CODE BLUE CTF

Bull's Eye

Need for more accurate exploits

In ordinary CTFs, replicating cyber attacks, all you need is just get a flag as symbolized sensitive data. Your invasion will be regarded as successful once you get the flag. If an error occurs in your exploit, you can fix and retry it immediately - like bruteforcing for "good parameters".
But how about the real world? If you have exploited a memory corruption but could not make no shell spawn, then the target service might be shutdown. If you have exploited an XSS vulnerability but the payload failed to steal cookies, then the victim would never open your suspicious link again.
So far, there have been no competition formats in CTF measuring the accuracy of exploitation, and here is the introduction to an entirely new competition format - Bull's Eye.

What is Bull's Eye?

Bull's Eye pays attention to the precision of exploitation. Once submitted, your exploits would be executed by the organizers and be evaluated with the number of succeeded exploitations. "Evaluation round" will come every a couple of hours, in which we execute submitted exploits.

How to submit exploits?

Every hackers may use different programming languages to develop an exploit and some of them would use their own libraries or tools. We will use Docker as the format of submission to prevent dependency issues. You should submit Docker images having an entry point to trigger your exploits.

How exploits will be executed?

Your exploit image will run with a service image under our environments. Also we would provide environments to test your exploits on your machine.

How scores will be calculated?

The specific formula is TBD. Basically the score would be in propotion to {# of success}/{# of tries}.