Thu, 20 Nov. 2014, 10:00 UTC — Sat, 22 Nov. 2014, 10:00 UTC 

On-line

CSCAMP CTF Quals event.

Format: Jeopardy Jeopardy

Official URL: http://www.cairosecuritycamp.com/ctf/

Future weight: 5.00 

Rating weight: 5.00 

Event organizers 


This is the 4th year for the CTF. over 130 teams joined last year, 10 of them participated in the finals including foreign teams.
The final round will be on 28,29 November in Egypt.
the registration link is http://cairosecuritycamp.com/ctf/ctf.php
Sponsored by MarvelServ http://marvelserv.com/ Organized by Bluekaizen http://bluekaizen.org/

Scoreboard

190 teams total

PlaceTeamCTF pointsRating points
1 FluxFingers 4140.00010.000
2 BalalaikaCr3w 4025.0007.361
3 dcua 3980.0006.473
4 Snatch The Root 3980.0006.057
5 Rdot.org 3750.0005.529
6 Spiderz 3680.0005.278
7 TheGoonies 3650.0005.122
8 Shellphish 3650.0005.033
9 Hardc0de 3500.0004.783
10 int3pids 3450.0004.667
11 BabyPhD 3450.0004.621
12 Verme 3350.0004.463
13 0x0 3040.0004.056
14 SUSlo.PAS 3000.0003.980
15 Hexpresso 2950.0003.896
16 StratumAuhuur 2900.0003.815
17 !SpamAndHex 2800.0003.676
18 PeterPEN 2700.0003.539
19 sec0d 2600.0003.403
20 mongo 2595.0003.384
21 Eindbazen 2400.0003.137
22 n00bCTF 2310.0003.017
23 EpicTeam 2300.0002.995
24 dodododo 2300.0002.986
25 BioHazard 2250.0002.917
26 Tasteless 2250.0002.910
27 Knightsec 2150.0002.782
28 AFiniteNumberOfMonkeys 2150.0002.775
29 Epic Leet Team 2150.0002.769
30 IPFactory 2000.0002.582
31 shik 2000.0002.577
32 NULL Life 1995.0002.566
33 Insanity 1950.0002.507
34 Dragon Sector 1800.0002.321
35 Dystopian Narwhals 1750.0002.256
36 NYUSEC 1750.0002.252
37 H4x0rPsch0rr 1740.0002.237
38 0ops 1700.0002.185
39 0x1337 1700.0002.181
40 BDwjLwrH 1650.0002.118
41 k 1600.0002.054
42 PizzaEaters 1600.0002.051
43 w3b0n3s 1600.0002.049
44 Zenk-Security 1550.0001.986
45 Honeypot 1550.0001.983
46 bono 1500.0001.920
47 Antanix 1500.0001.918
48 NULL Life 1400.0004.361
49 BananaExtreme1 1400.0001.793
50 Disgrace 1350.0001.730
51 squareroots 1350.0001.728
52 0x90.avi 1270.0001.630
53 nonbei 1250.0001.604
54 The Pacman's Army 1250.0001.602
55 Securimag 1210.0001.552
56 AsssassiNOPs 1200.0001.539
57 krebs 1150.0001.477
58 hf_c500 1150.0001.475
59 keva 1100.0001.413
60 Lights Out 1050.0001.351
61 B1ackTrac3 1050.0001.350
62 SGFk 1000.0001.288
63 WizzardsOfDos2 950.0001.227
64 ???†????????????????°???® 950.0001.225
65 CureSecure 950.0001.224
66 CTF-infinit 950.0001.223
67 PiggyBird 900.0001.162
68 b33p 900.0001.160
69 r3b00+ 900.0001.159
70 YOKARO-MON 900.0001.158
71 asd123 850.0001.097
72 hackzogtum 850.0001.096
73 InSecurity 830.0001.071
74 GoBack 810.0001.046
75 BCS 800.0001.033
76 Somerset Chemist 800.0001.032
77 rm -rf [enter] 800.0001.031
78 gtpp 750.0000.970
79 MonkeyFuckers 750.0000.969
80 OpenToAll 750.0000.968
81 bate5a 700.0000.907
82 Hopjesvla 700.0000.906
83 DefHackto 700.0000.906
84 NoWaySecurity 650.0000.845
85 Raulhc 650.0000.844
86 penthackon 650.0000.843
87 criple_ripper 650.0000.842
88 Andalusia 650.0000.842
89 b01lers 650.0000.841
90 w0pr 650.0000.841
91 CodeFocus 650.0000.840
92 REU 600.0000.779
93 overflowsec 600.0000.778
94 YaTaTeam 600.0000.778
95 hst.tw 600.0000.777
96 bi0s 550.0000.716
97 gufz 550.0000.716
98 BageJake 550.0000.715
99 dpnz 550.0000.715
100 4k70aw0 550.0000.714
101 ukk1337 550.0000.714
102 Plaid Parliament of Pwning 510.0000.665
103 Team Action Kaktus 500.0000.652
104 p03p0wn 500.0000.652
105 gd1_squad 500.0000.651
106 AzSecure 500.0000.651
107 truelit 500.0000.651
108 sherl0ck 480.0000.626
109 janesmith 450.0000.589
110 Maigel 450.0000.589
111 HeroesOfCanton 450.0000.589
112 OceanBreeze 450.0000.588
113 1up 450.0000.588
114 Zulu 400.0000.527
115 Bottom of the Bottle 400.0000.527
116 HacksInTheBox 400.0000.526
117 khoroto 400.0000.526
118 Johnnydepp 400.0000.525
119 agohiagrkhgf 350.0000.465
120 dududu 350.0000.464
121 AFTeam 350.0000.464
122 12358 350.0000.464
123 L1ght4Freedom 350.0000.463
124 WizardsOfDos 350.0000.463
125 我們中出了一個間諜 350.0000.463
126 Marc 350.0000.462
127 RooterX 350.0000.462
128 OnWiRe 300.0000.401
129 MrJ 300.0000.401
130 Pwnladin 300.0000.401
131 okudo3 300.0000.400
132 nothing 300.0000.400
133 holysolo 300.0000.400
134 2ks 300.0000.400
135 Bahned 300.0000.399
136 Taneda 300.0000.399
137 Sanity 300.0000.399
138 CoolTeam 300.0000.399
139 0x0x 300.0000.398
140 chuck14 300.0000.398
141 Shark Fins 300.0000.398
142 individual 300.0000.398
143 KQCQ 300.0000.397
144 DarkwingHack 300.0000.397
145 Noobs1337 300.0000.397
146 aPairOfReversers 300.0000.397
147 Caspian 300.0000.396
148 XVHHV 250.0000.336
149 The DHARMA Initiativ 250.0000.335
150 EskaTeam 250.0000.335
151 h1dd3ntru7h 250.0000.335
152 electrojustin 200.0000.274
153 dekhi 200.0000.274
154 totom 200.0000.274
155 scryptos 200.0000.274
156 xnosuchteam 200.0000.274
157 Dox 200.0000.273
158 loltn 200.0000.273
159 GGININDER 200.0000.273
160 Pwnffman 200.0000.273
161 SanityHero 200.0000.273
162 NoTeam 200.0000.272
163 m@ttone 200.0000.272
164 Black Technology Royal 200.0000.272
165 JITSheepSpraying 200.0000.272
166 achn30 200.0000.272
167 rsync 200.0000.271
168 MisterJunk 200.0000.271
169 MMA 150.0000.211
170 101 150.0000.211
171 Syr 150.0000.210
172 CDQ 150.0000.210
173 WhiteHammer 150.0000.210
174 Testador 150.0000.210
175 mau5 150.0000.210
176 DevilBat 100.0000.149
177 Vincent 100.0000.149
178 SIGINT 100.0000.149
179 JKS 100.0000.149
180 +1 ironwood branch 100.0000.149
181 dali mrabet 100.0000.148
182 stuff 100.0000.148
183 CDCM 100.0000.148
184 0-team 100.0000.148
185 mrx 100.0000.148
186 OPT 100.0000.148
187 thitcho 100.0000.148
188 alanlei 100.0000.147
189 Hawks 100.0000.147
190 xxx 100.0000.074
n0n3m4 – Nov. 22, 2014, 1:43 p.m.

A lot of guessing in crypto combined with the flag limit of 20 is such a nice combination. Not surprised that this CTF worths 5 points.


n0n3m4 – Nov. 22, 2014, 1:48 p.m.

P.S. But as for me, I'd give it zero, since it doesn't even have a strict flag format, but has strict "anti-bruteforce" rules.


dwj – Nov. 22, 2014, 4:37 p.m.

Was broken for a decent time at the start, challenges just randomly appeared midway through, other challenges were edited mid-competition.


KT. – Nov. 22, 2014, 5:43 p.m.

First two teams who solve challs got +20%, +10% points, but challs are randomly appearing without prior warning, so if you are in the good timezone then you got the points probably.


BECHED – Nov. 22, 2014, 8:09 p.m.

One of the worst-organised ctfs with untested tasks, poor scoreboard and unexpected rules (like banning and -10 for several attempts or like huge bonuses for top2).


0xAli – Nov. 23, 2014, 4:54 a.m.

@BECHED: I admit we are not the best CTF we are just a bunch of volunteers trying to bring the game we love to the only security conference in Egypt.
But we tested the tasks in the limited time we had.
And the scoreboard was fine It just didn't have the proper code to sort by time at first, and that was fixed.
If you bothered to click the link that says "Rules" on the navbar you'd have seen the "unexpected" rules. Rule #2 and Rule #5
The bonus is there to give people a motive to finish faster and break the tie.
You seemed to be happy with the rule when it served you but now you are acting sour because someone beat you to one challenge?

And this is not a bruteforcing competition, you are not supposed to brute force the submission form, you are supposed to get the flag and submit it.
"Several attempts"? Do you call 51 bad submissions "several", i call that "a lot"... Plus you created 4 teams and users just to bypass the limit and keep bruteforcing..
If we allowed unlimited attempts the server wouldn't be able to handle all that traffic where people keep running automated tools to attack the server.

BTW one of your team threatened to create a script that change a user/pass and ruin the competition for others and demanded certain points.. i guess half of that is our fault for allowing it.. but next year you will find we edited rule #4, if you ruin the challenge for others you will be disqualified.

You are exaggerating an you are not fair with the generalization. but you (And others) do have a point though,
I promise we will have better challenges, better platform, better rules, better collaboration. and we will be better prepared for foul play.


wh01sh3 – Nov. 23, 2014, 8:20 a.m.

Please write up the first web task


nu11 – Nov. 23, 2014, 10:34 a.m.

@Антон Прохоров
Crypto has nothing to do with guessing
I've seen a lot of people solving it using the right way
it was RC4 with know IVs as in WEP
you could have used F.M.S attack or Klein attack to solve it
and you can add me to talk more about the challenge if you like to
Regards,


BECHED – Nov. 23, 2014, 11:01 a.m.

@Mohab , it's not an offense, I just told my opinion. I understand that you had a limited time, but it's not an excuse ;) Generally the tasks were interesting, but not well organised.
Bonus is ok regardless of our result, I just tell you that 20%-10% bonus system is strange. Usually it's like + 3-2-1 pts, not so huge. You made a game disbalanced with such huge bonuses.
o_O I haven't heard of someone trying to threaten you, probably it was not our team.


0xAli – Nov. 23, 2014, 11:51 a.m.

@BECHED: You are absolutely right that's not excuse, it should've been done better. And next time it WILL be better for sure, someone gave us a CTF-guide but it was too late. We are looking to improve and we welcome all comments. And BTW you are the first one who commented about the bonuses, and we will discuss the bonus thing, and we will change it if we agreed it's unfair. I hope you enjoyed it even for a little bit, i hope you come back next year and i promise it will be better and we will consider all comments to make you have as much fun as we had writing the the challenges.


0xAli – Nov. 23, 2014, 11:55 a.m.

@Антон Прохоров: Someone wrote it https://github.com/S42X/CTF/wiki/CSCAMP_Web300


rEa – Nov. 23, 2014, 2:26 p.m.

@mohamed please update dashboard in ctftime


Inver – Nov. 23, 2014, 2:54 p.m.

@Антон Прохоров please give me your twitter account or facebook account's name.


TheZakMan – Nov. 23, 2014, 10:47 p.m.

why there is a note "missing the scoreboard" ?


wh01sh3 – Nov. 24, 2014, 5:24 a.m.

@Inver https://www.facebook.com/betrayer65536


amon – Nov. 24, 2014, 11:42 a.m.

I thought the challenges were pretty well designed (except for the implementation of the environment of exp1 that one had so many people trolling :P). Even though there were the points deduction and banning rules at the start, these were rectified by the organisers quite quickly to be a little more acceptable and the points returned to the teams. Only problem with some of the challenges were that there wasn't a well-defined flag format and some of the flags were very vague.

Otherwise, I think it was a good CTF with a lot of support from the organisers during the event.


.... – Sept. 20, 2015, 4:15 p.m.

what is the flag for Eric Liang? I am a desperate man. flag{} flag{ } flag{ } csaw ctf