Squareroots and WizardsOfDos proudly announce the MRMCDCTF 2017, a jeopardy-style Capture the Flag event which will take place during the MRMCDs. It is designed for people of all skill levels, ranging from beginners to professionals.

What is a CTF?

See https://ctftime.org/ctf-wtf/. In short, it’s a computer security competition.

How does it work?

There is a set of challenges in different topics of IT-Security, available via a web interface. For solving this challenges, you get a short text string: the flag. If you enter this flag into the web interface, you get points.

Is this On-Site or Online?

This CTF is primarily for all vistors of the MRMCD event. It should be possible to take part even if you are not at the event, but if we experience too high load or malicious attacks on our infrastructure from the outside, we might be forced to throttle access for everyone not on the event.


We will use dynamic points for most challenges. Dynamic points will start at 500 at go down when the challenge gets more solves. You don’t have any advantage solving challenges earlier - if the value of a challenge you solved decreases, you will have less points, too.


  • No attacking the CTF Infrastructure or anything besides the challenges
  • No DDoS attacks.
  • No automated scanning
    • no dirbuster, nikto, etc
    • e.g. dont run sqlmap unless you are really sure it is an SQL challenge and you have the correct parameter
  • If you find any vulnerabilities that you think are not part of the challenge, please contact the ctf orga. You might get extra points for it.
  • In doubt, the ctf orga has the final say in all matters