-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathrules.html
154 lines (136 loc) · 6.53 KB
/
rules.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
<html lang="en">
<head>
<title>Square CTF: hacking competition!</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="shortcut icon" type="image/x-icon" href="../favicon.ico">
<meta name="og:title" content="Block CTF: hacking competition!">
<meta name="og:url" content="https://blockctf.com/">
<meta property="og:type" content="website">
<meta name="og:description" content="Compete to solve security-related challenges.">
<meta property="og:image" content="../og.png">
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@BlockEng">
<meta name="twitter:title" content="Block CTF: We make security and hacking more approachable — since 2014.">
<meta name="twitter:description" content="Compete to solve security-related challenges.">
<meta name="twitter:image" content="../og.png">
<meta name="description" content="Compete to solve security-related challenges.">
<meta name="author" content="Block, Inc.">
<link rel="stylesheet" media="screen" href="../squarectf.css">
</head>
<body>
<div class="wideline begin">
<span>RULES(2019)</span>
<span><a href="../index.html"><img src="../sqlogo.svg"></a></span>
<span>RULES(2019)</span>
</div>
<h1>Name</h1>
<p>contest-rules - 2019 Square Capture the Flag rules.</p>
<h2>Dates</h2>
<p>The event starts on October 10th 2019, at 19:00 UTC and ends on October 16th 2019, at 19:00 UTC.</p>
<p>Puzzles will be available for future download. Points will not be awarded for solving them after the event ends.</p>
<p>All puzzles are solvable <b>without brute forcing</b> the solutions.</p>
<h2>Flag format</h2>
<p>You know you have successfully solved a puzzle if you find a string which matches the following
<a href="https://imgs.xkcd.com/comics/regular_expressions.png">regular expression</a>:<br/>
<span>/flag-[0-9a-f]{8,64}/i</span>.
</p>
<p>
For instance, <span class="inv">flag-27fbe50bf1ccdaf5cfc9a1</span> or <span class="inv">FLAG-E8EFDA46</span> would be valid flags.
</p>
<h2>Timed release</h2>
<p>
Each puzzle will be released at a specific time (spread over one week). Schedule is made available before the
event start. The release times are carefully picked to avoid favoring any given timezone.
</p>
<p>
Puzzles are independent and can be solved in any order.
</p>
<h2>First solver bonus</h2>
<p>
The first team to solve a challenge and submit a valid flag will be awarded bonus points.
</p>
<h2>Reference machine</h2>
<p>
All puzzles have been verified to be solvable using Ubuntu 18.04 and Chrome 77.0.3865.90. Most puzzles should be
solvable on a variety of operating system / browser / virtualization software combinations.
</p>
<p>
If a puzzle contains binaries for various platforms, only the Linux binary is guaranteed to be correct. Other
platforms are provided as a convenience only and are not guaranteed to work.
</p>
<h2>Prizes</h2>
<p>
Small prizes will be awarded to the top scoring team or teams. The organizers will contact the winners to organize
prize delivery.
</p>
<p>
If there is a tie, the first team to have scored their last point, based on the organizers' records, wins the
tie.
</p>
<p>
Decision of the organizers will be final and binding with regard to the prizes.
</p>
<h2>Teams</h2>
<p>
One-person teams are allowed, but it's more fun with friends! There is no limit on team size. We try our best to
provide prizes for all team members, without guarantee for teams larger than ten (10) members.
</p>
<h1><b>Terms of Service</b></h1><br/>
<h2>Email and data use</h2>
<p>
Providing an email is optional. The email is only used for account recovery purpose and as a means of contact
for prize coordination.
</p>
<p>
All data related to the event will be deleted shortly after the event ends. Your email will not be associated with
any other Square services.
</p>
<h2>Cookie and tracking</h2>
<p>*.squarectf.com does not use any tracking technology. Cookies may be used for the purpose of authentication and
content delivery (CloudFlare CDN) purpose.</p>
<h1>ctftime.org</h1>
<p>Your team name and score will be made available in a public fashion and shared with <a href="https://ctftime.org/">ctftime.org</a>.
Points scored in this event should count towards your global CTF Time leaderboard.</p>
<h1>Bugcrowd</h1>
<p>This website (and anything hosted under *.squarectf.com) is not included in Square's
Bugcrowd <a href="https://bugcrowd.com/square">bug bounty programs</a>.
Please visit the official Bugcrowd site for additional information about Square's bug
bounty programs.
</p>
<h1>CTF Scope</h1>
<p>
The challenges posted on this site may be hacked using any tools desired. However,
hacking of any Square infrastructure, which is separate infrastructure from this site,
falls under the terms of Square's Bugcrowd <a href="https://bugcrowd.com/square">bug bounty program</a>. In
addition, Slack has their own <a href="https://slack.com/terms-of-service/user">terms of service</a> for
appropriate use. When in doubt, contact a CTF organizer to determine whether a site or server is within the CTF
scope.
</p>
<p>
The CTF is running on infrastructure hosted by other companies. Please be kind and
limit traffic to a reasonable level. <b>All puzzles are solvable without brute forcing
the solutions</b>.
</p>
<h1>Code of Conduct</h1>
<p>
By participating in this Contest you agree to abide by the <a href="../code_of_conduct.html">Square CTF Code of
Conduct</a>. Unacceptable behavior by participants will not be tolerated. Anyone asked to stop unacceptable
behavior is expected to comply immediately. If a participant engages in unacceptable behavior, the Square CTF
organizers may take any action they deem appropriate at their sole discretion, up to and including expulsion from
the Competition and expulsion from the Square CTF Slack.
</p>
<h1>See also</h1>
<p>
<a href="https://squ.re/2POCGUK">Work_at_Square(1)</a>,
<a href="https://squareup.com/legal/privacy">Privacy_policy(1)</a>,
<a href="../code_of_conduct.html">Code_of_conduct(1)</a>
</p>
<div class="wideline end">
<span>Block, Inc.</span>
<span>(c) <script>document.write(new Date().toLocaleString("en-us", {month: "long", year: "numeric"}));</script></span>
<span>RULES(2019)</span>
</div>
</body>
</html>