About the Hackers Challenge Contest
The Hackers Challenge contest is an event held annually during the SAINTCON conference to challenge your skills as a security professional by presenting players with technology, logical, and security related puzzles and challenges.
Roughly defined, the Hackers Challenge contest is a Jeopardy-like progressive game where players are presented with puzzles that require various security and technical skills to solve. Attendees work on these challenges and submit keys collected from solving them in order to earn points. The person with the highest score at the end of the contest wins.
What you need to know about Hackers Challenge
Josh Galvez, the current game maker gives some insight on how to play the game, skills and knowledge you might needs, and tips and tricks for being successful in this talk from 2016.
GAMEPLAY
Points in the Hackers Challenge contest are awarded for successfully solving the challenges presented during the contest.
PLAY THE GAME
The Gameboard Server is located at www.hackerschallenge.org and is available at the start of the conference. The Gameboard Server is out of scope. Do not attack the Gameboard Server. Doing so will result in disqualification. We monitor these types of things closely.
REGISTRATION
In order to play in this contest, you need to register with an account. For this year, the registration process is:
- Visit the Game Server
- Create an account
- Be certain to use the email address you registered for saintcon with (Chat in the Hackers Challenge slack channel if you have problems)
- You will be emailed a password and an API key
KEYS
Each challenge will provide you with a “KEY”. A key is roughly defined as a string of alphanumeric characters less than 255 characters in length. They will usually be found wrapped in “flag{ }” brackets. When they are not, they should be obvious that you have completed a puzzle and must submit the final answer as the key. Although this is the standard, keys can vary and may be something you do not expect. To score points for the challenge, you will need to submit the key to the game server while you are logged in.
SCORING
All challenges within the contest are worth the same number of points initially, however points for the game are divided across the scores for each person who has solved them. This means that if a 1000 point challenge has been solved by two people, each person would hold 500 points for the challenge. If a third person solves the challenge the value of the challenge will become 333 points for all solvers, and so on.
This scoring method provides the a lot of fliudity in the game, and can have a large impact on scores throughout the entire contest. Its design is multi-purpose:
It discourages sharing of keys because sharing de-values the challenge.
It creates a level playing field as it pertains to the difficulty of a challenge. The more people that solve the challenge the easier it is, and it should be worth less.
- It creates an opportunity for players to include social and strategic gameplay by being able to change the value of the challenges others have solved.
The first person to solve the challenge gets extra points. They will also continue to accrue bonus points each hour until someone new has solved the challenge. This gives an advantage of being first to solve, and also discourages them from sharing keys with others.
API INSTRUCTIONS
You may build a script or other interface using the game API. The API URL is: https://www.hackerschallenge.org/play/api/{API KEY}/{Flag Being Submitted}
This should make scripting submissions to the game easier. Remember, brute force guessing of flags is not allowed.
CONTEST SUPPORT
If you need help completing a challenge, you can visit the Hacker Lounge or ask for assistance on the #HackersChallenge channel in Slack. The Hacker Lounge is a great place to hang out and work collaboratively on the game.
Hints may be given for some challenges during the course of the game, and only if we feel that a hint is needed or justified. Hints will appear on the individual challenge screen for all to see. Most hints will also be announced via the Twitter Feed.
The game also features an Incident Reporting System. In the event you suspect that a challenge is not functioning properly, you can alert the game administrators directly in the game. We will respond quickly, verify it, and confirm it is working or not. This will allow all to know if they are working on a broken challenge.
GAME CHANGE ALERTS
Live updates about the game can be monitored by following the @SAINTCONHC twitter feed. All major changes in the game, and progress will be updated automatically using this feed. Following this feed will help you in keeping up with the game.
CATEGORIES
The following categories will be featured in the Hackers Challenge Contest this year:
- Binary L33tn355
- Crypto Madness
- Pursuits Trivial
CONTEST RULES
The rules for the Hackers Challenge are loosly defined, but strictly include the following:
- Play the game ethically
- Do NOT share captured flags
- You may work together as a team, but there can only be one winner
- Do NOT brute force the scoring server. NO Challenge requires brute forcing
- Do NOT steal flags by compromising other players
DISCLOSURES
The SAINTCON Hacker's Challenge admins reserve the right to disqualify and/or change scores for participants who violate the game rules or participate in unprofessional conduct. We reserve this right without right of dispute or for any other reason we feel is appropriate or prudent.
Also be warned: We have ways of monitoring cheating, sharing of flags, and other shenanigans that might go on. Get away with it... Good for you! Get caught, your score will suffer.