The Office of the Under Secretary of Defense for Research and Engineering (OUSD R&E) inspired by DARPA’s Cyber Grand Challenge is kicking off a series of challenges to tackle some of the hardest shared challenges public, private and academic sectors face via “micro-challenges”. The goals of these “micro-challenges” are to produce a community contributed set of forensic tools or unique data sets that can be transitioned back into one’s day job, academic research, etc…
The next event is Battle of The Bots, and will be hosted at DEF CON, August 10th through 13th, 2023. Have a question leading up to DEF CON? Join our Discord here. During the event we will be using the official DEF CON discord.
DEF CON Battle of The Bots is Live! Click here to join
Battle of The Bots (BOTB) is a reverse engineering and capability development competition where competitors are tasked with identifing and exploiting custom and known vulnerabilities in a variety of services. Competitors must then use the capabilities and exploits they have developed to gain access and pivot through branching networks that comprise a “map.”
Starting from the initial point of compromise, competitors will discover new vulnerable services as they uncover more of each map, along with the information necessary to locally recreate the services seen in the environment so that they can develop and test their exploits. Competitors will then take these exploits and incorporate them into a worm that can spread itself through a network, pwning new services and planting flags along the way. When they are confident their bots can successfully pwn the services, competitors can submit their worm to an upload portal, which will drop and unleash their worm onto an offline network where it can compromise the services running in the environment. Competitors score points as they solve new challenges and conquer each map.
Download the associated challenge files to solve the challenge locally. Our base Docker image contains numerous libraries to enable your success in this competition.
Identify the challenge hostname and associated port to pwn. The ports match whatever the challenge binary listens on locally.
Once your bot is good to go, submit it to init to start your chain of exploits!
Upon access to a new service, you need to spread your bot from the previous container. An example would be compromising
WOPR and then downloading your bot from the
init container via a Python simple http server.
Any data written to
/flags/flag.txt can be obtained post bot execution by downloading the zip file.
Do you miss the good ol’ days of hacking when everything was just text flying around the unencrypted web? Then Mainframe Madness is the map for you. Pwn everything from basic backdoors to telnet games to get your bot through the “mainframe”.
Modern services with modern tech-stacks, CVE City will test your ability to write you own POCs for basic CVEs and common exploitation techniques.
Spacepunk is a small but challenging map meant to test your pwning skills. Craft exploits and shellcode on custom binaries to hack your way through time!
Each team must build a bot to automatically exploit given services and then propagate onto the next host. The bot must be completely self-contained and work offline. The environment will include all the popular python libraries and useful command line utilities needed for the competition.
A list of what is installed can be found in the BOTB Base Image Repo.
Challenges span a variety of difficulty levels providing a great experience for novices and veterans to the field. We welcome new-comers to hangout onsite and engage with challenge developers and other competitors. If you are looking for a team and recommendations, reach out in Discord!
In person and Discord support is guaranteed daily throughout core DEF CON competition village hours. However, the environment will be up and running 24 hours a day for the duration of the conference for participants to solve challenges and work on their bots.
Sunday: 10AM –> *12PM (PDT)
A) Ensure that “#!/usr/bin/python3” is specified at the top of the file.
A) Teams can be up to 6 individuals.
A) Join our Discord here
A) BOTB staff will be sitting at the DEF CON competition village
A) Please let our judges know as soon as possible via a DM.