 |
VOOZH | about |
|
VOOZH | about |
We just published all services, including source code, checkers, and exploits for all vulnerabilities. If you want to look up solution, you can do so now.
=> https://github.com/saarsec/saarctf-2025
We hope you had a nice experience. See you next year!
That concludes saarCTF 2025. We hope you have enjoyed playing this years iteration and worked on some interesting service (or no-service 😉).
We uploaded the scoreboard to ctftime and on that note would like to congratulate the TOP 3 teams:
Please rate the CTF on ctftime(https://ctftime.org/event/2859) and fill out the feedback form(https://forms.gle/ySYDWnSxTeHRfeAt9). The services will be uploaded to github in the upcoming days after some final clean up.
We are looking forward to seeing you next year!
Network between vulnboxes is now open. Let the competition begin!
We have trouble with the tool that syncs your wireguard configs to the router. This script is temporary disabled, so is editing your wireguard config in the webpage. Every config that you created 10+ minutes ago should be synced to the server already.
If you happen to be without config, you can use sshuttle to your vulnbox public IP as a temporary measure.
Try wg-quick down + wg-quick up. If still not working DM us on IRC with details from that config (team ID + public key + assigned IP).
Vulnbox Decryption key: WM2dLbVszUMG54m9
Network opens in an hour (maybe 14:20).
Have fun!
If you're using our cloud-hosted vulnbox, you can start it now!
Registration is closed now.
We have made some slight changes to service first bloods: If you want to ensure your eternal fame by achieving a first blood on a flagstore, you now have to hand in flags from three different teams. After handing in the first flag for a flagstore, you will notice your team name greyed, cursive and with a questionmark in the respective services first-blood section. Until you hand in flags from two additional teams, your first-blood status will remain tentative and other teams may still claim first blood on that flagstore. Once you have handed in flags from three different teams, your first blood will be confirmed and you will receive the eternal fame you seek.
Dear self-hosters!
The encrypted vulnbox images are now available for preloading. Please compare your copy with these checksums:
ff4b9c5dc55baeb7c3ee15f2b9f1def90226db097a1f46fd95b375dc578b36e2 vulnbox.7z
f170c2f6384874af3a01d6559dbc1daed4fd11e50dc8e07732a749e499736973 vulnbox.tar.xz.gpg
We'll release the key tomorrow at 13:00 UTC.
If you use our cloud hosted setup, you have nothing to prepare here. You can start your vulnbox tomorrow around 12:45 UTC, and get SSH access at 13:00 UTC.
Dear participants,
we just opened the network for our competition. From now on, you can configure your vpn-connections on your team page. You can check your status on https://vpn.ctf.saarland. If you can ping submission.ctf.saarland (10.32.250.2), you're ready to go.
We also published router and testbox images. The encrypted vulnbox will follow later. Use these hashes to verify the integrity of your downloads:
54b4b450dbc3ba46bf9bee096ea214616a44b536c827e8d08f3456cc13fb952d router.ova
05fc2524a2ead53e8c81f5376e90c8c40b50dfe4f971c7cc7fecf97bc6bbfb1c testbox.ova
cee9d33aff72b4da0843ead7e06026dda4a004f66bb0dabc56f6fd88a489a0d5 testbox.tar.xz
We opened the registration for saarCTF 2025. Be quick, sign-up will close a few hours before the competition starts!
Our sixth iteration, saarCTF 2025 will take place on Saturday, 08.11.2025, 13:00 UTC and last for 8 hours, plus one hour preparation time where network is closed. The competition is open to everybody.
We invite you to a classical attack-defense competition. This year, we offer you to host your vulnbox VM in the cloud for you, making things much easier to set up! We will likely provide Virtualbox images as a usual alternative.
The registration is available later, and will stay open until a few hours before the competition starts.