HackQuest over ?! HackQuest continues!

Ante scriptum

Until January 20, 2012, anyone can test their strength in the assessment of security, search and exploitation of vulnerabilities, reversing and just hacking. Registration and connection information is available at: http://phday.ru/smt.asp?gnum=1 (rus) and http://phday.com/smt.asp?gnum=1 (eng).

Join and compile!

Scriptum
')
On December 26, the PHDays CTF Quals and PHDays CTF Afterpaty information security competitions ended. The CTF Quals team competitions were held according to the rules of task-based CTF and allowed us to identify the finalists who will take part in the in-person tour on May 30-31, 2012 at the Positive Hack Days forum. The solo battle gave us the opportunity to find the most powerful hackers who will have the opportunity to take part in PHDays, as well as become owners of valuable prizes from the organizer of the competition - the company Positive Technologies, including the legendary security scanner XSpider 7.8 . In the heat of battle, the participants not only found all the vulnerabilities that we had laid, but also found at least one zero-day (0-day) vulnerability : mPDF <= 5.3 File Disclosure .

First of all, some facts.

• 45 teams and over 250 hackers took an active part in the competition. Specialists from 20 countries actively fought for the victory, including Russia, the USA, Japan, Ukraine, the Netherlands, France, South Korea, Tunisia, Germany, Switzerland, Kenya, Canada, Peru and the UK.

• The gaming infrastructure contains 17 servers and applications containing more than 40 tasks.
• The competition was based on the infrastructure and legend of Positive Hack Days CTF 2011 .
• Only one of the participants managed to solve all the problems and score 100 points.
• Based on the results of the competition, 12 best CTF teams from all over the world were selected.
• Part of the tasks was solved using “zero-day” vulnerabilities (0-day), which the organizers had no idea about.

PHDays CTF Quals

Competitions were held on December 10 (10.00 Moscow time) - December 11 (18.00 Moscow time). The rdot.org team from St. Petersburg rightfully got the first place, which took the lead at the very beginning of the competition and did not give the rivals even the slightest chance of winning.
For those who did not follow online, the battle was serious. It was especially hot at 2-3 places, where Petersburg leetmore and eindbazen from the Netherlands clashed. The second place passed from hand to hand several times. And only in the last half hour did the guys from the Netherlands seriously outperform St. Petersburg people and secure silver.
The situation in the top ten was constantly changing. At one time, MachoMan from South Korea held good positions, for which we actively supported. But during the game, they were ousted to 12th place by the Russian teams. They harnessed for a long time, but the HackerDom teams from Ekaterinburg and int3pids from Spain (for some reason, registered as representatives of Afghanistan) rode quickly. The first half of the game HackerDom seriously lagged behind the leaders, and we have already begun to worry about the leading figures of the Russian CTF. But gathering their strength, the teams took the most difficult flags and firmly held in the prize-winners. As a result, int3pids ranked 4th, and Hackerdom - 5th. It should be noted that the 5th place was not easy for Ekaterinburg. For the last few hours, the 0daysober team from France, whose name for some reason evokes thoughts of garage rock and something distant and sad, has been going nostrils to their nostrils. They asked Google, everything fits together ( g sober song noir desir ). The guys fought literally for every ball. 15 minutes before the end of the competition HackerDom overtook 0daysober by one point and, despite the efforts of the French team, took the 5th place with a minimum margin of 0.5 point.
Unfortunately, our colleagues from the USA, Japan, Tunisia, Germany, Switzerland, Kenya, Canada, Peru and the UK failed to enter the top ten. We believe everything ahead.
In total, 72 teams registered in the competition from all over the world. Of these, 45 took an active part in the Battle of the Monolith and managed to "soak the bill."
It's funny, but the big difficulties for the teams caused hacking of Windows 98. Apparently, the time has come when this operating system can be considered one of the most secure.




I would like to mention the teams Antichat Team, [censored], ufologist, Shine (Russia), Big-daddy, ensib (France), MachoMan (South Korea), Nullarea Tunisian Team (Tunisia) and takeshix (Germany), which, although not occupied prizes, but bravely fought for the victory and helped make the game dynamic and exciting. But in the end, the winners are the following teams:



According to the results of the qualifiers and the draw, the following teams entered the PHDays CTF final:

• 0daysober, Switzerland
• BIOS, India
• CoP, France
• eindbazen, Netherlands
• FluxFingers, Germany
• HackerDom, Russia
• int3pids, Spain
• IV, Russia
• leetmore, Russia
• Plaid Parliament of Pwning, USA
• Shell-storm, France / Switzerland
• HNG48, Japan

The final rating of participants is available here . To the legitimate question “where is rdot.org?” We will answer: the guys are tired of playing CTF, now they will do it. What is the corresponding entry on the team forum.

PHDays CTF Afterpaty

PHDays CTF Afterpaty competitions were held December 12 - 25, 2011 according to the HackQuest rules. Leadership held for a long time BlackFan, but closer to the end of the competition in the first place broke kyprizel from Kazakhstan. It was he who was the first and only one who managed to score 100 points and become the winner of the competition. As a prize, kyprizel will receive the latest version of the legendary security scanner XSpider 7.8 and an invitation to the international forum Positive Hack Days 2012 as a participant. The rest of the winners (and these are the participants who took 2-17 places on December 25) will receive diplomas and gifts from the organizer of the competition - the company Positive Technologies.
According to the winner: “ PHDays CTF Quals has many tasks from everyday life, which of course distinguishes these competitions from other CTFs. Again, the presence of a virtual infrastructure is objectively a plus; no one else does this. But, on the other hand, this nearness to reality brings a certain confusion. In general, the level of preparation of tasks was normal, most of them turned out to be very logical . " Read the full interview with kyprizel and other members on our blog in early 2012.
The top ten included:

• kyprizel, Kazakhstan
• BlackFan, Russia
• BECHED ahack.ru, Russia
• Dumbass, Russia
• AlpHaNiX, Tunisia
• ColdFire, Tunisia
• snowytoxa, Russia
• AVictor, Russia
• flak, Russia
• zigma, tunisia

Current rating of participants is available here . Dmitry Evteev , PHDays CTF Overlord, commented on the results of the competition in such a way: “ It is very pleasant that almost all the tasks were solved according to the results of the CTF Afterparty! Of course, there were as many as 2 weeks at the disposal of the participants, in contrast to the in-person Positive Hack Days CTF / Freestyler competitions that took place in one day. In any case, in 2012 we will offer more assignments, both in qualitative and quantitative terms . "
What does it mean? And we do not yet know to the end.



Post Scriptum

Thanks to the participants in the network are now available many tips on solving tasks. We hurry to share. List of tasks and flags:
https://docs.google.com/spreadsheet/pub?hl=en_US&hl=en_US&key=0AjjF4v_8WA78dC1UMFBqZ2RYZUVUVU11ZXVMVkQwMFE&output=html

Job Descriptions:
http://eindbazen.net/?p=293
http://eindbazen.net/?p=308
http://eindbazen.net/?p=316
http://z4d.tuxfamily.org/blog/archives/86
http://x86overflow.blogspot.com/2011/05/phdays-ctf-ndevice-partial-writeup.html
http://redsecure.ru/blog/positive-hack-days-ctf-.2-walkthrough
Twitter hashtag: #phdays - a lot of interesting things are flying there!

Thanks to all participants!