Root The Box IX Root The Box IX
Spring 2013 / Chandler, AZ
Root the Box is a computer hacking (CTF) game that requires skill, speed and teamwork.
Participate
The Event
FAQ
Software
Participate
Home Participate The Event FAQ Software

News

2/28/13

New Site

The new Root the Box IX site is live! We think it looks amazing and would like to thank David Mayman for all of his sleepless nights! Tell us what you think of the new site Here!

1/6/13

Root The Box IX Rescheduled

Root the box IX has been rescheduled to Spring 2013. More information to come soon!

Twitter

Sign Up

Price

Free!

Preregister for Root The Box IX

Spring 2013 (Pending)

Preregistration for Root the Box IX: Some Assembly Required will be open shortly.

Donate to Root The Box

Donate with Bitcoin
The Event
Home Participate The Event FAQ Software

How To Play

Root the Box is a safe sand box where students can fail, succeed, and experiment without fear of any legal repercussions. The barrier for entry in well established CTF competitions is often extremely high, and requires large amounts of prerequisite knowledge. We believe that the fun, adrenaline fueled practice of attacking computer systems can engage students through an interactive learning experience that cannot be reproduced in a classroom environment.

The Basics The Basics

The Basics

Teams compete against one another to capture the largest number of flags, while earning money which can be spent to impair their opponents or aid their own team.

Flags Flags

Flags

Flags often include finding vulnerabilities of web applications, application misconfigurations, binary reverse engineering, social engineering and more.

Levels Levels

Levels

The game consists of various levels which all contain unique flags of varying difficulty. Teams can unlock new levels by either paying money or capturing every flag on that level.

Difficulty Difficulty

Difficulty

The Root the Box challenges range from very basic to moderately complex. Challenges are taken from a wide array of disciplines such as reverse engineering, web application exploitation and social engineering, promoting participation from students of all skill levels.

Location

Google Maps

Chandler Arizona

Exact Location TBD

Date

Day

1

Training

TBD

7pm - 12am

The first day of Root the Box is an introduction to the competition, and its associated challenges. There will also be lectures and workshops available to help foster the educational experience. You do not need to attend the day 1 talks in order to participate in the CTF but you are strongly encouraged to.

Day

2

Competition

TBD

1pm - 2am

The second day of Root the Box, opens the entire competition up for hackery. Mentors will be available for guidance.

  • Registration: 1pm
  • Competition: 2pm - 1am
  • Awards Ceremony: 1am

Schedule: Day 1

Track 1

  • Keynote
    TBD
    7 - 8pm
  • Network Recon
    @redshift
    8 - 8:30pm
  • Metasploit 101
    @moloch
    8:30 - 9pm
  • Linux & Foo
    @nogui
    9 - 9:30pm
  • An Introduction to Stack Smashing
    @moloch
    10 - 11pm
  • SEH Stomping
    @moloch
    11 - 12am

Track 2

Track 3

  • The Social Engineer's Mindset
    @redshift
    8:30 - 9pm
  • Lockpicking 101
    @redshift
    9:30 - 10pm
  • Password Cracking 101
    @pickles
    9:30 - 10pm
  • XSS & Friends
    TBD
    10:30 - 11:30pm

Schedule: Day 2

  • icon-sched-2
    Registration
    1pm - 2pm
  • icon-sched-1
    Capture the Flag
    2pm - 1am
  • icon-sched-3
    Awards Ceremony
    1am - 2am
FAQ
Home Participate The Event FAQ Software
How are the teams chosen?

You may choose up to one partner. You and your partner will be randomly paired with other participants to create a team of four. We find this helps distribute talent and forces everyone to make new friends.

What are the prizes?

Prizes will be given for various achievements such as "worst password", and "best physiological melt-down".

What can I do to prepare?

Many of the organizers for Root the Box are active members of a local student run security research group called Buffer[Overflow]. Public meetings are held the third Thurday of the month at UAT starting at 7:30 p.m. in room 253. Meetings cover a range of security related topics, many are directly related to Root the Box. If you're looking for a place to learn from fellow practitioners, and increase your skills we strongly encourage you to attend meetings! Additionally the Phoenix OWASP chapter holds monthly meetings in the UAT theater.

What should I bring?

You will need a laptop or desktop computer. We recommend, regardless of your setup, that via virtualization or dual booting you have access to both Linux and Windows operating systems.

Who can compete?

Anyone can play, however Root the Box is aimed at college students who want to learn more about information security or just enjoy hacking.

Is Root the Box open source?

Yes, Fork us on Github (Apache v2). We also welcome code contributions, and bug fixes!.

What skills are required for participants?

The boxes and other challenges are aimed at introductory and intermediate skill levels; you only need a basic understanding of how to use Windows and/or Linux. We also have skilled advisers to whom you can ask questions during the competition if you don't understand all the subtleties of a specific tool or exploit. Persons of all skill levels are strongly encouraged to participate, the educational potential in events such as Root the Box cannot be overstated. At the very least you will learn the areas in which you should focus your studies.

Do you allow off-site participation?

We have tentative plans to allow competitors to VPN into the local network if they are not in the Phoenix, AZ area but at this time we have not implemented it so you must be on-site to play.

What can I expect?

Hacking, music, pizza, highly caffeinated beverages, and employment opportunities.

What is the best strategy?

See The Art of War.

Can I come and not participate?

If this is your first time at Root the Box, you are highly encouraged to participate. However, you can come to just watch.

Where can I ask additional questions?

[email protected]

Software
Home Participate The Event FAQ Software

Root The Box Scoring Engine

Your Heads-Up Display

The scoring engine is the central piece of the Root the Box project. The goal of the scoring engine is to create a reusable piece of software that can be used by schools and other small organizations to easily start and run their own CTFs. The scoring engine aims to provide real-time game data and better enable team collaboration.

developed by @moloch

Fujd

The Hacker Toolbox

Fujd is a collection of scripts that can be used to quickly create web application projects using the Tornado, SQL Alchemy, Bootstrap stack; the same stack used to develop Root the Box and the Planetary Assault System.

developed by @hathcox

The Planetary Assault System

Fire and Forget Password Cracking

Password cracking has always been a passion of the Root the Box development team, and it plays an important role in the event as well. The Planetary Assault System enables small organizations to role their own password cracking cloud which combines several different cracking techniques such as time memory trade-off and GPU brute forcing with character and word frequency analysis to quickly and automatically crack even complex passwords.

developed by @moloch