Twenty days have passed since Positive Hack Days 2012, an international forum on practical security, wished goodbye to the visitors, but the echo of the words is still heard around. In particular, it tells about the Online HackQuest competition, which was on throughout the forum days on May 30 and 31 and carried on for two more weeks.
Any Internet user could take part in HackQuest. The participants were granted an access to a VPN gateway. Once connected, they were to find target systems and detect vulnerabilities in them. By exploiting the vulnerabilities, participants obtained access to a key (flag) in the MD5 format, which they were to send to the jury via a special form on their personal profiles. For each correct flag participants scored a corresponding number of points. A participant who totaled 100 points earlier than others won the competition.
HackQuest vs CTF
Besides, on the second the Online HackQuest participants had a real chance to influence the results of one of the PHDays CTF 2012 competitions. The How To Protect Money section offered a competition called $natch. The competition consisted of several stages. At the first stage, hackers were to take out money from a remote banking system specially crafted for the competition. Then, it was the turn of the CTF teams to join the competition. They had 4 hours to fix the security of the system. Finally, the HackQuest participates were to attack the systems during 30 minutes trying to take out money from the bank accounts of the CTF teams (for details see our blog entry).