A Sharif University CTF event.
Official URL: http://ctf.sharif.edu/
The sixth annual Sharif CTF competition will be held on February 5th, 2016, 10:00 IRST and ran for 36 hours.
Each team could have a maximum of three members. One of the team members should represent the team as the team leader and all communications with respect to the CTF will be through the team leader.
2048 millibitcoins for first place
447 teams total
|Place||Team||CTF points||Rating points|
|12||More Smoked Leet Chicken||3700.000||25.434|
|14||Snatch The Root||3461.000||23.563|
|61||No Internet Access||1500.000||9.703|
|65||Capture the Swag||1461.000||9.430|
|85||Team Red Ace||1200.000||7.715|
|109||I Like Trains||900.000||5.798|
|114||11-Digit Prime Number||900.000||5.784|
|173||smoke leet everyday||500.000||3.245|
|267||The DHARMA Initiative||200.000||1.348|
|389||Kole and Associates||50.000||0.394|
So is this an online CTF or onsite ?
It is an online CTF.
Hey, someone registered your team (Invulnerable), what should we do?
is there any irc channel ?
No, But there is a Public Chat on the portal.
I could not register as I never got the confirmation email.
This was the first time I tried CTF thing and Sharif University CTF 2016 organizers have failed miserably! They failed to send me the the activation link.
I followed it up with them, and instead of sending me the activation link, they sent me the wrong login username and password. Then, when I followed it up with them again,
they told me I need to register again! I would have thought Sharif University CTF 2016 organizers would fully automate the CTF registration process, but it is obviously not the case.
Sorry for the inconvenience CapGrey.
Please check your email.
The organizers really put some effort into this CTF, well done! Great support system in place.
Challenges were overall well done with only minor (unintended) ambiguities. 5/5
After some terribe CTFs this year, this one was a nice change! :)
Interesting and challenging tasks, very responsive and helpful admins - everything was as it should be! :)
Wery nice challenges, very good work with cathegories!
Really enjoyed this CTF. Good challenges, good admins that responded quickly in PMs, cheat-proof challenges where each team get a different challenge URL with unique flags (i think) so no flag sharing. All in all, awesome! Didn't have any problems with bad peering either. Thank you for hosting this!
Good challenges. I regret not getting on here sooner! I would have planned my weekend around it, if I knew how awesome this challenge would be ^_^ Thank you. I did poorly due to only having 2 hours left and 1 person on my team. 5/5 stars. I wish the ratings went up to 10. This was an excellent challenge. WTG! Next year, could we see how many teams solved each challenge?
I have to agree with the positive opinion! Really well thought out CTF!
The challenges were described well enough, so it was never guessing.
There was a lot of them, so there was always something to do, even if you get stuck in one, you can try another to clear your head.
The whole system was well designed. Great idea with the extra points for first three teams and shared points.
I also liked that the flag not only hard a proper format, but also many of them were unique for the team, so that minimized the sharing for sure.
The scoreboard is nice and clear with pretty stats. One downside is that there's no json for it, but not many CTFs have it.
The chat was a nice addition as well, it could do with some polishing (timestamps, make the window bigger) but it was a nice addition.
You might want to consider open sourcing the CTF system, I could see it becoming a standard (maybe with some theme changes ;)
One more thing: I think this CTF definitely deserves to be worth at least 5 pts, it was really good difficulty and organization-wise.
I registered and never got a confirmation email. Couldn't even participate because of that!
This was a great CTF, Please give this one a rating next time :)
Great CTF! (Good quality, great learning effect!)
Great CTF, fun and educational challenges.
@zku: Thank you very much.
Your support keeps us on our toes!
We tried our bests to keep the challenges interesting, and motivate everyone by being as responsive as we could.
Your great comments are really appreciated. Thanks!
We are really happy that you liked it. Thanks a lot for participation!
Thanks a lot for everything. We tried our bests, and your comments show that it has paid off :)
Thank you very much. Hope to see you next time around the clock, and wish you the best of luck.
Your suggestion is really appreciated. We currently have a system that informs the contestants about basic statistics regarding each challenge/team. We hope to improve it for the next year to better satisfy your needs.
Thanks a lot for all your positive comments. We really appreciate them, as well as the 5-star rating :)
Regarding the suggestions about scoreboard JSON and chat design, I will notify the staff to see what we can do to improve it for the next year. Suggestions are always welcome!
Open-sourcing the system is a great suggestion I have never thought of before. We will discuss it internally, but I'm strongly positive about the idea.
We are so sorry about it. We did all we could, but sometimes the email systems do not behave as we want them to. We regret not to see you around. Hope that we have the chance next year. Sorry again!
Thanks a lot for your great comment, and the suggestion.
Juts for confirmation, do you mean we put up an online system for rating challenges?
Thank you very much. Your support is really appreciated, and keeps us going!
Many thanks for all your support. Hope to see you around next year, too!
@SharifCTF - i'll elaborate a bit more.
Bit of background - I'm from p4 team, and we finished CTF at 7th place.
When I praised your challenges I really meant it. Especially in comparsions to previous CTFs (HackIM and BreakIn) seeing some sane challenges, with real reversing and web was a relief.
1) Crypto - crypto challenges was practical and modern - just the kind everyone likes. Virtually zero guessing and obscure "you either know solution right away, or you never will" kind of problems. 10/10 here. By the way, I'll include tiny bit of self-promotion - I'm the one that managed to solve "Hail Zeus" challenge (our team is the only team that solved this task). Kudos to creator of that challenge, by far my favorite task in this CTF. And `The Russian Attack` looked like great challenge, unfortunatelly i didn't have enough time to solve it.
Summing category up, solid 10/10 from me.
2) Reverse - step down, but still solid. Well, at least everything was really reversing, unline HackIM and BreakIN. So first few challenges was almost too easy (but for 50/100 points that's fair, I guess). But then something happens, and you get challenges like HI, WinCC and Maze, that were quite a step up in difficulty. I wouldn't have anything against it, but most of the difficulty came from wrapping executables in off the shelf packers (VmProtect and AsPack, if I remember correctly) - cracking these is not very creative and bit boring (but that's just my opinion). 9/10 for first challenges and 7/10 for last ones from me.
3) Web - i shouldn't say anything, because our team almost finished with 0 points from web challenges (XSS somehow didn't worked for us, we forgot about php: exploit, we wrote solver for captchas but we ran out of time in the middle of cracking, and I solved web 400 in last minute). But objectively speaking, all tasks was real world and interesting, so I rate that category 9/10.
4) Pwn - I'm not pwner, but from what I heard from my teammates, pwn was not really about pwning. For example "sql" was typical web task. I don't know how to rate that category, but more real pwning (binary exploiting) next time, please.
5) Forensics - solid challenges, except that first few challenges was way too easy ("strings harif" giving flag away is a bit too easy even for 100p ;) ). But more difficult challenges were fun, so 8/10 or 9/10 from me.
6) Misc - last category. Secure coding was WAY overrated (i solved both challenges in less than 10 minutes. I'm mainly programmer so that's may be the reason, but still - hack by the sound required to write program 2 magnitudes more complex than secure coding 2, but was worth only 200p?). But first 3 challenges was interesting (especially impossible game, math ftw). Solid category, I can't complain about anything (except overrated seccoding, ofc). Another 9/10.
The only thing I *didn't* like about CTF was limitting team to 3 persons, I don't see why anyone would do that in offline CTFs.
Summing it up, great job and keep it up. I hope to participate next year too.
Excellent comments. They will be really useful for us, and guide us toward a better CTF next year. Thanks so much for putting so much for all your time and effort.
Regarding the "Hail Zeus" challenge: As you are the only team which solved this challenge, we invite you to send us your write-up. We will surely upload your write-up besides our, and it will be useful for other teams to compare and contrast them, so as we will all learn from this synergy.
Thanks a lot again.
No problem, that was the least i could do.
`Regarding the "Hail Zeus" challenge (...) we invite you to send us your write-up`: I already did! In fact, together with my team, we uploaded writeups for almost every challenge we did (@see team writeups at https://ctftime.org/team/5152). You can find that specific writeup from Zeus at https://github.com/p4-team/ctf/tree/master/2016-02-05-sharif/crypto_300_zeus (I hope I didn't overcomplicate solution too much).
Why this CTF rating weight was 0.0 and now 25.0? Weight should be fixed before the competition begins, that's not fair
Why there's a team being disqualified?
@xassiz it's a common situation with small/new CTFs that before the competition there is no way of knowing what kind of level it will have, so the score changes accordingly.
@Pharisaeus I understand, but this CTF has been celebrated since 2013
@☞ zǝuıʇɹɐɯ olqɐd ☜
Usually CTF ranks are not final and are subject to change after the CTF - in the direction of lower scores if it turns out to have multiple issues or to the higher end if it turns out better than expected.
From a teams perspective this is a little troublesome if you have to chose in which CTFs you want to take part in - e.g. you prefer to skip the ones rated 0-20 to have more energy for the ones rated 25-100, etc. But on the other hand, it is good that the rank is adjusted, as it's worth making good CTFs more meaningful for the ranking, and the more problematic (i.e. more random) ones less meaningful.
That being said, here's a trick I've learned in the past: If a rank looks off (e.g. 0), check the CTFs history.
- if it's the first edition and it's made by not really known crew, the rank will probably end up around 0-20
- if it's the first edition and it's made by a top20 team, it's probably going to end up 20-40
- if it's an Nth edition, and it's previous year had rank K, check the comments - good comments = more rank/same (K - K+20), bad comments = smaller rank (K-20 - K)
Last Sharif quals had 25 points, pool rating 3.6 (which is on the good, but not perfect side), and pretty responsive admins - so a rank of 25-30 was to be expected ;)
Also, when in doubt, ping CTFTime's admin - he's a great guy and responsive as well :)
@gynvael thank you for your time! I understand your tricks, but I think if last Sharif quals had 25 points, this year it should **start with 25** and then, if necessary, end up with more or less weight depending on poll rating :P
Actually I find the this ctf event really interesting and very very good
But I have a little request (if possible) I wish the organizers publish writeups for challenges with no writeups (specially the HI in re puzzles me I know nothing about vmprotect)
@☞ zǝuıʇɹɐɯ olqɐd ☜
I agree. Though it happens at times that CTFTime admin is busy with other things and is not able to setup the initial rank before the CTF. I'm not saying it's a perfect system, just pointing out that it is possible to predict that the rating might be adjusted ;)