Demo day 1 information:
https://ad.rabac.tfhttps://scoreboard.rabac.tf/2025-02-22T10:00:00+02002025-02-22T11:00:00+02002025-02-22T17:00:00+02001205https://ad.rabac.tf/competition/teams.jsonnc 10.98.0.1 31111RABA_[A-Za-z0-9+/]{32}10.98.${team_id}.1from 2 onwards
A VPN is required to connect to your vulnbox, connect to the game services and attack other teams.
Your team will be given a zip file containing wireguard configurations.
Give each team member a single different configuration file (make sure no two people have the same configuration).
For activating the VPN, install Wireguard (https://www.wireguard.com/install), open it and click Import tunnel(s) from file and then choose
the wireguard configuration file you were given.
Then press Activate to start the tunnel.
You will receive access to your vulnbox at 2025-02-22T10:00:00+0200. At 2025-02-22T11:00:00+0200 the network will open and you can start attacking other teams.
The network will close at 2025-02-22T17:00:00+0200.
You will receive credentials to connect to the vulnbox at the start of the competition. You can then connect to the vulnbox with the command
ssh player@10.98.[team_id].1[team_id] is your team's ID, that you will also receive alongside your credentials.
/root/.ssh) there will be an authorized_keys file containing a public key. Do not delete it,
or the organizers will not be able to help you with any problems (including resetting your vulnbox, should you need it).
[team_id] with the ID of another team (IPs of other teams can be found on the scoreboard).
Team IDs start at 2.
The scoreboard can be accessed at
https://scoreboard.rabac.tf (needs VPN connection).
There, you can see the current standings, current points, what services are alive on a per-tick basis, what services are being exploited and other statistics about the game.
The game is separated into ticks. Every 2 minutes, a new tick will start and every tick, the checkerbot will check whether your services are working
properly and place a flag in each service.
A flag is valid for 5 ticks, meaning you can submit up to 10 minute old flags to the submission server, and get points for it, however flags older than 5 ticks will
not give you any points.
Flag IDs of the last 5 ticks can be accessed at https://ad.rabac.tf/competition/teams.json
It is a JSON formatted file, in which you can access the flag IDs via the flag_ids key.
There, the flag IDs are separated by service (flagstore) and further by team IDs.
An example teams.json file is given below:
{
"teams": [
7,
8
],
"flag_ids": {
"exampleService": {
"8": [
"randomUsername1;randomGroupname1",
"randomUsername2;randomGroupname2"
],
"7": [
"otherRandomUsername1;otherRandomGroupname1",
"otherRandomUsername2;otherRandomGroupname2"
]
}
}
}
You can submit flags to the teamserver at submission.rabac.tf:31111
Keep in mind to submit only one flag per line (seperate flags with newlines) and that it is not over HTTP, but raw TCP.
Example linux command to connect to submission server (must have netcat installed):
nc 10.98.0.1 31111import socket
def submit_flags(flags: list[str]):
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.settimeout(5)
sock.connect(('10.98.0.1', 31111))
payload = b'\n'.join(s.encode() for s in flags) + b'n'
sock.sendall(payload)
sock.close()
except Exception as e:
logger.warning(f'Error while sending flags: {e}', exc_info=True)
All the flags are in the regex format RABA_[A-Za-z0-9+/]{32}
You can use this regex to find flags in non-parsed output (for example inside the HTML of a webpage).