advent calendar 2018

A technical advent calendar with CTF-like services where a new port opens every day.


Advent Calendar of Advanced Cyber Fun 2018

A CTF-like advent calendar that opens a port everyday, starting from port 1. The challenges incorporate different protocols and services ranging from ancient RFCs to bleeding edge technologies. Each port is meant to be solvable rather easily so that it doesn’t take too much time.

Generally, the services run in Docker containers. Each service has a Dockerfile and instructions in the respective how to use it. However, there are some exceptions for services that could not run in Docker containers. These include i.e. incompatibilities with Docker and SCTP or requirements for setting sysctl parameters and iptables rules on the host system. These run via systemd.

The 2018 edition of the advent calendar was hosted at The page contents are in the website directory.


Port Challenge Path
1 TCPMUX (RFC1078) service: Assigned TCP port 1 by IANA (RFC1700). tcpmux
2 XMASbleed (CVE-2014-0160): Heartbleed with christmas fun! xmasbleed
3 HTTPoSCTP: HTTP over SCTP, a poor man’s implementation of draft-natarajan-http-over-sctp-00.txt. sctphttp
4 KnockKnock: A webserver that is only accessible after knocking on TCP port sequence 42 23 16 15 8. knockknock
5 HTTPS with Client Certificate: Accessing the webserver requires a client certificate that includes christmas in the Common Name field. tlsclientcert
6 SERIAL Challenge. It is required to talk to two sockets. One read only and one write only. serial
7 XMASHTTP: A webserver that implements a special XMAS HTTP method xmashttp
8 TLS ChaCha: A HTTPS server that is only accessible with ChaCha20 based ciper suites. tlschacha
9 eBPF filter with magic keyword. C code will be provided. ebpf
10 .NET Remoting Server. pcap will be provided. remoting
11 PlainSSH: A patched OpenSSH server that only allows connections with “none” ciphers. Requires a patched OpenSSH client, maybe provide patch for OpenSSH v6.8. plainssh
12 TLS13: A HTTPS server that only supports TLSv1.3. tls13
13 TCPReserved: A service that is only accessible when the reserved bits in the TCP header are set. Similar to evil bit but on layer 4. reservedbits
14 XMASSSHHTTP: A TCP multiplexer port that runs HTTPS and SSH. xmassshhttp
15 A websocket Server which needs a specific input to print the success message websocket
16 ASMoverTCP: A service that prints byte code with arithmetic operations. assembly
17 TLS-SRP: A Nginx HTTPS server that only supports TLS-SRP with a weak password. tlssrp
18 Message Send Procotol 2: Python implementation of RFC1312. Users need to send a message to a specific user with a signature. Code for signature creation/checking will be provided. msp2
19 TCPImages: A challenge-response authentication that sends images with random codes. Clients have to send random code back in the same TCP session. tcpimages
20 XMASDoH: A DNS Queries over HTTPS (DoH) (RFC8484) server with a special xmas TXT record. xmasdoh
21 XMASQUIC: A simple QUIC server. xmasquic
22 Port Hunter: A servie that opens random TCP/UDP/SCTP ports. Clients have to follow each port to get the secret. porthunter
23 SSH Layer 2 VPN: Clients have to establish a ethernet tunnel via SSH and send a DHCP DISCOVER on the tap device. xmassshvpn
24 Merry XMAS: Obfuscated JavaScript that prints the secret, one char at a time. merryxmas

Development Setup

Create a development VM with pre-installed Docker:

vagrant up
vagrant ssh

Within the VM, you can build the Docker containers:

cd /vagrant/tcpmux
sudo docker build -t day01_tcpmux .
sudp docker run -d --restart=always -p 1:1 --name=day01 day01_tcpmux

The VM creates a second host-only interface by default, which should expose the services.