Fri, 25 March 2016, 16:37 UTC — Sun, 27 March 2016, 16:37 UTC 

On-line

Pwn2Win CTF event.

Format: Jeopardy Jeopardy

Official URL: https://www.pwn2win.party/?lang=en

This event's weight is subject of public voting!

Future weight: 20.54 

Rating weight: 20.54 

Event organizers 


Brazilian Thematic CTF, organized by ELT members. Jeopardy, involving subjects like physics, eletronics and math, in addition to the traditional categories.

https://www.pwn2win.party/?lang=en

Twitter: twitter.com/eltctfbr
Facebook: facebook.com/capturetheflagbr
IRC: #tecland@freenode

Prizes

1º Place - 1100.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

2º Place - 700.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

3º Place - 400.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

Special Prize: 200.00 BRL converted to BTC for the first one to conclude the Attack Step.

(*) Converted to BTC by MercadoBitcoin rates at the working day just before the CTF opens.

The personalized certificates are just like "medals" from the event.

Scoreboard

521 teams total

PlaceTeamCTF pointsRating points
1 p4 2165.00041.080
2 Dragon Sector 1630.00025.734
3 scryptos 1600.00022.026
4 int3pids 1325.00017.706
5 !SpamAndHex 1195.00015.445
6 ASIS 1100.00013.859
7 217 1055.00012.943
8 TokyoWesterns 1015.00012.197
9 Hackiticos-UFCG 785.0009.730
10 Capture the Swag 780.0009.454
11 KITCTF 760.0009.078
12 jinmathbiya 725.0008.590
13 xil.se 710.0008.316
14 dcua 685.0007.966
15 IoC 655.0007.584
16 covart 620.0007.166
17 TheGoonies 610.0006.995
18 Bits For Everyone 545.0006.312
19 Just Hit the Core 535.0006.157
20 RooterX 530.0006.055
21 Portal Guns 530.0006.006
22 Pão de Batãta 495.0005.630
23 byeongsinofck 465.0005.305
24 DeliciousHorse 465.0005.267
25 Fluxion 465.0005.233
26 HackCat 425.0004.822
27 khack40 420.0004.745
28 GAROA HC 415.0004.671
29 Pwnelaide 415.0004.646
30 MV9rwGOf08 410.0004.574
31 MISTI-IPN 395.0004.410
32 0x90r00t 390.0004.342
33 La Compagnie Créole 370.0004.133
34 RTFM 355.0003.972
35 dodododo 355.0003.955
36 irGeeks 355.0003.939
37 Chapelaria 350.0003.876
38 Hackmethod 345.0003.814
39 Batman's Kitchen 340.0003.752
40 iSome 340.0003.739
41 K17 340.0003.727
42 OpenToAll 335.0003.667
43 hack.carleton 330.0003.608
44 9SOC 330.0003.598
45 hexfact0r 330.0003.587
46 deadcow 320.0003.482
47 Snatch The Root 300.0003.283
48 Hexpresso 300.0003.274
49 Samurai 295.0003.218
50 err0r-451 280.0003.067
51 PPG 280.0003.059
52 unicornsandrainbows 275.0003.004
53 smoke leet everyday 260.0002.854
54 FarmingSimulator2015Game.exe 250.0002.752
55 Mammon Machine 245.0002.698
56 HoT 245.0002.691
57 Blah Team 245.0002.685
58 cafecomleite 240.0002.631
59 cpaw 225.0002.483
60 Kr0n0s_T34m 220.0002.430
61 SucuriHC 220.0002.424
62 TheExploiter 220.0002.418
63 Raccoons 220.0002.413
64 Squirrel 215.0002.361
65 .ROTC 205.0002.261
66 jfhs 195.0002.161
67 F0rk3om3 195.0002.157
68 F0H 195.0002.152
69 Execut3 195.0002.148
70 PraetorianGs 190.0002.096
71 TigerTeam 180.0001.997
72 xSTF 180.0001.993
73 SecSegSet 180.0001.989
74 HackXore 180.0001.985
75 RSI 170.0001.887
76 Desec 170.0001.883
77 eipiplus1equals0 170.0001.880
78 Bl@ckWhite 170.0001.876
79 404team 170.0001.873
80 DFCI 170.0001.870
81 GRIS 170.0001.866
82 NIS 170.0001.863
83 UCCU 170.0001.860
84 Shellphish 165.0001.810
85 Kung Pao Chicken 160.0001.760
86 RingZer0 Team 155.0001.709
87 Raulhc 155.0001.707
88 REU 155.0001.704
89 SQN 150.0001.654
90 [OMA] 145.0001.604
91 Camaleão Sertanejo 145.0001.601
92 0x8BadF00d 145.0001.599
93 CaramelMacchiato 145.0001.597
94 core 145.0001.594
95 purple 145.0001.592
96 Inx 145.0001.590
97 Jeramy 140.0001.540
98 ISITDTU 140.0001.538
99 whop 130.0001.441
100 BigBang Hack Team 130.0001.439
101 NUSGreyhats 130.0001.437
102 Pr0x3n3745 130.0001.435
103 w1z4rds 130.0001.433
104 WackMC 130.0001.431
105 Plaid Parliament of Pwning 130.0001.429
106 uiuctf 130.0001.427
107 qqq 130.0001.425
108 TeamPy 130.0001.424
109 I'm not Freddie Mercury 130.0001.422
110 OPT 130.0001.420
111 CryptoCreature 125.0001.371
112 magemage114514 115.0001.274
113 Time Zero. 115.0001.273
114 joeasd 105.0001.176
115 Stack 105.0001.175
116 Djangos team 105.0001.173
117 Errei o botãp 105.0001.172
118 Cat-n-Fish 105.0001.170
119 okudo3 105.0001.169
120 P_TE 105.0001.167
121 0xdeadc0de 105.0001.166
122 sevensec 105.0001.165
123 Securimag 105.0001.163
124 Pun15h3r 105.0001.162
125 noraneco 95.0001.066
126 0xBU 95.0001.064
127 Jimmy Jam and the Hoagies 85.0000.968
128 astrodroids 85.0000.967
129 Cafelinux 85.0000.966
130 The DHARMA Initiative 85.0000.964
131 DjigIT 85.0000.963
132 Bl1nk 80.0000.915
133 WSU CSC 80.0000.913
134 xeksec 80.0000.912
135 Hawks 80.0000.911
136 StratumAuhuur 80.0000.910
137 Shikata ga nai 80.0000.909
138 RATM 75.0000.860
139 Pr0mptSt4rs 75.0000.859
140 tank1st99 75.0000.858
141 NeOLux-C1Ph3r 75.0000.857
142 hrkljus 65.0000.761
143 Northport C0d3 Br34k3rs 65.0000.760
144 n00bs 65.0000.759
145 11-Digit Prime Number 65.0000.758
146 BarneySec 65.0000.757
147 #Suicid3SQU@D 65.0000.756
148 g0tiu5a 65.0000.755
149 BITSkrieg 65.0000.755
150 Pcthon 65.0000.754
151 Team_SYN 65.0000.753
152 NCYU 65.0000.752
153 Zonda 65.0000.751
154 503 65.0000.750
155 GoldsNow 65.0000.749
156 taurus 65.0000.748
157 D@rk$h3ll 65.0000.748
158 #HKR-SSA# 65.0000.747
159 cimc 65.0000.746
160 CSI 65.0000.745
161 flamezzz 60.0000.697
162 RGSTeam 60.0000.696
163 icyrec 60.0000.695
164 hl3confirmed 60.0000.694
165 mbr 60.0000.694
166 w33t34m 60.0000.693
167 Binary Vikings 60.0000.692
168 Hacker Boys 55.0000.644
169 isitdtu2 55.0000.643
170 GinGin 55.0000.643
171 K4ff Team 50.0000.594
172 SemNometro 50.0000.594
173 kimiyuki 50.0000.593
174 goonsquad 50.0000.592
175 White Noise 50.0000.592
176 6969test 50.0000.591
177 br34dp1tt 45.0000.543
178 whoami 45.0000.542
179 7D51N5 45.0000.542
180 hAIXer 45.0000.541
181 vanhelsing 45.0000.540
182 Vampirebbs 45.0000.540
183 WFH 40.0000.492
184 BreakPoint 40.0000.491
185 ruchampsajaksra 40.0000.491
186 HackIME 40.0000.490
187 Hack4Fun 40.0000.489
188 InvisibleHats 40.0000.489
189 wolverines 40.0000.488
190 Up the Second 40.0000.488
191 splarcit 40.0000.487
192 c0bebabe 40.0000.486
193 SpringBreak 40.0000.486
194 [CBA]MT 40.0000.485
195 1up 40.0000.485
196 keywee 40.0000.484
197 Natalia 40.0000.484
198 CooCoo 40.0000.483
199 At Least We're Pretty 40.0000.483
200 BabyPhD 40.0000.482
201 NimbleNavigators 40.0000.482
202 GoAtk 35.0000.434
203 2mr 35.0000.433
204 Desiprox-Team 35.0000.433
205 wtfmehftw 35.0000.432
206 GNUnu 30.0000.384
207 s111 30.0000.384
208 cabrunco 30.0000.383
209 it's only smells 30.0000.383
210 rainbow_bash 30.0000.382
211 RedTeam 30.0000.382
212 Feijoada Team 30.0000.382
213 Hello Team Name 30.0000.381
214 GoBack 30.0000.381
215 ZionTeamX 30.0000.380
216 nguyen123abc 30.0000.380
217 ISITDTU22 30.0000.379
218 buscoequipo 30.0000.379
219 Renegado 30.0000.378
220 Shady Hats 30.0000.378
221 SADBOYS 30.0000.378
222 Valley of the Lone Wolves 30.0000.377
223 vr46 25.0000.329
224 ESU 20.0000.281
225 Desiprox 20.0000.281
226 WOLFPACK 20.0000.281
227 Random-123 20.0000.280
228 NocturnalCTF 20.0000.280
229 oOo 20.0000.279
230 HenryDark 20.0000.279
231 L337 Script Kiddies 20.0000.279
232 CYBER CRIPTOGRAFIA 20.0000.278
233 hanto 20.0000.278
234 WhatTheSheep 20.0000.278
235 deadmeat 20.0000.277
236 japan 20.0000.277
237 Hybrids of Steel 20.0000.276
238 SecSec 20.0000.276
239 H3RM1T 20.0000.276
240 xiphiasilver 20.0000.275
241 CUBA 20.0000.275
242 ZeroDegree 20.0000.275
243 Sonic_Rainboom 20.0000.274
244 justme 20.0000.274
245 Wolf_Pack 20.0000.274
246 GoDevils 20.0000.273
247 Azure Assassin Alliance 20.0000.273
248 CodeheadUK 20.0000.273
249 LoLTeam666 20.0000.272
250 Duck killer 20.0000.272
251 Hash 20.0000.272
252 jampasec 20.0000.271
253 dancago 10.0000.176
254 sh_vanGo 10.0000.176
255 5unKn0wn 10.0000.175
256 [FS6] 10.0000.175
257 eita! 10.0000.175
258 n00bsec 10.0000.174
259 TusanHomichi 10.0000.174
260 6223ec161d95b24de9d287f9363501a0 10.0000.174
261 f3n1x_ec 10.0000.174
262 SDSLabs 10.0000.173
263 Mao Sama 10.0000.173
264 MrS 10.0000.173
265 gtn_code 10.0000.172
266 006 10.0000.172
267 StrikeFish88 10.0000.172
268 cylarcy 10.0000.172
269 icanhazip 10.0000.171
270 Occupe 10.0000.171
271 praetorianguard 10.0000.171
272 Iron-Maiden 10.0000.170
273 th3jackers 10.0000.170
274 DOFE 10.0000.170
275 Yozakura 10.0000.170
276 Mx 10.0000.169
277 Balls 10.0000.169
278 oneup 10.0000.169
279 whoamiii 10.0000.168
280 op.rad 10.0000.168
281 Undocumented 10.0000.168
282 DiGIMON 10.0000.168
283 vovanbi94 10.0000.167
284 azneye 10.0000.167
285 233 10.0000.167
286 )#$#)#R#RKKKGV 10.0000.167
287 2nit 10.0000.166
288 hy00un 10.0000.166
289 Yacine101 10.0000.166
290 KINdred 10.0000.166
291 VTM 10.0000.165
292 Master Ironbar 10.0000.165
293 Yonk0 10.0000.165
294 Own the World 10.0000.165
295 mRt 10.0000.165
296 Movember 10.0000.164
297 Dokko 10.0000.164
298 N0_0p3rati0nS 10.0000.164
299 hem 10.0000.164
300 Phoenix Team 10.0000.163
301 GG 10.0000.163
302 Paki Tigers 10.0000.163
303 we are the 1% 10.0000.163
304 CTF-BR 10.0000.162
305 arizona 10.0000.162
306 dote 10.0000.162
307 New_guy 10.0000.162
308 Gibdeon 10.0000.162
309 Ascent 10.0000.161
310 Linux4TheWin 10.0000.161
311 efiens 10.0000.161
312 c0mas 10.0000.161
313 doratest 0.0000.000
314 yolos 0.0000.000
315 lets_try 0.0000.000
316 Tasteless 0.0000.000
317 CONAN REDSOLDIERS 0.0000.000
318 meutime 0.0000.000
319 hexfact0r 0.0003.587
320 1234 0.0000.000
321 Serjao Tean 0.0000.000
322 GCC 0.0000.000
323 clown 0.0000.000
324 ByteBandits 0.0000.000
325 XiaoMing 0.0000.000
326 synack 0.0000.000
327 RPISEC 0.0000.000
328 nuc13us 0.0000.000
329 j93 0.0000.000
330 noobs 0.0000.000
331 TheKillingTime 0.0000.000
332 kileak 0.0000.000
333 ByungShinOfCK 0.0000.000
334 cemalshukri 0.0000.000
335 citizen 0.0000.000
336 Root.Storm 0.0000.000
337 GoldyLock 0.0000.000
338 Iq tracking 0.0000.000
339 SUSlo.PAS 0.0000.000
340 TestPWN 0.0000.000
341 boroda 0.0000.000
342 Administrator 0.0000.000
343 ByteOfLatte 0.0000.000
344 BageJake 0.0000.000
345 ⁠⁠⁠LickTheCloud 0.0000.000
346 pwniz 0.0000.000
347 pwnizz 0.0000.000
348 pros 0.0000.000
349 H4x0rPsch0rr 0.0000.000
350 purean 0.0000.000
351 k0rt3V 0.0000.000
352 Byte 0.0000.000
353 scifi 0.0000.000
354 xxxx 0.0000.000
355 dpnz 0.0000.000
356 MeePwn 0.0000.000
357 RTFM 0.0003.972
358 Feeders_Unite 0.0000.000
359 M4sked Ph4ntom 0.0000.000
360 KXTI_t 0.0000.000
361 toto 0.0000.000
362 404 0.0000.000
363 ScienZiati 0.0000.000
364 toddy>nho 0.0000.000
365 b1zzy 0.0000.000
366 ARONA_TEAM 0.0000.000
367 Prato Pratoso 0.0000.000
368 the beatles 0.0000.000
369 7dsins 0.0000.000
370 p0W3rSh3ll 0.0000.000
371 NOSAFE 0.0000.000
372 darksouls 0.0000.000
373 dalbo 0.0000.000
374 H4CK3R5 0.0000.000
375 C@0S 0.0000.000
376 nvr 0.0000.000
377 LewisU 0.0000.000
378 black_crows 0.0000.000
379 PawPatrol 0.0000.000
380 social smoke 0.0000.000
381 Bladeism 0.0000.000
382 LORD5 0.0000.000
383 _18i81_ 0.0000.000
384 Richard Fawkes 0.0000.000
385 BattleBorn 0.0000.000
386 Allahu Akbar 0.0000.000
387 ShellCode 0.0000.000
388 SkolFlags 0.0000.000
389 Time assalt 0.0000.000
390 nop_these 0.0000.000
391 C4V31R4 T34M 0.0000.000
392 HJHSH 0.0000.000
393 The Bads 0.0000.000
394 Rhizomatic 0.0000.000
395 Kole and Associates 0.0000.000
396 mementomori 0.0000.000
397 OASIS 0.0000.000
398 @_@ 0.0000.000
399 So0o 0.0000.000
400 Ph3rr1s 0.0000.000
401 ensa morocco 0.0000.000
402 GRX 0.0000.000
403 MStwo 0.0000.000
404 Mone 0.0000.000
405 hellowar 0.0000.000
406 Verde 0.0000.000
407 Team01 0.0000.000
408 altecfour 0.0000.000
409 3squ4dr40 cl4ss3 β 0.0000.000
410 Dr_Fez 0.0000.000
411 hy00un 0.0000.166
412 kemmio 0.0000.000
413 matehackers 0.0000.000
414 iG 0.0000.000
415 WAtester 0.0000.000
416 tyleroar 0.0000.000
417 YanTayga 0.0000.000
418 Desiprox Team 0.0000.000
419 Internet Cafe Legends 0.0000.000
420 EC0BR4V0 0.0000.000
421 0xM3R 0.0000.000
422 Insane 0.0000.000
423 Lampião Hacker 0.0000.000
424 N4S4_C41U 0.0000.000
425 Bolt108 0.0000.000
426 JustSkidding 0.0000.000
427 Pereira Security Team 0.0000.000
428 Glidermed 0.0000.000
429 r3turn h4ck1ng; 0.0000.000
430 FundaoHUE 0.0000.000
431 _try 0.0000.000
432 not found 0.0000.000
433 Team Shinobi 0.0000.000
434 lesdudumaximo 0.0000.000
435 pipe solo 0.0000.000
436 0byte 0.0000.000
437 first try 0.0000.000
438 Baile de Favela 0.0000.000
439 crazy 0.0000.000
440 Saintz 0.0000.000
441 b0tch_sec 0.0000.000
442 loopback.br 0.0000.000
443 objEEdump 0.0000.000
444 Noor 0.0000.000
445 Snakes 0.0000.000
446 TCS 0.0000.000
447 Ar3a-55 0.0000.000
448 Delusions of Grandeur 0.0000.000
449 mollaa 0.0000.000
450 oqned 0.0000.000
451 NEED_MORE_PiNG 0.0000.000
452 anastiel 0.0000.000
453 Support_kva 0.0000.000
454 jackdaw 0.0000.000
455 S3R4P|-|1MDr3aM 0.0000.000
456 unichamps 0.0000.000
457 H4x0r's Aju 0.0000.000
458 TheFoxes 0.0000.000
459 ABNT 0.0000.000
460 cyberkastike 0.0000.000
461 DustLoiterers 0.0000.000
462 WTFBROS 0.0000.000
463 CMIC 0.0000.000
464 Arya 0.0000.000
465 Knightsec 0.0000.000
466 David Manouchehri 0.0000.000
467 +Security 0.0000.000
468 Black Space 0.0000.000
469 AsssassiNOPs 0.0000.000
470 Dancing Simpletons 0.0000.000
471 b01lers 0.0000.000
472 French Toast Mafia 0.0000.000
473 KasaBR 0.0000.000
474 no123 0.0000.000
475 Dial 5 0.0000.000
476 BugZrU 0.0000.000
477 AllTheBits 0.0000.000
478 asd 0.0000.000
479 Tribu 0.0000.000
480 autolycos 0.0000.000
481 7HxzZ 0.0000.000
482 NullByte 0.0000.000
483 Kesatria Garuda 0.0000.000
484 Jockers 0.0000.000
485 IS☢LA 0.0000.000
486 ARGOS 0.0000.000
487 KXTI_5 0.0000.000
488 marco's 0.0000.000
489 participe_ctf 0.0000.000
490 chomuX 0.0000.000
491 nine_inch_males 0.0000.000
492 redalert 0.0000.000
493 wil0la 0.0000.000
494 Bring On The Fyre 0.0000.000
495 undefined 0.0000.000
496 cazador 0.0000.000
497 Team SYN 0.0000.000
498 vnn 0.0000.000
499 A 0.0000.000
500 sczi 0.0000.000
501 T224 0.0000.000
502 BlackSpace 0.0000.000
503 PPPP 0.0000.000
504 HackigPPP 0.0000.000
505 yakinikyuu 0.0000.000
506 crackatoa 0.0000.000
507 hAIXer 0.0000.541
508 Tokist 0.0000.000
509 grow 0.0000.000
510 qcu 0.0000.000
511 jason 0.0000.000
512 KXTI_11111 0.0000.000
513 CLGT 0.0000.000
514 0x90 0.0000.000
515 0x90@dayrep.com 0.0000.000
516 loogie_team 0.0000.000
517 zzoru 0.0000.000
518 stlsec 0.0000.000
519 FS6 0.0000.000
520 gnashsec 0.0000.000
521 TecLand Core -1000.0000.000
simonvik – March 25, 2016, 11:03 a.m.

The countdown on your site does not handle different TZ very well :)


Pharisaeus – March 28, 2016, 10:52 p.m.

I though that this whole CTF thing is to have fun and learn something but apparently some people (like @solarwind from dcua) take this a bit too seriously, and try to help their team by abusing the new score voting system. They won Volga so Volga score to max, they didn't do so well on Pwn2Win? Score to min. Great logic guys, very mature of you! It seems some people need to grow up a bit to be given that kind of "power".

I guess the idea of voting was there to help fixing appropriate score for the CTF using post-ctf feedback, but some teams apparently need to abuse this to help their team get better position in ctftime ranking. My advice: "try harder" during the CTF, and you won't need to cheat by downvoting CTFs you didn't win.


solarwind – March 29, 2016, 7:52 p.m.

Pharisaeus, if you think anyone should vote in the way you want it -- you are wrong. Current voting system is made for everyone have a voice, and all voices are equal. Why I voted that way I clearly stated in comment.
You can vote in a way you want. If you don't agree with me -- vote different score.
To everyone who think that can shut up others or force them to obey by insulting or assaulting them -- that is not working here. We have rights for free speech and equality, and will use them anytime we want.


KT. – March 29, 2016, 7:57 p.m.

Dear Pwn2Win organizers and other newly registered users on the voting page: your votes worth nothing, because only last year's TOP50 teams' vote count.

Your CTF was not good at all. I am saying this after we finished #5 on your CTF and we were #5 on CTFtime last year. I also personally played on ~70-80 CTFs (and on multiple prestigious finals) so I think I can say I / we have some CTF experience.

What you are doing here is a disgrace to the CTF scene. I mean: smearing dcua's name? Really? Please go and do a reality check. You are talking about the current leader team on CTFtime... Also you are upvoting your own CTF on the voting. That looks legit to you?

Your challenges were boring, no innovation whatsoever and almost every challenge were stego-like "Find out what we thought". The crypto challenge did not even responded if I send in a newline character (and you said it was intentional). A lot of challenge had nothing to do with real security.

Next time please make less challenges (nobody wants to solve ~80 of them) but make them better. Play on other CTFs and learn how a good challenge look like. Quality before quantity please.


Pharisaeus – March 29, 2016, 8:47 p.m.

@KT read the rules -> "Team members of last years top 50 and teams scored > 0 points can vote". This means any votes from the participating teams count, not only from the "top teams". I don't think teams who can't vote can even enter the "poll", so any votes there count. I guess the organisers exaggerated there and went out of place attacking dcua, but at the same time they must have invested a lot of effort into this (with good results!) so it's understandable to get angry when someone votes you to 1 (because they didn't win, since they focused on a different CTFs at the same time...)

@solarwind I understand that everyone has a vote, and I'm ok with that. I just naively thought that we're all adults here and will use the votes to set proper score for mis-graded competitions. And you voted this CTF at 5 and then 1 point, which means lower than HackIM or BreakIn which were 5, while it was on entirely different level. So now I'm not sure if we played a different CTF, or maybe you simply want to lower the points awarded to the teams that were higher than you... Anyway, it's your vote, you can do whatever you want with it.

As for the accusation that the CTF had some non-security oriented tasks -> it was clearly written from the beginning. There were 2 more CTFs going on at the same time so anyone could have picked another one (I doubt you can fully man 3 CTFs at the same time) if the theme of this one was not to your taste.


solarwind – March 30, 2016, 4:40 a.m.

Pharisaeus, about Breakin and Hackim -- if you review my comments in that topics, I was voting for 0 in first and 5 in second. Breakin this year had tasks of very low quality, anyone interested can check orgs writeups for all tasks on github. Hackim had pwnables and web of higher level than Pwn2Win, has a good progress in fixing cheating (~25 teams from TOP-30 banned), and orgs there not allowed themselfs to insult players.

I understand your desire to manipulate rating weight in more favorable way for you, that is exactly why voting system was created. Voting system is preventing any single biased team to occupy it. Other teams have the same rights as you have.
I lead dcua right from the creation in 2012 year, played in ~300 competitions, and some people here were playing long before that -- have 10+ years experience of international CTFs. It is possible we may have an idea what good CTFs are too.


Pharisaeus – March 30, 2016, 7:38 a.m.

@solarwind judging by the votes (excluding of course votes from organisers themselves) it seems as if you're the only one trying to "manipulate rating weight in more favourable way for you" ;)
I might not have played as much as you did, but I can also spot a good and a bad CTF. While this one was neither perfect nor the level of Insomnia or 0CTF, it was still not a 1-point CTF.
And since you voted 10p for Securinets one can only wonder if you really think it was that much better, or maybe it's just that there were no top teams above you... :)


gnx – March 30, 2016, 8:47 a.m.

@solarwind Just to remind you, you or someone on your team gave a very positive feedback from the event on the form. But in voting time, do it? Really unfortunate, only gives us reason to suspect of their intentions.

@Pharisaues Thank you for the support! <3 Poland (true hackers!!!)


gnx – March 30, 2016, 10:54 a.m.

@solarwind HackIM had web of higher level than Pwn2Win? hahahahahah

Bathing and Grooming: https://github.com/epicleet/write-ups-2016/tree/pwn2win-ctf-2016/pwn2win-ctf-2016/web/bathing-and-grooming-400
Free Web Access: https://github.com/p4-team/ctf/tree/master/2016-03-26-pwn2win/free_web_access
Facebug, Command and Control Server, etc etc

Pwn2Win have an Attack Step involving Kernel Exploit Development.

Try Harder guy, don't cry!


solarwind – March 30, 2016, 12:15 p.m.

2 Pharisaeus -- I will vote in a way I feel apropriate. This thing is called democracy. I have the same rights to vote as anyone else, and will use it in a way I think is right. If you dont agree with me -- you can try to influence me or others by arguments, but please do not try to limit my right to vote.

2 Álisson Bertochi -- we don't usually do feedback in any forms, if it doesn't give additional points for ctf. I can ensure you it was not me filling any of your forms. I'm representing official team position -- your CTF is worth what it was openly voted here.
About quality of your tasks -- see above message from KT, and try also looking on tasks from HackIm. I was aware of writeups you mentioned. Forcing ppl to code MD5 in SQL is stupid, this tests coding skills, not infosec. Kernel exploit development is not that innovative as you may think -- CSAW finals are doing it regularly, on recent chinese CTFs were tasks about it, I also know CTF (eCSI 2015) where windows kernel exploitation was used.

Really, people -- stop trying to challenge basic priniciples of democracy, deny the right to vote for someone you don't like or who have different opinion. Democracy is a bad system for sure, but others are worse.
The bad example of democracy is mentioned Securinets CTF scoring. The situation with cheating there is the same as was on HackIm 2016, but orgs are actively supporting locals and almost no foreign teams participated there to do objective voting. Any vote will be overvoted by that local teams, and I don't see any way how it can be fixed there without limiting the vote rights I'm standing for. My vote and comment there are sarcasm, ofcourse Securinets don't deserve 10 points if any at all.


gnx – March 30, 2016, 1:07 p.m.

@solarwind - "Forcing ppl to code MD5 in SQL is stupid, this tests coding skills, not infosec". A team solved the task by a different way, you could have done too, "thinking outside the box" (hackers do that!!). It was a challenge that involves cryptography.

Our Kernel Exploitation was ARM-based.

My request is: do not try to belittle the work of others teams.

The day you do a better event, we turn to talk.


gnx – March 30, 2016, 1:35 p.m.

To conclude, as you said, your voting criterion is based on sarcasm, and not real quality.


solarwind – March 30, 2016, 1:57 p.m.

I saw SQL MD5 implementation 'Bathing and Grooming' in your intended solution -- so you seems was thinking that coding MD5 in SQL is good challenge. How others solved it is different question, it is not related to quality of your tasks -- that who found innovative way for otherwise stupid task is good and deserves respect, not your work.
ARM based kernel exploitation -- pwnable.kr towelroot challenge exists for like a year.

I'm not trying to belittle your work, I'm showing you that there are alot of other good work exists, better ctfs and good teams are available. I looked into profiles and past CTF results of all teams involved into Pwn2Win organization ("CTF-BR"), and think that your and your team opinion about own coolness may be exaggerated. But you can continue to think that you are "true hackers" and others are "jokers" if you wish.


gnx – March 30, 2016, 2:08 p.m.

We are not bloodsuckers, while you are trying to win ALL CTFs from the Earth (but never created one), we are creating challenges that you can not solve (and we have no time to play). Sorry, "Top 1". =D


gynvael – March 30, 2016, 2:23 p.m.

Hi there ;)

Well, the discussion seems to be getting pretty personal. Is there any reason to continue it btw?

IMO it's worth looking at the public voting as an experiment. My guess is that kyprizel, at some point, will do some math and check what kind of correlation is between how teams vote and how good did they do on a CTF, and decide whether to keep this system, or go back to the old way, or try something else. Afair when this whole idea was discussed back in 2014, the gaming-the-system* problem was already considered. Also, it's only natural for humans to feel more positive about CTFs they did well in, and more pessimistic about the ones they didn't do well in - this isn't deliberate gaming-a-system, but it's there.

* <wink> also, hackers gaming a system?! how could that be! http://giphy.com/gifs/PFwKHjOcIoVUc </wink>

Maybe a solution lies elsewhere? Maybe instead of voting on score each team could fill a survey saying whether they encountered problems with tasks, whether the CTF website was working and admins were responsive. Maybe prizes should be taken into consideration as well, and whether it's a "major CTF" (i.e. DEF CON CTF qualifier). Maybe based on such surveys it kyprizel could decide on the score?
Or maybe there is another, better solution :)

Anyway, all I'm saying that it's probably worth more to discuss the system, than each others votes ;)


solarwind – March 30, 2016, 2:30 p.m.

2 Álisson Bertochi -- creating challenges that no one can solve is easy,
$ openssl rand -base64 33 | tee flag.txt | sha256sum
8d740cfbed669abfbb2c68604903613640b0c432423f66b797161154cb98efe5

If you have no time to play, or otherwise suck on ctfs -- show respect to those who suck less. You tried to create CTF -- thats great, and we showed you respect by spending our time playing it. It was strange to see that org team members are insulting us on voting page.


gnx – March 30, 2016, 2:34 p.m.

Thank you Gynvael (<3 Poland), I will end the discussion here.


thotypous – March 30, 2016, 4:51 p.m.

@Mykola I think Alisson already made clear why he got angry about your vote (good feedback -- of course, not yours -- in the form received from dcua versus your vote), so you can have a idea on what he had in mind when he offended you. But of course there was no reason for us to take your opinion personally, and I sincerely apologize for this. I'm also not implying that was your fault nor trying to make excuses: of course it was *our fault*. I'm just humbly asking for empathy. I always admired dcua because you had the effort to participate in Pwn2Win 2 years ago, when it was Portuguese-only. You took the effort to use Google Translate and play the CTF even when it was at its very early stages and didn't figure in ctftime. I hope that you may be able to forgive this episode and take part in future editions of the event.

Now taking a stand in defense of our CTF, *of course* we are not saying it was the best CTF in the world. Please, we are not even close to that. There are lots of things we can improve in the CTF, and we are very grateful for every single feedback we had. Even though we are new in the scene, we put our best effort on the CTF and tried to innovate at least a little. Our Kernel Exploitation task may not be a big deal, but we tried to make it fun by making it resemble a device driver in an embedded ARM architecture. With Timekeeper's Lock we tried to bring one of the first FPGA-based reverse engineering tasks in a complex but solvable problem (Dragon Sector almost solved it, but had some bad luck with members getting ill during the CTF). Bathing and Grooming was more about coding than infosec, but for hacking sometimes you need to code fast some very complex payload.

The CTF had its infrastructure deficiencies, challenges which required guessing, lack of more binary exploitation problems, and many other issues, but we tried to minimize this by being responsive in the IRC channel and by publishing hints. Wouldn't it be worse if we published no hints? I'm not asking anyone to change their vote, but I believe that for a CTF which is going international for the first time, we did pretty well.

Finally, I would like to thank all teams who played our CTF and for all comments criticizing us and giving feedback. I hope to see you again in the next edition.

I would also like to say that we had no intention to manipulate our own score by voting in our own CTF. We only did so because it is said that only votes from top50 teams and from participants with score>0 are computed. Our team is not listed as participant, and is not top50. "Tecland Core" is listed as a player, but we are not registered as members of this team in ctftime, and also it had negative score (we used it for testing purposes during the CTF). Therefore we used the voting comments only as "right of reply" to comments criticizing the competition.


geolado – March 31, 2016, 12:27 a.m.

Hey , just a tiny addendum here :
About the complaint of too many PPC and Phys challenges . In Brazil CTF culture isn't disseminated , but the Programming marathons are the main College event of the courses of Computer Science and Engineering . So we wanted to bring more people that were not familiar nor known about the existence of CTFs , thus fomenting the CTF scene in Brazil . With that in mind , we've added PPC and Phys challenges in order to make the people coming from Programing events not feel so lost .

Sorry about all the mess and
thanks for all the feed back , we hope we can improve in the future (:


thotypous – April 4, 2016, 2:15 p.m.

We are glad to announce Dragon Sector was the first team to solve the Attack Step (which stayed available post-CTF)
http://ctf.tecland.com.br/pwn2win-ctf-2016-attack-step-winner