CUHK Cybersecurity CTF Competition 2025 香港中文大學網路安全奪旗賽2025

# CUHK Cybersecurity CTF Competition 2025 香港中文大學網路安全奪旗賽2025 ## Eilgibilty 參賽資格 1. Each team should include a maximum of 4 team members (i.e. 1 – 4 members). 每隊最多4名隊員（即1-4名成員）。 2. Unlimited teams per school. 每間學校的隊伍數量不限。 3. For the Secondary School Division, all members of the team must be studying at the SAME secondary school at the time of the competition. 中學組的所有隊員在比賽時必須就讀同一所中學。 4. For the CUHK Division, all members of the team must be CUHK undergraduate students under any major programme at the time of the competition. 中大組的所有隊員在比賽時必須為香港中文大學本科生（主修課程不限）。 5. For Guest Division, all teams are only eiligible for a Certificate of Participation, and not for other prizes. 邀請組的所有隊伍僅可獲得參與證書，無權獲得其他獎項。 6. Each team and each participant can only join one of the division. 每隊及每位參賽者只能參加一個組別。 7. Each team can have a self-proposed team name, or let the organizers assign the team name for the team. All self-proposed team names should not contain any sexual, violent, inappropriate, or political content. The organizers reserve the right of change the team name at any time without prior notice if it is deemed inappropriate or in violation of any rules. 每隊可自行擬定隊名，或由主辦單位指定隊名。所有自行擬定的隊名不得包含任何性、暴力、不當或政治內容。如有任何不妥或違反任何規則，主辦單位保留隨時更改隊名的權利，恕不另行通知。 ## Competition Rules 比賽規則 1. If any issues occur during the Contest, participants shall report them to the Organizers immediately. 比賽期間如出現任何問題，參賽者應立即向主辦單位報告。 2. Do not attack the CTF platform, including but not limited to: 禁止攻擊比賽平台，包括但不限於： - Modifying the scoreboard 修改記分板； - Generating excessive load 造成過載； - Bruteforcing flag submissions 過於頻密地提交旗幟； - Launching any type of denial-of-service attack 發動任何類型的阻斷服務攻擊； - Attack any machine or service other than those designated for the challenges 攻擊除挑戰指定設備或服務以外的任何設備或服務； - Any other types of activities deemed to be harmful to the organizers, the competition, or any contestants 任何其他被認為對主辦單位、比賽或任何參賽者有害的活動。 3. Social engineering attack of any kind is not allowed. 禁止任何形式的社交工程攻擊。 4. Physical security attack of any kind is not allowed. 禁止任何形式的實體安全攻擊。 5. Do not cheat or interrupt the Contest, including but not limited to: 禁止作弊或干擾比賽，包括但不限於： - Share flags 分享旗幟； - Ask for flags 索取旗幟； - Delete flags 刪除旗幟； - Intentionally prevent other teams from submitting flags 故意阻止其他隊伍提交旗幟； - Sharing account credentials across different teams 在不同隊伍之間共用帳戶憑證。 6. In the Discord chatroom: 在 Discord 聊天室中： - Do not send any message which contains violent, obscene or indecent content 請勿傳送任何包含暴力、猥褻或不雅內容的訊息； - Do not upload any file which infringes any copyrights and intellectual property rights 請勿上傳任何侵犯版權和智慧財產權的文件； - Do not upload links or files that may cause harm to any users or computers 請勿上傳可能對任何使用者或電腦造成損害的連結或檔案； 7. Do not share any content or details of the CTF challenges with anyone before the end of the contest. 比賽結束前，請勿與任何人分享比賽挑戰的任何內容或細節。 8. The use of Generative AI (such as ChatGPT, Poe) is allowed, however the Organizer will not responsible for any of the generated result and any legal consequences for using such technologies. 允許使用生成式人工智慧（例如 ChatGPT、Poe），但主辦單位對生成的結果及使用此類技術的任何法律後果概不負責。 9. The flag format for all challenges is `cuhk25ctf{[!-~]+}`, unless otherwise specified. 所有挑戰的旗幟格式均為 `cuhk25ctf{[!-~]+}`，除非另有說明。 10. Some challenges have penalties for incorrect flag submissions to prevent brute-force. Each time you submit an incorrect flag, you and your team will be unable to submit flag to that challenge for 15 minutes. However, penalties do not apply for the first 2 incorrect flag submissions. Note that this penalty is ***applied on a per-team basis***, not on a per-individual-participant basis. The attempt limit and penalty for incorrect answers may be applied simultaneously. 為防止暴力破解，部分挑戰會對提交錯誤旗幟進行懲罰。每次提交錯誤的旗幟後，您和您的團隊將在 15 分鐘內無法提交該挑戰的旗幟。不過，前兩次提交錯誤旗幟不會受到懲罰。請注意，***此懲罰以團隊為單位作計算***，而不是每位參與者獨立計算。嘗試次數限制和提交錯誤旗幟的懲罰可能會同時生效。 11. Some challenges will have a limit on the number of attempts for you and your team to solve them, once the attempt limit has been reached, you and your team will no longer be able to submit the flag for that particular challenge. For example, if you see `1/5 attempts` at the bottom of the challenge description, this indicates that the challenge has a limit of five attempts and your team has already used it once. Note that this limit is ***applied on a per-team basis***, not on a per-individual-participant basis. The attempt limit and penalty for incorrect answers may be applied simultaneously. 某些挑戰會限制您和您的團隊的嘗試次數。一旦達到嘗試次數上限，您和您的團隊將無法再提交該挑戰的旗幟。例如，如果您在挑戰描述底部看到 `1/5 attempts`，則表示該挑戰的嘗試次數限制為五次，並且您的團隊已使用過一次嘗試。請注意，***此限制是以團隊為單位作計算***，而不是每位參與者獨立計算。嘗試次數限制和提交錯誤旗幟的懲罰可能會同時生效。 12. Specific challenges may mention additional rules, terms and conditions in the challenge description. By participating in the competition, all members of each team must also abide by those mentioned rules, terms and conditions when attempting that challenge. 特定挑戰可能在挑戰描述中提及附加規則、條款和條件。參加比賽時，每隊所有成員在嘗試該挑戰時也必須遵守那些附加規則、條款和條件。 13. The top 5 teams with the highest scores in each division must submit an identity document of each of the team's members for identification verification purpose, and a proof of answer (write-up) for three challenges the team solved during the competition as selected by the organizers. The write-up and identity documents must be submitted before the deadline specified by the organizers. 每個組別得分最高的前五支隊伍必須提交每位隊員的身份證明文件用於身份核實，主辦方將選定每隊在比賽期間成功解答的挑戰中的其中三題，並要求隊伍提交該三題的答題證明（write-up）。答題證明和身分證明文件必須在主辦單位指定的截止日期前提交。 14. Any abuse or violation of the Competition Rules may result in disqualification from the competition. 任何濫用或違反比賽規則的行為都可能導致取消比賽資格。 15. The organizers reserve the right of final decision of any disputes. 如有任何爭議，主辦單位保留最終決定權。 ## Terms and Conditions 條款及細則 1. If there is any discrepancy between the Chinese and English versions of any document provided by the Organizer, the English version shall prevail. 如果主辦單位提供的任何文件在中文版本和英文版本之間有任何差異，均以英文版本為準。 2. All personal information will be kept by the organizers for 18 months after the competition ended, and will be destroyed and deleted afterwards. 主辦單位將在比賽結束後保留所有個人資料18個月，之後將被銷毀和刪除。 2. In circumstances beyond the control of the organizer where the advertised prizes cannot be provided, the organizer reserves the right to substitute the advertised prizes with other gifts of no less than equivalent value without further explanation or notice. 如遇主辦單位無法控制的情況，導致無法提供宣傳中標明的獎品，主辦單位有權以不低於同等價值的其他禮品代替宣傳中標明的獎品，恕不另行解釋或通知。 3. Photos may be taken at on-site events, and be published by the organizers, supporting orgaizations and sponsors. 活動現場可能拍攝照片，並由主辦單位、協辦機構和比賽贊助商發布。