Fri, 25 March 2016, 16:37 UTC — Sun, 27 March 2016, 16:37 UTC 

On-line

Pwn2Win CTF event.

Format: Jeopardy Jeopardy

Official URL: https://www.pwn2win.party/?lang=en

This event's weight is subject of public voting!

Future weight: 20.14 

Rating weight: 20.14 

Event organizers 


Brazilian Thematic CTF, organized by ELT members. Jeopardy, involving subjects like physics, eletronics and math, in addition to the traditional categories.

https://www.pwn2win.party/?lang=en

Twitter: twitter.com/eltctfbr
Facebook: facebook.com/capturetheflagbr
IRC: #tecland@freenode

Prizes

1º Place - 1100.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

2º Place - 700.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

3º Place - 400.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

Special Prize: 200.00 BRL converted to BTC for the first one to conclude the Attack Step.

(*) Converted to BTC by MercadoBitcoin rates at the working day just before the CTF opens.

The personalized certificates are just like "medals" from the event.

Scoreboard

521 teams total

PlaceTeamCTF pointsRating points
1 p4 2165.00040.280
2 Dragon Sector 1630.00025.233
3 scryptos 1600.00021.597
4 int3pids 1325.00017.361
5 !SpamAndHex 1195.00015.145
6 ASIS 1100.00013.589
7 217 1055.00012.691
8 TokyoWesterns 1015.00011.960
9 Hackiticos-UFCG 785.0009.540
10 Capture the Swag 780.0009.270
11 KITCTF 760.0008.901
12 jinmathbiya 725.0008.423
13 xil.se 710.0008.154
14 dcua 685.0007.811
15 IoC 655.0007.436
16 covart 620.0007.026
17 TheGoonies 610.0006.859
18 Bits For Everyone 545.0006.189
19 Just Hit the Core 535.0006.037
20 RooterX 530.0005.937
21 Portal Guns 530.0005.889
22 Pão de Batãta 495.0005.520
23 byeongsinofck 465.0005.201
24 DeliciousHorse 465.0005.165
25 Fluxion 465.0005.131
26 HackCat 425.0004.728
27 khack40 420.0004.653
28 GAROA HC 415.0004.580
29 Pwnelaide 415.0004.555
30 MV9rwGOf08 410.0004.485
31 MISTI-IPN 395.0004.324
32 0x90r00t 390.0004.257
33 La Compagnie Créole 370.0004.052
34 RTFM 355.0003.895
35 dodododo 355.0003.878
36 irGeeks 355.0003.862
37 Chapelaria 350.0003.800
38 Hackmethod 345.0003.739
39 Batman's Kitchen 340.0003.679
40 iSome 340.0003.666
41 K17 340.0003.654
42 OpenToAll 335.0003.596
43 hack.carleton 330.0003.538
44 9SOC 330.0003.528
45 dtuhax 330.0003.517
46 deadcow 320.0003.415
47 Snatch The Root 300.0003.219
48 Hexpresso 300.0003.210
49 Samurai 295.0003.155
50 err0r-451 280.0003.008
51 PPG 280.0003.000
52 unicornsandrainbows 275.0002.946
53 smoke leet everyday 260.0002.799
54 FarmingSimulator2015Game.exe 250.0002.699
55 Mammon Machine 245.0002.645
56 HoT 245.0002.639
57 Blah Team 245.0002.632
58 cafecomleite 240.0002.580
59 cpaw 225.0002.434
60 Kr0n0s_T34m 220.0002.382
61 SucuriHC 220.0002.377
62 TheExploiter 220.0002.371
63 Raccoons 220.0002.366
64 Squirrel 215.0002.315
65 .ROTC 205.0002.217
66 jfhs 195.0002.119
67 F0rk3om3 195.0002.115
68 F0H 195.0002.110
69 Execut3 195.0002.106
70 PraetorianGs 190.0002.055
71 TigerTeam 180.0001.958
72 xSTF 180.0001.954
73 SecSegSet 180.0001.950
74 HackXore 180.0001.947
75 RSI 170.0001.850
76 Desec 170.0001.846
77 eipiplus1equals0 170.0001.843
78 Bl@ckWhite 170.0001.840
79 404team 170.0001.836
80 PENSIUN | DFCI | SUKSMA 170.0001.833
81 GRIS 170.0001.830
82 NIS 170.0001.827
83 UCCU 170.0001.824
84 Shellphish 165.0001.775
85 Kung Pao Chicken 160.0001.725
86 RingZer0 Team 155.0001.676
87 Raulhc 155.0001.673
88 REU 155.0001.671
89 SQN 150.0001.622
90 [OMA] 145.0001.573
91 Camaleão Sertanejo 145.0001.570
92 0x8BadF00d 145.0001.568
93 CaramelMacchiato 145.0001.565
94 core 145.0001.563
95 purple 145.0001.561
96 Inx 145.0001.559
97 Jeramy 140.0001.510
98 ISITDTU 140.0001.508
99 whop 130.0001.413
100 BigBang Hack Team 130.0001.411
101 NUSGreyhats 130.0001.409
102 Pr0x3n3745 130.0001.407
103 w1z4rds 130.0001.405
104 WackMC 130.0001.403
105 Plaid Parliament of Pwning 130.0001.401
106 uiuctf 130.0001.399
107 qqq 130.0001.398
108 TeamPy 130.0001.396
109 I'm not Freddie Mercury 130.0001.394
110 OPT 130.0001.392
111 CryptoCreature 125.0001.344
112 magemage114514 115.0001.250
113 Time Zero. 115.0001.248
114 joeasd 105.0001.153
115 Stack 105.0001.152
116 Djangos team 105.0001.150
117 Errei o botãp 105.0001.149
118 Cat-n-Fish 105.0001.147
119 okudo3 105.0001.146
120 P_TE 105.0001.145
121 0xdeadc0de 105.0001.143
122 sevensec 105.0001.142
123 Securimag 105.0001.141
124 Pun15h3r 105.0001.139
125 noraneco 95.0001.045
126 0xBU 95.0001.044
127 Jimmy Jam and the Hoagies 85.0000.949
128 astrodroids 85.0000.948
129 Cafelinux 85.0000.947
130 The DHARMA Initiative 85.0000.946
131 DjigIT 85.0000.944
132 Bl1nk 80.0000.897
133 WSU CSC 80.0000.896
134 xeksec 80.0000.895
135 Hawks 80.0000.893
136 StratumAuhuur 80.0000.892
137 Shikata ga nai 80.0000.891
138 RATM 75.0000.844
139 Pr0mptSt4rs 75.0000.843
140 tank1st99 75.0000.842
141 NeOLux-C1Ph3r 75.0000.841
142 hrkljus 65.0000.746
143 Northport C0d3 Br34k3rs 65.0000.746
144 n00bs 65.0000.745
145 11-Digit Prime Number 65.0000.744
146 BarneySec 65.0000.743
147 #Suicid3SQU@D 65.0000.742
148 g0tiu5a 65.0000.741
149 BITSkrieg 65.0000.740
150 Pcthon 65.0000.739
151 Team_SYN 65.0000.738
152 NCYU 65.0000.737
153 Zonda 65.0000.736
154 503 65.0000.735
155 GoldsNow 65.0000.735
156 taurus 65.0000.734
157 D@rk$h3ll 65.0000.733
158 #HKR-SSA# 65.0000.732
159 cimc 65.0000.731
160 CSI 65.0000.731
161 flamezzz 60.0000.683
162 RGSTeam 60.0000.682
163 icyrec 60.0000.682
164 hl3confirmed 60.0000.681
165 mbr 60.0000.680
166 w33t34m 60.0000.679
167 Binary Vikings 60.0000.679
168 Hacker Boys 55.0000.632
169 isitdtu2 55.0000.631
170 GinGin 55.0000.630
171 K4ff Team 50.0000.583
172 SemNometro 50.0000.582
173 kimiyuki 50.0000.582
174 goonsquad 50.0000.581
175 White Noise 50.0000.580
176 6969test 50.0000.580
177 br34dp1tt 45.0000.532
178 whoami 45.0000.532
179 7D51N5 45.0000.531
180 hAIXer 45.0000.531
181 vanhelsing 45.0000.530
182 Vampirebbs 45.0000.529
183 WFH 40.0000.482
184 BreakPoint 40.0000.482
185 ruchampsajaksra 40.0000.481
186 HackIME 40.0000.480
187 Hack4Fun 40.0000.480
188 InvisibleHats 40.0000.479
189 wolverines 40.0000.479
190 Up the Second 40.0000.478
191 splarcit 40.0000.478
192 c0bebabe 40.0000.477
193 SpringBreak 40.0000.476
194 [CBA]MT 40.0000.476
195 1up 40.0000.475
196 keywee 40.0000.475
197 Natalia 40.0000.474
198 CooCoo 40.0000.474
199 At Least We're Pretty 40.0000.473
200 BabyPhD 40.0000.473
201 NimbleNavigators 40.0000.472
202 GoAtk 35.0000.425
203 2mr 35.0000.425
204 NANO#212123 35.0000.424
205 wtfmehftw 35.0000.424
206 GNUnu 30.0000.377
207 s111 30.0000.376
208 cabrunco 30.0000.376
209 it's only smells 30.0000.375
210 rainbow_bash 30.0000.375
211 RedTeam 30.0000.375
212 Feijoada Team 30.0000.374
213 Hello Team Name 30.0000.374
214 GoBack 30.0000.373
215 ZionTeamX 30.0000.373
216 nguyen123abc 30.0000.372
217 ISITDTU22 30.0000.372
218 buscoequipo 30.0000.371
219 Renegado 30.0000.371
220 Shady Hats 30.0000.371
221 SADBOYS 30.0000.370
222 Valley of the Lone Wolves 30.0000.370
223 vr46 25.0000.323
224 ESU 20.0000.276
225 XSM 20.0000.276
226 WOLFPACK 20.0000.275
227 Random-123 20.0000.275
228 NocturnalCTF 20.0000.274
229 oOo 20.0000.274
230 HenryDark 20.0000.274
231 L337 Script Kiddies 20.0000.273
232 CYBER CRIPTOGRAFIA 20.0000.273
233 hanto 20.0000.272
234 WhatTheSheep 20.0000.272
235 deadmeat 20.0000.272
236 japan 20.0000.271
237 Hybrids of Steel 20.0000.271
238 SecSec 20.0000.271
239 H3RM1T 20.0000.270
240 xiphiasilver 20.0000.270
241 CUBA 20.0000.270
242 ZeroDegree 20.0000.269
243 Sonic_Rainboom 20.0000.269
244 justme 20.0000.269
245 WolfPacked 20.0000.268
246 GoDevils 20.0000.268
247 Azure Assassin Alliance 20.0000.268
248 CodeheadUK 20.0000.267
249 LoLTeam666 20.0000.267
250 Duck killer 20.0000.267
251 Hash 20.0000.266
252 jampasec 20.0000.266
253 dancago 10.0000.173
254 sh_vanGo 10.0000.172
255 5unKn0wn 10.0000.172
256 [FS6] 10.0000.172
257 eita! 10.0000.171
258 n00bsec 10.0000.171
259 TusanHomichi 10.0000.171
260 6223ec161d95b24de9d287f9363501a0 10.0000.170
261 f3n1x_ec 10.0000.170
262 SDSLabs 10.0000.170
263 Mao Sama 10.0000.170
264 MrS 10.0000.169
265 gtn_code 10.0000.169
266 006 10.0000.169
267 StrikeFish88 10.0000.168
268 cylarcy 10.0000.168
269 icanhazip 10.0000.168
270 Occupe 10.0000.168
271 praetorianguard 10.0000.167
272 Iron-Maiden 10.0000.167
273 th3jackers 10.0000.167
274 DOFE 10.0000.167
275 Yozakura 10.0000.166
276 Mx 10.0000.166
277 Balls 10.0000.166
278 oneup 10.0000.165
279 whoamiii 10.0000.165
280 op.rad 10.0000.165
281 Undocumented 10.0000.165
282 DiGIMON 10.0000.164
283 vovanbi94 10.0000.164
284 azneye 10.0000.164
285 233 10.0000.164
286 )#$#)#R#RKKKGV 10.0000.163
287 2nit 10.0000.163
288 hy00un 10.0000.163
289 Yacine101 10.0000.163
290 KINdred 10.0000.162
291 VTM 10.0000.162
292 Master Ironbar 10.0000.162
293 Yonk0 10.0000.162
294 Own the World 10.0000.162
295 mRt 10.0000.161
296 Movember 10.0000.161
297 Dokko 10.0000.161
298 N0_0p3rati0nS 10.0000.161
299 hem 10.0000.160
300 Phoenix Team 10.0000.160
301 GG 10.0000.160
302 Paki Tigers 10.0000.160
303 we are the 1% 10.0000.159
304 CTF-BR 10.0000.159
305 arizona 10.0000.159
306 dote 10.0000.159
307 New_guy 10.0000.159
308 Gibdeon 10.0000.158
309 Ascent 10.0000.158
310 Linux4TheWin 10.0000.158
311 efiens 10.0000.158
312 c0mas 10.0000.158
313 doratest 0.0000.000
314 yolos 0.0000.000
315 lets_try 0.0000.000
316 Tasteless 0.0000.000
317 CONAN REDSOLDIERS 0.0000.000
318 meutime 0.0000.000
319 dtuhax 0.0003.517
320 1234 0.0000.000
321 Serjao Tean 0.0000.000
322 GCC 0.0000.000
323 clown 0.0000.000
324 ByteBandits 0.0000.000
325 XiaoMing 0.0000.000
326 synack 0.0000.000
327 RPISEC 0.0000.000
328 nuc13us 0.0000.000
329 j93 0.0000.000
330 noobs 0.0000.000
331 TheKillingTime 0.0000.000
332 kileak 0.0000.000
333 ByungShinOfCK 0.0000.000
334 cemalshukri 0.0000.000
335 citizen 0.0000.000
336 Root.Storm 0.0000.000
337 GoldyLock 0.0000.000
338 Iq tracking 0.0000.000
339 SUSlo.PAS 0.0000.000
340 TestPWN 0.0000.000
341 boroda 0.0000.000
342 Administrator 0.0000.000
343 ByteOfLatte 0.0000.000
344 BageJake 0.0000.000
345 ⁠⁠⁠LickTheCloud 0.0000.000
346 pwniz 0.0000.000
347 pwnizz 0.0000.000
348 pros 0.0000.000
349 hxp 0.0000.000
350 purean 0.0000.000
351 k0rt3V 0.0000.000
352 Byte 0.0000.000
353 scifi 0.0000.000
354 xxxx 0.0000.000
355 dpnz 0.0000.000
356 MeePwn 0.0000.000
357 RTFM 0.0003.895
358 Feeders_Unite 0.0000.000
359 M4sked Ph4ntom 0.0000.000
360 KXTI_t 0.0000.000
361 toto 0.0000.000
362 404 0.0000.000
363 pwnspiracy 0.0000.000
364 toddy>nho 0.0000.000
365 b1zzy 0.0000.000
366 ARONA_TEAM 0.0000.000
367 Prato Pratoso 0.0000.000
368 the beatles 0.0000.000
369 7dsins 0.0000.000
370 p0W3rSh3ll 0.0000.000
371 NOSAFE 0.0000.000
372 darksouls 0.0000.000
373 dalbo 0.0000.000
374 H4CK3R5 0.0000.000
375 C@0S 0.0000.000
376 nvr 0.0000.000
377 LewisU 0.0000.000
378 black_crows 0.0000.000
379 PawPatrol 0.0000.000
380 social smoke 0.0000.000
381 Bladeism 0.0000.000
382 LORD5 0.0000.000
383 _18i81_ 0.0000.000
384 Richard Fawkes 0.0000.000
385 BattleBorn 0.0000.000
386 Allahu Akbar 0.0000.000
387 ShellCode 0.0000.000
388 SkolFlags 0.0000.000
389 Time assalt 0.0000.000
390 nop_these 0.0000.000
391 C4V31R4 T34M 0.0000.000
392 HJHSH 0.0000.000
393 The Bads 0.0000.000
394 Rhizomatic 0.0000.000
395 Kole and Associate 0.0000.000
396 mementomori 0.0000.000
397 OASIS 0.0000.000
398 @_@ 0.0000.000
399 So0o 0.0000.000
400 Ph3rr1s 0.0000.000
401 ensa morocco 0.0000.000
402 GRX 0.0000.000
403 MStwo 0.0000.000
404 Mone 0.0000.000
405 hellowar 0.0000.000
406 Verde 0.0000.000
407 Team01 0.0000.000
408 altecfour 0.0000.000
409 3squ4dr40 cl4ss3 β 0.0000.000
410 Dr_Fez 0.0000.000
411 hy00un 0.0000.163
412 kemmio 0.0000.000
413 matehackers 0.0000.000
414 iG 0.0000.000
415 WAtester 0.0000.000
416 tyleroar 0.0000.000
417 YanTayga 0.0000.000
418 Desiprox Team 0.0000.000
419 Internet Cafe Legends 0.0000.000
420 EC0BR4V0 0.0000.000
421 0xM3R 0.0000.000
422 Insane 0.0000.000
423 Lampião Hacker 0.0000.000
424 N4S4_C41U 0.0000.000
425 Bolt108 0.0000.000
426 JustSkidding 0.0000.000
427 Pereira Security Team 0.0000.000
428 Glidermed 0.0000.000
429 r3turn h4ck1ng; 0.0000.000
430 FundaoHUE 0.0000.000
431 _try 0.0000.000
432 not found 0.0000.000
433 Team Shinobi 0.0000.000
434 lesdudumaximo 0.0000.000
435 pipe solo 0.0000.000
436 0byte 0.0000.000
437 first try 0.0000.000
438 Baile de Favela 0.0000.000
439 crazy 0.0000.000
440 Saintz 0.0000.000
441 b0tch_sec 0.0000.000
442 loopback.br 0.0000.000
443 objEEdump 0.0000.000
444 Noor 0.0000.000
445 Snakes 0.0000.000
446 TCS 0.0000.000
447 Ar3a-55 0.0000.000
448 Delusions of Grandeur 0.0000.000
449 mollaa 0.0000.000
450 oqned 0.0000.000
451 NEED_MORE_PiNG 0.0000.000
452 anastiel 0.0000.000
453 Support_kva 0.0000.000
454 jackdaw 0.0000.000
455 S3R4P|-|1MDr3aM 0.0000.000
456 unichamps 0.0000.000
457 H4x0r's Aju 0.0000.000
458 TheFoxes 0.0000.000
459 ABNT 0.0000.000
460 cyberkastike 0.0000.000
461 DustLoiterers 0.0000.000
462 WTFBROS 0.0000.000
463 CMIC 0.0000.000
464 Arya 0.0000.000
465 Knightsec 0.0000.000
466 David Manouchehri 0.0000.000
467 +Security 0.0000.000
468 Black Space 0.0000.000
469 AsssassiNOPs 0.0000.000
470 Dancing Simpletons 0.0000.000
471 b01lers 0.0000.000
472 French Toast Mafia 0.0000.000
473 KasaBR 0.0000.000
474 no123 0.0000.000
475 Dial 5 0.0000.000
476 BugZrU 0.0000.000
477 AllTheBits 0.0000.000
478 asd 0.0000.000
479 Tribu 0.0000.000
480 autolycos 0.0000.000
481 Lilac 0.0000.000
482 NullByte 0.0000.000
483 ¯\__(ツ)__/¯ 0.0000.000
484 Jockers 0.0000.000
485 IS☢LA 0.0000.000
486 ARGOS 0.0000.000
487 KXTI_5 0.0000.000
488 marco's 0.0000.000
489 participe_ctf 0.0000.000
490 chomuX 0.0000.000
491 nine_inch_males 0.0000.000
492 redalert 0.0000.000
493 wil0la 0.0000.000
494 Bring On The Fyre 0.0000.000
495 undefined 0.0000.000
496 cazador 0.0000.000
497 Team SYN 0.0000.000
498 vnn 0.0000.000
499 A 0.0000.000
500 sczi 0.0000.000
501 T224 0.0000.000
502 BlackSpace 0.0000.000
503 PPPP 0.0000.000
504 HackigPPP 0.0000.000
505 yakinikyuu 0.0000.000
506 crackatoa 0.0000.000
507 hAIXer 0.0000.531
508 Tokist 0.0000.000
509 grow 0.0000.000
510 qcu 0.0000.000
511 jason 0.0000.000
512 KXTI_11111 0.0000.000
513 CLGT 0.0000.000
514 0x90 0.0000.000
515 0x90@dayrep.com 0.0000.000
516 loogie_team 0.0000.000
517 zzoru 0.0000.000
518 stlsec 0.0000.000
519 FS6 0.0000.000
520 gnashsec 0.0000.000
521 TecLand Core -1000.0000.000
simonvik – March 25, 2016, 11:03 a.m.

The countdown on your site does not handle different TZ very well :)


Pharisaeus – March 28, 2016, 10:52 p.m.

I though that this whole CTF thing is to have fun and learn something but apparently some people (like @solarwind from dcua) take this a bit too seriously, and try to help their team by abusing the new score voting system. They won Volga so Volga score to max, they didn't do so well on Pwn2Win? Score to min. Great logic guys, very mature of you! It seems some people need to grow up a bit to be given that kind of "power".

I guess the idea of voting was there to help fixing appropriate score for the CTF using post-ctf feedback, but some teams apparently need to abuse this to help their team get better position in ctftime ranking. My advice: "try harder" during the CTF, and you won't need to cheat by downvoting CTFs you didn't win.


solarwind – March 29, 2016, 7:52 p.m.

Pharisaeus, if you think anyone should vote in the way you want it -- you are wrong. Current voting system is made for everyone have a voice, and all voices are equal. Why I voted that way I clearly stated in comment.
You can vote in a way you want. If you don't agree with me -- vote different score.
To everyone who think that can shut up others or force them to obey by insulting or assaulting them -- that is not working here. We have rights for free speech and equality, and will use them anytime we want.


kt – March 29, 2016, 7:57 p.m.

Dear Pwn2Win organizers and other newly registered users on the voting page: your votes worth nothing, because only last year's TOP50 teams' vote count.

Your CTF was not good at all. I am saying this after we finished #5 on your CTF and we were #5 on CTFtime last year. I also personally played on ~70-80 CTFs (and on multiple prestigious finals) so I think I can say I / we have some CTF experience.

What you are doing here is a disgrace to the CTF scene. I mean: smearing dcua's name? Really? Please go and do a reality check. You are talking about the current leader team on CTFtime... Also you are upvoting your own CTF on the voting. That looks legit to you?

Your challenges were boring, no innovation whatsoever and almost every challenge were stego-like "Find out what we thought". The crypto challenge did not even responded if I send in a newline character (and you said it was intentional). A lot of challenge had nothing to do with real security.

Next time please make less challenges (nobody wants to solve ~80 of them) but make them better. Play on other CTFs and learn how a good challenge look like. Quality before quantity please.


Pharisaeus – March 29, 2016, 8:47 p.m.

@KT read the rules -> "Team members of last years top 50 and teams scored > 0 points can vote". This means any votes from the participating teams count, not only from the "top teams". I don't think teams who can't vote can even enter the "poll", so any votes there count. I guess the organisers exaggerated there and went out of place attacking dcua, but at the same time they must have invested a lot of effort into this (with good results!) so it's understandable to get angry when someone votes you to 1 (because they didn't win, since they focused on a different CTFs at the same time...)

@solarwind I understand that everyone has a vote, and I'm ok with that. I just naively thought that we're all adults here and will use the votes to set proper score for mis-graded competitions. And you voted this CTF at 5 and then 1 point, which means lower than HackIM or BreakIn which were 5, while it was on entirely different level. So now I'm not sure if we played a different CTF, or maybe you simply want to lower the points awarded to the teams that were higher than you... Anyway, it's your vote, you can do whatever you want with it.

As for the accusation that the CTF had some non-security oriented tasks -> it was clearly written from the beginning. There were 2 more CTFs going on at the same time so anyone could have picked another one (I doubt you can fully man 3 CTFs at the same time) if the theme of this one was not to your taste.


solarwind – March 30, 2016, 4:40 a.m.

Pharisaeus, about Breakin and Hackim -- if you review my comments in that topics, I was voting for 0 in first and 5 in second. Breakin this year had tasks of very low quality, anyone interested can check orgs writeups for all tasks on github. Hackim had pwnables and web of higher level than Pwn2Win, has a good progress in fixing cheating (~25 teams from TOP-30 banned), and orgs there not allowed themselfs to insult players.

I understand your desire to manipulate rating weight in more favorable way for you, that is exactly why voting system was created. Voting system is preventing any single biased team to occupy it. Other teams have the same rights as you have.
I lead dcua right from the creation in 2012 year, played in ~300 competitions, and some people here were playing long before that -- have 10+ years experience of international CTFs. It is possible we may have an idea what good CTFs are too.


Pharisaeus – March 30, 2016, 7:38 a.m.

@solarwind judging by the votes (excluding of course votes from organisers themselves) it seems as if you're the only one trying to "manipulate rating weight in more favourable way for you" ;)
I might not have played as much as you did, but I can also spot a good and a bad CTF. While this one was neither perfect nor the level of Insomnia or 0CTF, it was still not a 1-point CTF.
And since you voted 10p for Securinets one can only wonder if you really think it was that much better, or maybe it's just that there were no top teams above you... :)


gnx – March 30, 2016, 8:47 a.m.

@solarwind Just to remind you, you or someone on your team gave a very positive feedback from the event on the form. But in voting time, do it? Really unfortunate, only gives us reason to suspect of their intentions.

@Pharisaues Thank you for the support! <3 Poland (true hackers!!!)


gnx – March 30, 2016, 10:54 a.m.

@solarwind HackIM had web of higher level than Pwn2Win? hahahahahah

Bathing and Grooming: https://github.com/epicleet/write-ups-2016/tree/pwn2win-ctf-2016/pwn2win-ctf-2016/web/bathing-and-grooming-400
Free Web Access: https://github.com/p4-team/ctf/tree/master/2016-03-26-pwn2win/free_web_access
Facebug, Command and Control Server, etc etc

Pwn2Win have an Attack Step involving Kernel Exploit Development.

Try Harder guy, don't cry!


solarwind – March 30, 2016, 12:15 p.m.

2 Pharisaeus -- I will vote in a way I feel apropriate. This thing is called democracy. I have the same rights to vote as anyone else, and will use it in a way I think is right. If you dont agree with me -- you can try to influence me or others by arguments, but please do not try to limit my right to vote.

2 Álisson Bertochi -- we don't usually do feedback in any forms, if it doesn't give additional points for ctf. I can ensure you it was not me filling any of your forms. I'm representing official team position -- your CTF is worth what it was openly voted here.
About quality of your tasks -- see above message from KT, and try also looking on tasks from HackIm. I was aware of writeups you mentioned. Forcing ppl to code MD5 in SQL is stupid, this tests coding skills, not infosec. Kernel exploit development is not that innovative as you may think -- CSAW finals are doing it regularly, on recent chinese CTFs were tasks about it, I also know CTF (eCSI 2015) where windows kernel exploitation was used.

Really, people -- stop trying to challenge basic priniciples of democracy, deny the right to vote for someone you don't like or who have different opinion. Democracy is a bad system for sure, but others are worse.
The bad example of democracy is mentioned Securinets CTF scoring. The situation with cheating there is the same as was on HackIm 2016, but orgs are actively supporting locals and almost no foreign teams participated there to do objective voting. Any vote will be overvoted by that local teams, and I don't see any way how it can be fixed there without limiting the vote rights I'm standing for. My vote and comment there are sarcasm, ofcourse Securinets don't deserve 10 points if any at all.


gnx – March 30, 2016, 1:07 p.m.

@solarwind - "Forcing ppl to code MD5 in SQL is stupid, this tests coding skills, not infosec". A team solved the task by a different way, you could have done too, "thinking outside the box" (hackers do that!!). It was a challenge that involves cryptography.

Our Kernel Exploitation was ARM-based.

My request is: do not try to belittle the work of others teams.

The day you do a better event, we turn to talk.


gnx – March 30, 2016, 1:35 p.m.

To conclude, as you said, your voting criterion is based on sarcasm, and not real quality.


solarwind – March 30, 2016, 1:57 p.m.

I saw SQL MD5 implementation 'Bathing and Grooming' in your intended solution -- so you seems was thinking that coding MD5 in SQL is good challenge. How others solved it is different question, it is not related to quality of your tasks -- that who found innovative way for otherwise stupid task is good and deserves respect, not your work.
ARM based kernel exploitation -- pwnable.kr towelroot challenge exists for like a year.

I'm not trying to belittle your work, I'm showing you that there are alot of other good work exists, better ctfs and good teams are available. I looked into profiles and past CTF results of all teams involved into Pwn2Win organization ("CTF-BR"), and think that your and your team opinion about own coolness may be exaggerated. But you can continue to think that you are "true hackers" and others are "jokers" if you wish.


gnx – March 30, 2016, 2:08 p.m.

We are not bloodsuckers, while you are trying to win ALL CTFs from the Earth (but never created one), we are creating challenges that you can not solve (and we have no time to play). Sorry, "Top 1". =D


gynvael – March 30, 2016, 2:23 p.m.

Hi there ;)

Well, the discussion seems to be getting pretty personal. Is there any reason to continue it btw?

IMO it's worth looking at the public voting as an experiment. My guess is that kyprizel, at some point, will do some math and check what kind of correlation is between how teams vote and how good did they do on a CTF, and decide whether to keep this system, or go back to the old way, or try something else. Afair when this whole idea was discussed back in 2014, the gaming-the-system* problem was already considered. Also, it's only natural for humans to feel more positive about CTFs they did well in, and more pessimistic about the ones they didn't do well in - this isn't deliberate gaming-a-system, but it's there.

* <wink> also, hackers gaming a system?! how could that be! http://giphy.com/gifs/PFwKHjOcIoVUc </wink>

Maybe a solution lies elsewhere? Maybe instead of voting on score each team could fill a survey saying whether they encountered problems with tasks, whether the CTF website was working and admins were responsive. Maybe prizes should be taken into consideration as well, and whether it's a "major CTF" (i.e. DEF CON CTF qualifier). Maybe based on such surveys it kyprizel could decide on the score?
Or maybe there is another, better solution :)

Anyway, all I'm saying that it's probably worth more to discuss the system, than each others votes ;)


solarwind – March 30, 2016, 2:30 p.m.

2 Álisson Bertochi -- creating challenges that no one can solve is easy,
$ openssl rand -base64 33 | tee flag.txt | sha256sum
8d740cfbed669abfbb2c68604903613640b0c432423f66b797161154cb98efe5

If you have no time to play, or otherwise suck on ctfs -- show respect to those who suck less. You tried to create CTF -- thats great, and we showed you respect by spending our time playing it. It was strange to see that org team members are insulting us on voting page.


gnx – March 30, 2016, 2:34 p.m.

Thank you Gynvael (<3 Poland), I will end the discussion here.


thotypous – March 30, 2016, 4:51 p.m.

@Mykola I think Alisson already made clear why he got angry about your vote (good feedback -- of course, not yours -- in the form received from dcua versus your vote), so you can have a idea on what he had in mind when he offended you. But of course there was no reason for us to take your opinion personally, and I sincerely apologize for this. I'm also not implying that was your fault nor trying to make excuses: of course it was *our fault*. I'm just humbly asking for empathy. I always admired dcua because you had the effort to participate in Pwn2Win 2 years ago, when it was Portuguese-only. You took the effort to use Google Translate and play the CTF even when it was at its very early stages and didn't figure in ctftime. I hope that you may be able to forgive this episode and take part in future editions of the event.

Now taking a stand in defense of our CTF, *of course* we are not saying it was the best CTF in the world. Please, we are not even close to that. There are lots of things we can improve in the CTF, and we are very grateful for every single feedback we had. Even though we are new in the scene, we put our best effort on the CTF and tried to innovate at least a little. Our Kernel Exploitation task may not be a big deal, but we tried to make it fun by making it resemble a device driver in an embedded ARM architecture. With Timekeeper's Lock we tried to bring one of the first FPGA-based reverse engineering tasks in a complex but solvable problem (Dragon Sector almost solved it, but had some bad luck with members getting ill during the CTF). Bathing and Grooming was more about coding than infosec, but for hacking sometimes you need to code fast some very complex payload.

The CTF had its infrastructure deficiencies, challenges which required guessing, lack of more binary exploitation problems, and many other issues, but we tried to minimize this by being responsive in the IRC channel and by publishing hints. Wouldn't it be worse if we published no hints? I'm not asking anyone to change their vote, but I believe that for a CTF which is going international for the first time, we did pretty well.

Finally, I would like to thank all teams who played our CTF and for all comments criticizing us and giving feedback. I hope to see you again in the next edition.

I would also like to say that we had no intention to manipulate our own score by voting in our own CTF. We only did so because it is said that only votes from top50 teams and from participants with score>0 are computed. Our team is not listed as participant, and is not top50. "Tecland Core" is listed as a player, but we are not registered as members of this team in ctftime, and also it had negative score (we used it for testing purposes during the CTF). Therefore we used the voting comments only as "right of reply" to comments criticizing the competition.


geolado – March 31, 2016, 12:27 a.m.

Hey , just a tiny addendum here :
About the complaint of too many PPC and Phys challenges . In Brazil CTF culture isn't disseminated , but the Programming marathons are the main College event of the courses of Computer Science and Engineering . So we wanted to bring more people that were not familiar nor known about the existence of CTFs , thus fomenting the CTF scene in Brazil . With that in mind , we've added PPC and Phys challenges in order to make the people coming from Programing events not feel so lost .

Sorry about all the mess and
thanks for all the feed back , we hope we can improve in the future (:


thotypous – April 4, 2016, 2:15 p.m.

We are glad to announce Dragon Sector was the first team to solve the Attack Step (which stayed available post-CTF)
http://ctf.tecland.com.br/pwn2win-ctf-2016-attack-step-winner