a command educational computer security competition. The aim of all CTF games is to capture flags from vulnerable services of other teams. There are a lot of routine tasks in CTF games according to the rules. In order to automate the tasks, a big software project named Pechkin and implemented in C++ is built. The aim of Pechkin is to automate the exploitation of enemy services vulnerabilities. It runs instances of exploits, manages the instances, calculates statistics, performs logging, etc. Pechkin has a modular architecture. Each module implements one of the pointed functions and is started by the main one which is called a platform. The platform connects all the modules by passing messages between them. In different games, many parameters (e.g. the jury system interface and rules) may vary setting some restrictions. Pechkin cares about them, and the team members are free of them. The only offensive concern left for the participants is the creative process of finding vulnerabilities and writing exploits. The architecture allows the implementation of a scalable system with a load-balancing which is very important to CTF, because the game is long, unpredictable, and resource-draining.

Keywords: CTF, flag, vulnerability, exploit.

UDC: 004.453

Language: English



© Steklov Math. Inst. of RAS, 2024