What is CSAW 365?
CSAW 365 is a living archive of past CSAW challenges. Now teachers, students, and everyday people can easiliy deploy CSAW challenges whenever they wish and practice their hacking skills against some of the finest CTF challenges in the world.
How do I play?
To play in CSAW 365 you should:
- Register here
- Setup a VPN client for your operating system
- Download your VPN keys from your profile
- Visit the Challenges page to start hacking!
What if I don't know how to play in Capture The Flags?
In addition to hosting our previous and future CTF challenges, CSAW 365 is provided alongside CTF 101 which is a learning resource to provide new players with knowledge and ideas about how to approach common CTF problems.
How do I connect to challenges?
You can only connect to server based challenges if you are on the CSAW 365 VPN.
To connect you need to download your keys and set them up in a VPN client for your system.
Why did my challenge turn off?
Server based challenges (we call them services) are destroyed when the challenge modal is closed or if the destroy button is closed.
Who chose these point values?
Point values were generally chosen by the students in charge of running the respective CSAW competition of that year. In general, challenges worth 100 points are the easiest while challenges worth 500 or higher are the hardest.
In designing CSAW 365 we chose to remain faithful to the original material instead of changing point values (A very small number of challenges' point values were changed). Thus some challenges may be more difficult or simpler than would be indicated by their point values.
What is 10.67.0.1?
10.67.0.1 is the "magic" IP address where all of your challenge instances will be deployed. It is magic because it auto-magically handles the routing between you and the server (on our end) where your challenge is actually deployed.
Why can't I connect back to my server?
CSAW 365 is deployed on a controlled network. We make every attempt to remain as secure as possible. Because of this we do not allow for challenge instances to blindly connect to external services. To "connect back" to a server to exfiltrate data or a flag, you should connect back to your own host on the VPN.
Your computer (while connected to the CSAW 365 VPN) will receive a unique IP address on the range. This IP address can be used in your connect back exploits to exfiltrate data and flags if required.
I think I've found an issue
Send an email with the details to [email protected] and someone will take a look!