Registering for the Virtual CTF

The online CTF is a team-based challenge. Up to 4 people can be registered to a team. Please follow the directions for creating teams and registering your user id to a team. As all prizes are sent via email, make sure you enter a valid email address when registering. Failure to provide a valid email will cause a forfeit of any prize offered to the winning teams.

NOTE: No inappropriate user names or team names will be permitted! MAGIC reserves the right to disqualify you AND your team if it is determined that you and/or your team registered with any keyword, terms, or words with a negative connotation. This includes icons or emojis.

Individuals:

If you are registering to play as an individual you must still create a team of 1. To register as an individual select Register from the navigation bar. Fill out the username, valid email address, affiliation (school, club, company), registration # (from your registration receipt), and password for your user. Please remember your user id and password. After registering, you'll be presented with the options to create or join a team.

For your team name insert your team name (can be the user id you just created, or a new team name). Select a password. If at a later time you want to invite others to join your team you can forward the team name and password for them to join.

That’s it! You are now registered to play. Your scoring for the competition will be listed under your team name.

Teams: (up to 4 individuals per team)

Assign a team captain from your group. That person will register the team name and assign a password for the other members to join.

Team Captain: Create an account for yourself, as described above. As captain, you will create a team. Select a team name, team affiliation, and a password associated with that team. Once that is done, you can forward the team name and password to your team members to use for registration. Once they create their individual username, they will choose Join Team and enter the information forwarded by the team captain. Please note that team name and password is case sensitive.

Competition Help

Looking for help during the competition? Well, we can't give answers or hints, but if you have technical or general questions, we're here to help. You can chat with us by clicking on the green chat bubble located at the bottom right of your screen. We will be monitoring our communications during the competition, so you will get real-time answers to any questions or issues you have.

Competition Rules

Participation Criteria:

  • Each individual who participates in the Competition (“Participant”) must be at least 13 years of age.
  • Participants must be current students in an accredited middle school, high school, or homeschooled program. College-level students must be currently enrolled in an accredited undergraduate program.
  • Postgraduate or certified professionals in the field of Cybersecurity are prohibited from competition.
  • Previous MAGIC CTF winners are excluded from participation.

By creating an account and participating in the competition challenges, you are agreeing to these competition rules with respect to the current competition.

  1. Individuals and/or Teams may not interfere with the progress of other individuals/Teams, nor with the operation of the Competition’s infrastructure. More specifically, attacking the scoring server, other Teams, or machines not explicitly designated as targets is cheating. This includes both breaking into such machines, and denying others access to them or the ability to solve problems. Sharing keys or providing overly-revealing hints with other teams is cheating, as is being directly assisted by personnel outside the Team (using tools from the internet is OK; asking people on the internet to help solve the problem is not). We encourage participants to solve problems in novel and creative ways using all available resources, but we do require that Participants solve the problems themselves.
  2. All information provided to establish an account must be true and correct. You are responsible for keeping such information up-to-date. Failure to keep your account up-to-date may, among other things, jeopardize your eligibility to compete.
  3. You must utilize appropriate usernames and team ids. No usernames and IDs will be allowed that promote a negative connotation or meaning. MAGIC will disqualify a participant if we deem inappropriate IDs are being used. This includes icons and emojis.
  4. MAGIC runs an honest, ethically responsible competition. At any time, in the sole and absolute discretion of MAGIC, we shall be entitled to disqualify a Participant and/or Team in the event of a failure to meet relevant eligibility criteria or any other violation or suspected violation of these Competition Rules.
  5. Professional teams and teams that have professional skill levels should not participate in this beginner-level educational competition. MAGIC strictly aims to host a beginner competition meant for educational purposes and to allow participants to "get their foot in the door" of cybersecurity. Professional or ranked teams will automatically be disqualified at the end of the event.
  6. Competition problems(challenges) or other content on the MAGIC site remains the property of MAGIC. MAGIC reserves all rights to such materials. You are authorized to access and use such materials solely with respect to registration for and/or participation in virtual CTF by you. You may not use the MAGIC site or any materials on it (including but not limited to the Competition problems) for any unauthorized purpose.
  7. In this competition, tie breaks are essentially resolved by time. If two teams have the same score at the conclusion of the competition, the team with the oldest score time stamp will be declared the winner.

Team Information

As your team will be spread out during the competition, you can utilize several team collaboration tools to communicate with them. All the resources listed are free to use.

You can also use other means of communication such as facetime, text, phone, etc.


Tips for your team during the competition:

Each level and challenge is available for solving. Your team does not need to answer the challenges in order or one at a time. Each team member can work on a different puzzle at the same time if they so desire. Only one team member can input an answer to a particular challenge. Once that puzzle is solved a checkmark will appear next to it confirming the puzzle has been solved. You can work together to solve each puzzle or you can divide and conquer. Hit your browser refresh occasionally to confirm a puzzle hasn't been solved yet. There is no wrong way to work. We don't limit the attempts on puzzles. You can make as many attempts as needed to get the correct answer. This is a learning experience. We want to you solved every puzzle. We also do not deduct points for any of our Level 0 puzzles that have hints attached. However, points are deducted from the more difficult, higher-level puzzles that contain hints. Be very careful asking for a hint as the "cost" points will be deducted from the team score immediately. And remember; the answers are case sensitive.

Tools and Resources:

Unlike our location CTF's, this competition is completely virtual. To help competitors out, we have included a built-in helper tool called CyberChef.

CyberChef is a simple, intuitive web app for carrying out all manner of “cyber” operations within a web browser. These operations include simple encoding like XOR or Base64, more complex encryption like AES, DES, and Blowfish, creating binary and hexdumps, compression and decompression of data, calculating hashes and checksums, IPv6 and X.509 parsing, changing character encodings, and much more.

You can find the Tool button located at the bottom-left of your browser window.

The majority of challenges can be solved with one or more of the following tools:

  • Google search engine.
  • Encrypting/encoding tools. Data conversion. Ciphers. (XOR, ROT, Binary, Base64, Hex(adecimal) Octal, ASCII/UTF-8 character, etc.)
    • Cyberchef ("Tools" button within the competition window)
    • https://www.dcode.fr/ (Warning: Output is always uppercase.)
  • Hex editor.
    • https://hexed.it/
    • HxD (Windows).
    • Bless Hex Editor (Linux).
    • Cyberchef's "To Hexdump" (read-only).
  • File Identifier.
    • Cyberchef's "Detect File Type.”
    • "File" command.
    • https://mark0.net/onlinetrid.html
  • File scan database / history.
    • https://www.virustotal.com/
  • Hash Identifier.
    • https://www.onlinehashcrack.com/hash-identification.php
    • hash-identifier (Linux).
    • Cyberchef's "Analysis hash."
    • Cyberchef's "Magic" tool (encoding/encryption lookup/bruteforce).
  • Hash Lookup (Rainbow tables).
    • https://crackstation.net/
    • https://md5decrypt.net/
    • https://md5hashing.net/
    • https://hashtoolkit.com/
    • https://hashkiller.io/
    • https://www.virustotal.com/ (Files).
  • Password/hash cracking.
    • John the Ripper (Kali Linux).
    • Crunch (Custom wordlist generator).
    • office2john, zip2john, etc.
  • Hash computer/generator.
    • Powershell "Get-FileHash."
    • Linux "sum" (i.e. sha256sum, md5sum) utilities.
    • Cyberchef's Hashing tool series.
  • Packet sniffer/analyzer. Connection viewer. PCAP viewer/editor.
    • Network Miner.
    • Fiddler 4 (Windows).
    • System Internals TCPView (Windows).
    • netstat command (windows -bano/linux -tunap).
    • Wireshark
  • Memory Editor.
    • CheatEngine (Windows).
    • scanmem (Linux).
  • Python/C#/Java IDE.
    • .NET framework / python / Java JDK +
      • IDE
        • Visual Studio (Windows).
        • Notepad/Notepad++.
    • C#: https://www.tutorialspoint.com/compile_csharp_online.php
    • Python 2: https://www.tutorialspoint.com/execute_python_online.php
    • Java: https://www.tutorialspoint.com/compile_java_online.php
  • Decompilers
    • C#
      • dnSpy (Windows).
      • ILSpy (Windows. Linux/MAC forks available.).
    • Python
      • Easy Python Decompiler (Windows).
      • Uncompyle (Linux).
      • https://python-decompiler.com/
      • http://www.decompiler.com/
    • Java
      • http://www.decompiler.com/
      • http://www.javadecompilers.com/
      • JD-GUI (Windows/MAC/Linux).
  • Archive manager
    • 7-zip (Windows).
    • https://sourceforge.net/projects/p7zip/ (cmdline, Linux).
  • File Resource Viewer
    • Resource Hacker (Windows).
  • Document viewer (.doc/.docx).
    • Microsoft Word.
    • Google Doc
    • Notepad
  • Image EXIF extractor
    • Cyberchef "Extract EXIF."
    • http://exif.regex.info
  • Command Prompt, Powershell, Linux Terminal.

 

  • Kali Linux is a free open-source version of Linux used by cyber security professionals for cyber testing. Kali will have many of the tools you may need already installed.