HackQuest completed? HackQuest continues!

Ante Scriptum

Up to January 20, 2012, anyone can test their strength in the assessment of security, search and exploitation of vulnerabilities, reversing and just hacking.

Join and compile! 

Registration and information on how to connect is available at: 

http://phday.ru/smt.asp?gnum=1 (Rus)

http://phday.com/smt.asp?gnum=1 (Eng).

Scriptum

December 26 saw the end of the competition on information security, PHDays CTF Quals and PHDays CTF Afterparty. Team competition CTF Quals were held according to the rules of task-based CTF and allowed us to identify finalists who will participate in the face-to-face competition on May 30-31, 2012 in our forum Positive Hack Days. The individual contest revealed the most potent hackers, who will have the opportunity to participate in PHDays and will become owners of valuable prizes, including the legendary security scanner XSpider 7.8 from the organizer of the competition - the company Positive Technologies.

It is remarkable that during the competition the participants found at least one zero-day vulnerability (0-day): mPDF <= 5.3 File Disclosure.

First of all, a few facts

• 45 teams and more than 250 hackers were actively involved in the competition. Specialists from 20 countries, including Russia, the USA, Japan, Ukraine, the Netherlands, France, South Korea, Tunisia, Germany, Switzerland, Kenya, Canada, Peru and the UK actively fought for victory.

Places of origin of participants in PHDays CTF Quals

• In the game infrastructure there were 17 servers and applications containing more than 40 tasks.
• At the heart of the competition lay the infrastructure and legend of competition Positive Hack Days CTF 2011.
• Only one participant managed to solve all the problems and score 100 points.
• Through the results of the competition the best 12 teams at CTF from around the world were selected.
• Part of the tasks was completed with the use of vulnerability "zero day" (0-day), of which the organizers had no idea.

PHDays CTF Quals

Competitions were held on 10 December (10:00 Moscow time) - December 11 (18:00 Moscow time).
First place went rightfully to the team rdot.org  from St. Petersburg, which took the lead early in the competition and did not give their opponents even the slightest chance of winning.

For those who did not watch online - the battle was serious. It was especially hot for second and third places where St. Petersburg's leetmore and eindbazen from the Netherlands grappled with each other. The second place changed hands several times. Only in the last half hour did the guys from the Netherlands get seriously ahead of the Petersburg guys and secured the silver.

The situation in the top ten was in constant flux. At one time a good position was occupied by MachoMan from South Korea, who we really felt for as, during the game, they were pushed down to 12th by Russian teams. Also working hard and fast were the teams HackerDom from Ekaterinburg and int3pids from Spain (for some reason registered as coming from Afghanistan). The first half of the game saw HackerDom seriously lagging behind the leaders, and we were already beginning to worry about the front-runners of Russian CTF. But having gathered strength, the team took the most complicated flags and held on firmly to a prize-winning place. As a result int3pids took 4th place, and Hackerdom 5th. It should be noted that it was far from easy for Ekaterinburg to get the 5th place. The last few hours of head-to-head with them was the team 0daysober from France, whose name somehow evokes thoughts of garage rock and something remote and melancholy. When googled, it all fits (g sober song Noir Desir).

The guys literally fought for every point. 15 minutes before the end of the competition HackerDom passed ahead of 0daysober by one point and, despite the efforts of the French team, took 5th place with a minimal lead of 0.5 points.

Unfortunately, our colleagues from the USA, Japan, Tunisia, Germany, Switzerland, Kenya, Canada, Peru and the United Kingdom failed to enter the top ten. We believe that the future holds better for them.

A total of 72 teams registered for competitions in different parts of the world. Of these, 45 took an active part in the Battle of the Monolith and were able to "squeeze through."

Funnily enough, the teams had great difficulties cracking Windows 98. Apparently, the time has come for this operating system to be considered one of the best protected.

How to crack muzdie?

It should be noted teams Antichat Team, [censored], ufologist, Shine (Russia), Big-daddy, ensib (France), MachoMan (South Korea), Nullarea Tunisian Team (Tunisia) and takeshix (Germany), which, although they did not take prize-winning places, bravely fought for victory and helped to make the game dynamic and exciting.

The competition winners

According to the results of the qualifying competitions and the draw the following teams reached the final of PHDays CTF:

• 0daysober, Switzerland
• BIOS, India
• C.o.P, France
• eindbazen, the Netherlands
• FluxFingers, Germany
• HackerDom, Russia
• int3pids, Spain
• IV, Russia
• leetmore, Russia
• Plaid Parliament of Pwning, the USA
• Shell-storm, France/Switzerland
• HNG48, Japan

The final rating of participants is available at: http://phdays.com/ctf_quals_rating.asp.

To the legitimate question of "where's rdot.org?" we reply: the guys fed up with playing at CTF, they will now be doing it for real. There is an appropriate record of this in the forum of the team: https://rdot.org/forum/showpost.php?p=22734&postcount=17.

PHDays CTF Afterparty

The PHDays CTF Afterparty competitions were held between 12 and 25 December 2011 according to the rules of HackQuest. BlackFan kept the leadership for a long time, but towards the end of the competition kyprizel from Kazakhstan leaped ahead into first place. He was the first and only participant who managed to score 100 points in becoming the winner of the competition. As a prize, kyprizel will get the latest version of the legendary security scanner XSpider 7.8 and an invitation to participate in the international forum Positive Hack Days in 2012. The rest of the winners (and these are participants, who took 2-17 places on 25.12) receive diplomas and gifts from the organizer of the competition - the company Positive Technologies.

According to the winner: "In PHDays CTF Quals there are a lot of tasks, many day-to-day tasks, which of course distinguishes this competition from other CTF. Again, the presence of a virtual infrastructure is definitely a plus, no one else does this. But on the other hand, being this close to reality causes some confusion. In general, the level of task preparation was fine, and most of them turned out to be very logical. "

[For an interview with kyprizel, read our blog in early 2012]

The top ten were:

• kyprizel, Kazakhstan
• BlackFan, Russia
• BECHED ahack.ru, Russia
• Dumbass, Russia
• AlpHaNiX, Tunisia
• ColdFire, Tunisia
• snowytoxa, Russia
• AVictor, Russia
• flak, Russia
• zigma, Tunisia

The current rating of participants is available at the following address: http://phdays.ru/ctf_afterparty_rating.asp.

Dmitry Evteev, PHDays CTF Overlord, commented on the results of the competition: "I ​​am glad that according to the results of CTF Afterparty almost all the tasks have been solved! Of course, the participants had more than 2 weeks at their disposal, as opposed to the face-to-face competition Positive Hack Days CTF / Freestyler, which took place in one day. In any case, in 2012 we will offer more tasks, both qualitatively and quantitatively." 

What awaits the participants in PHDays CTF 2012?

Post Scriptum

Thanks to the participants, a set of clues about task solving is currently available on the Net. We're glad to share.

List of tasks and flags:

https://docs.google.com/spreadsheet/pub?hl=en_US&hl=en_US&key=0AjjF4v_8WA78dC1UMFBqZ2RYZUVUVU11ZXVMVkQwMFE&output=html

Descriptions of tasks:

http://eindbazen.net/?p=293 

http://eindbazen.net/?p=308 

http://eindbazen.net/?p=316 

http://z4d.tuxfamily.org/blog/archives/86 

http://x86overflow.blogspot.com/2011/05/phdays-ctf-ndevice-partial-writeup.html 

http://redsecure.ru/blog/positive-hack-days-ctf-.2-walkthrough 

http://kyprizel.net/ctf/public.zip

Twitter hashtag: #phdays – there are a lot of interesting things to be found there!

Thanks to all participants!