saarctf-2025

Services from saarctf-2025.

Building services

Enter a service directory and use docker compose, e.g.:

cd "BlockRope"
docker compose up --build -d

Prepare checker environment

In the root directory, run:

python3 -m venv venv
. venv/bin/activate
pip install -r requirements.txt

Running checkers

Every service comes with a checkers directory, which contains a python-script named after the service. Running this script should place three flags in the service and try to retrieve them subsequently. Caveat: Make sure the gamelib is in the PYTHONPATH, e.g.:

cd "BlockRope/checkers/"
PYTHONPATH=.. python3 interface.py [<ip>]

Checkers require a Redis instance to store information between ticks. If you don't have redis installed locally, use the environment variables REDIS_HOST and REDIS_DB to configure one.

Flag IDs and exploits

The script get_flag_ids.py prints you the flag ids used to store the demo flags.

Each service comes with demo exploits to show the vulnerability. To run an exploit: python3 exploit_file.py <ip> [<flag-id>]

Services

• BlockRope | Exploits
• Calendar | Exploits
• Licenser | Exploits
• RCEaaS | Exploits | Writeup
• Routerploit | Exploits
• SaarLandCryptoGalore | Exploits
• SSSG | Exploits
• No-Service | Exploits