The universal vulnerability exploitation platform for~CTF

P. Y. Sviridov; G. Y. Zaytsev; A. S. Ivachev

Geodesic

Parcourir par

The universal vulnerability exploitation platform for~CTF

P. Y. Sviridov ; G. Y. Zaytsev ; A. S. Ivachev

Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 106-108.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

Capture the Flag (CTF) is a command educational computer security competition. The aim of all CTF games is to capture flags from vulnerable services of other teams. There are a lot of routine tasks in CTF games according to the rules. In order to automate the tasks, a big software project named Pechkin and implemented in C++ is built. The aim of Pechkin is to automate the exploitation of enemy services vulnerabilities. It runs instances of exploits, manages the instances, calculates statistics, performs logging, etc. Pechkin has a modular architecture. Each module implements one of the pointed functions and is started by the main one which is called a platform. The platform connects all the modules by passing messages between them. In different games, many parameters (e.g. the jury system interface and rules) may vary setting some restrictions. Pechkin cares about them, and the team members are free of them. The only offensive concern left for the participants is the creative process of finding vulnerabilities and writing exploits. The architecture allows the implementation of a scalable system with a load-balancing which is very important to CTF, because the game is long, unpredictable, and resource-draining.

Keywords: CTF, flag, vulnerability
Mots-clés : exploit.

@article{PDMA_2014_7_a45,
     author = {P. Y. Sviridov and G. Y. Zaytsev and A. S. Ivachev},
     title = {The universal vulnerability exploitation platform {for~CTF}},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {106--108},
     publisher = {mathdoc},
     number = {7},
     year = {2014},
     language = {en},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2014_7_a45/}
}

TY  - JOUR
AU  - P. Y. Sviridov
AU  - G. Y. Zaytsev
AU  - A. S. Ivachev
TI  - The universal vulnerability exploitation platform for~CTF
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2014
SP  - 106
EP  - 108
IS  - 7
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2014_7_a45/
LA  - en
ID  - PDMA_2014_7_a45
ER  -

%0 Journal Article
%A P. Y. Sviridov
%A G. Y. Zaytsev
%A A. S. Ivachev
%T The universal vulnerability exploitation platform for~CTF
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2014
%P 106-108
%N 7
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2014_7_a45/
%G en
%F PDMA_2014_7_a45

P. Y. Sviridov; G. Y. Zaytsev; A. S. Ivachev. The universal vulnerability exploitation platform for~CTF. Prikladnaya Diskretnaya Matematika. Supplement, no. 7 (2014), pp. 106-108. http://geodesic.mathdoc.fr/item/PDMA_2014_7_a45/

Bibliographie
Cité par

[1] Norton J., “Dynamic class loading for $C++$ on Linux”, Linux Journal, 2000, no. 73 http://www.linuxjournal.com/article/3687