Fri, 25 March 2016, 16:37 UTC — Sun, 27 March 2016, 16:37 UTC 

On-line

Pwn2Win CTF event.

Format: Jeopardy Jeopardy

Official URL: https://www.pwn2win.party/?lang=en

This event's future weight is subject of public voting!

Future weight: 19.90 

Rating weight: 19.90 

Event organizers 

Brazilian Thematic CTF, organized by ELT members. Jeopardy, involving subjects like physics, eletronics and math, in addition to the traditional categories.

https://www.pwn2win.party/?lang=en

Twitter: twitter.com/eltctfbr
Facebook: facebook.com/capturetheflagbr
IRC: #tecland@freenode

Prizes

1º Place - 1100.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

2º Place - 700.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

3º Place - 400.00 BRL converted to BTC (*) + Max. 10 t-shirts + Certificates

Special Prize: 200.00 BRL converted to BTC for the first one to conclude the Attack Step.

(*) Converted to BTC by MercadoBitcoin rates at the working day just before the CTF opens.

The personalized certificates are just like "medals" from the event.

Scoreboard

521 teams total

PlaceTeamCTF pointsRating points
1 p4 2165.00039.800
2 Dragon Sector 1630.00024.932
3 scryptos 1600.00021.340
4 int3pids 1325.00017.154
5 !SpamAndHex 1195.00014.964
6 ASIS 1100.00013.428
7 217 1055.00012.540
8 TokyoWesterns 1015.00011.817
9 Hackiticos-UFCG 785.0009.427
10 Capture the Swag 780.0009.160
11 KITCTF 760.0008.795
12 jinmathbiya 725.0008.322
13 xil.se 710.0008.057
14 dcua 685.0007.718
15 IoC 655.0007.347
16 covart 620.0006.943
17 TheGoonies 610.0006.778
18 Bits For Everyone 545.0006.115
19 Just Hit the Core 535.0005.965
20 RooterX 530.0005.867
21 Portal Guns 530.0005.819
22 Pão de Batãta 495.0005.454
23 byeongsinofck 465.0005.139
24 DeliciousHorse 465.0005.103
25 Fluxion 465.0005.070
26 HackCat 425.0004.672
27 khack40 420.0004.598
28 GAROA HC 415.0004.525
29 Pwnelaide 415.0004.501
30 MV9rwGOf08 410.0004.432
31 MISTI-IPN 395.0004.273
32 0x90r00t 390.0004.207
33 La Compagnie Créole 370.0004.004
34 RTFM 355.0003.848
35 dodododo 355.0003.832
36 irGeeks 355.0003.816
37 Chapelaria 350.0003.755
38 Hackmethod 345.0003.695
39 Batman's Kitchen 340.0003.635
40 iSome 340.0003.623
41 K17 340.0003.611
42 OpenToAll 335.0003.553
43 hack.carleton 330.0003.496
44 9SOC 330.0003.486
45 DTUHAX 330.0003.475
46 deadcow 320.0003.374
47 Snatch The Root 300.0003.181
48 Hexpresso 300.0003.172
49 Samurai 295.0003.118
50 err0r-451 280.0002.972
51 PPG 280.0002.964
52 unicornsandrainbows 275.0002.910
53 smoke leet everyday 260.0002.765
54 FarmingSimulator2015Game.exe 250.0002.666
55 Mammon Machine 245.0002.614
56 HoT 245.0002.607
57 Blah Team 245.0002.601
58 cafecomleite 240.0002.549
59 cpaw 225.0002.405
60 Kr0n0s_T34m 220.0002.354
61 SucuriHC 220.0002.348
62 TheExploiter 220.0002.343
63 Raccoons 220.0002.338
64 Squirrel 215.0002.287
65 .ROTC 205.0002.190
66 jfhs 195.0002.094
67 F0rk3om3 195.0002.089
68 F0H 195.0002.085
69 Execut3 195.0002.081
70 PraetorianGs 190.0002.031
71 TigerTeam 180.0001.935
72 xSTF 180.0001.931
73 SecSegSet 180.0001.927
74 HackXore 180.0001.923
75 RSI 170.0001.828
76 Desec 170.0001.824
77 eipiplus1equals0 170.0001.821
78 Bl@ckWhite 170.0001.818
79 404team 170.0001.814
80 PENSIUN | DFCI | SUKSMA 170.0001.811
81 GRIS 170.0001.808
82 NIS 170.0001.805
83 UCCU 170.0001.802
84 Shellphish 165.0001.754
85 Kung Pao Chicken 160.0001.705
86 RingZer0 Team 155.0001.656
87 Raulhc 155.0001.653
88 REU 155.0001.651
89 SQN 150.0001.602
90 [OMA] 145.0001.554
91 Camaleão Sertanejo 145.0001.551
92 0x8BadF00d 145.0001.549
93 CaramelMacchiato 145.0001.547
94 core 145.0001.544
95 purple 145.0001.542
96 Inx 145.0001.540
97 Jeramy 140.0001.492
98 ISITDTU 140.0001.490
99 whop 130.0001.396
100 BigBang Hack Team 130.0001.394
101 NUSGreyhats 130.0001.392
102 Pr0x3n3745 130.0001.390
103 w1z4rds 130.0001.388
104 WackMC 130.0001.386
105 Plaid Parliament of Pwning 130.0001.384
106 uiuctf 130.0001.383
107 qqq 130.0001.381
108 TeamPy 130.0001.379
109 I'm not Freddie Mercury 130.0001.377
110 OPT 130.0001.376
111 CryptoCreature 125.0001.328
112 magemage114514 115.0001.235
113 Time Zero. 115.0001.233
114 joeasd 105.0001.140
115 Stack 105.0001.138
116 Djangos team 105.0001.137
117 Errei o botãp 105.0001.135
118 Cat-n-Fish 105.0001.134
119 okudo3 105.0001.132
120 P_TE 105.0001.131
121 0xdeadc0de 105.0001.130
122 sevensec 105.0001.128
123 Securimag 105.0001.127
124 Pun15h3r 105.0001.126
125 noraneco 95.0001.032
126 0xBU 95.0001.031
127 Jimmy Jam and the Hoagies 85.0000.938
128 astrodroids 85.0000.937
129 Cafelinux 85.0000.936
130 The DHARMA Initiative 85.0000.934
131 DjigIT 85.0000.933
132 Bl1nk 80.0000.886
133 WSU CSC 80.0000.885
134 xeksec 80.0000.884
135 Hawks 80.0000.883
136 StratumAuhuur 80.0000.882
137 Shikata ga nai 80.0000.881
138 RATM 75.0000.834
139 Pr0mptSt4rs 75.0000.833
140 tank1st99 75.0000.832
141 NeOLux-C1Ph3r 75.0000.831
142 hrkljus 65.0000.738
143 Northport C0d3 Br34k3rs 65.0000.737
144 n00bs 65.0000.736
145 11-Digit Prime Number 65.0000.735
146 BarneySec 65.0000.734
147 #Suicid3SQU@D 65.0000.733
148 g0tiu5a 65.0000.732
149 BITSkrieg 65.0000.731
150 Pcthon 65.0000.730
151 Team_SYN 65.0000.729
152 NCYU 65.0000.728
153 Zonda 65.0000.728
154 503 65.0000.727
155 GoldsNow 65.0000.726
156 taurus 65.0000.725
157 D@rk$h3ll 65.0000.724
158 #HKR-SSA# 65.0000.723
159 cimc 65.0000.723
160 CSI 65.0000.722
161 flamezzz 60.0000.675
162 RGSTeam 60.0000.674
163 icyrec 60.0000.674
164 hl3confirmed 60.0000.673
165 mbr 60.0000.672
166 w33t34m 60.0000.671
167 Binary Vikings 60.0000.671
168 Hacker Boys 55.0000.624
169 isitdtu2 55.0000.623
170 GinGin 55.0000.623
171 K4ff Team 50.0000.576
172 SemNometro 50.0000.575
173 kimiyuki 50.0000.575
174 goonsquad 50.0000.574
175 White Noise 50.0000.573
176 6969test 50.0000.573
177 br34dp1tt 45.0000.526
178 whoami 45.0000.525
179 7D51N5 45.0000.525
180 hAIXer 45.0000.524
181 vanhelsing 45.0000.524
182 Vampirebbs 45.0000.523
183 WFH 40.0000.476
184 BreakPoint 40.0000.476
185 ruchampsajaksra 40.0000.475
186 HackIME 40.0000.475
187 Hack4Fun 40.0000.474
188 InvisibleHats 40.0000.474
189 wolverines 40.0000.473
190 Up the Second 40.0000.472
191 splarcit 40.0000.472
192 c0bebabe 40.0000.471
193 SpringBreak 40.0000.471
194 [CBA]MT 40.0000.470
195 1up 40.0000.470
196 keywee 40.0000.469
197 Natalia 40.0000.469
198 CooCoo 40.0000.468
199 At Least We're Pretty 40.0000.468
200 BabyPhD 40.0000.467
201 NimbleNavigators 40.0000.467
202 GoAtk 35.0000.420
203 2mr 35.0000.420
204 NANO#212123 35.0000.419
205 wtfmehftw 35.0000.419
206 GNUnu 30.0000.372
207 s111 30.0000.372
208 cabrunco 30.0000.371
209 it's only smells 30.0000.371
210 rainbow_bash 30.0000.371
211 RedTeam 30.0000.370
212 Feijoada Team 30.0000.370
213 Hello Team Name 30.0000.369
214 GoBack 30.0000.369
215 ZionTeamX 30.0000.368
216 nguyen123abc 30.0000.368
217 ISITDTU22 30.0000.367
218 buscoequipo 30.0000.367
219 Renegado 30.0000.367
220 Shady Hats 30.0000.366
221 SADBOYS 30.0000.366
222 Valley of the Lone Wolves 30.0000.365
223 vr46 25.0000.319
224 ESU 20.0000.273
225 XSM 20.0000.272
226 WOLFPACK 20.0000.272
227 Random-123 20.0000.271
228 NocturnalCTF 20.0000.271
229 oOo 20.0000.271
230 HenryDark 20.0000.270
231 L337 Script Kiddies 20.0000.270
232 CYBER CRIPTOGRAFIA 20.0000.270
233 hanto 20.0000.269
234 WhatTheSheep 20.0000.269
235 deadmeat 20.0000.269
236 japan 20.0000.268
237 Hybrids of Steel 20.0000.268
238 SecSec 20.0000.267
239 H3RM1T 20.0000.267
240 xiphiasilver 20.0000.267
241 CUBA 20.0000.266
242 ZeroDegree 20.0000.266
243 Sonic_Rainboom 20.0000.266
244 justme 20.0000.265
245 WolfPacked 20.0000.265
246 GoDevils 20.0000.265
247 Azure Assassin Alliance 20.0000.264
248 CodeheadUK 20.0000.264
249 LoLTeam666 20.0000.264
250 Duck killer 20.0000.263
251 Hash 20.0000.263
252 jampasec 20.0000.263
253 dancago 10.0000.171
254 sh_vanGo 10.0000.170
255 5unKn0wn 10.0000.170
256 [FS6] 10.0000.170
257 eita! 10.0000.169
258 n00bsec 10.0000.169
259 TusanHomichi 10.0000.169
260 6223ec161d95b24de9d287f9363501a0 10.0000.168
261 f3n1x_ec 10.0000.168
262 SDSLabs 10.0000.168
263 Mao Sama 10.0000.168
264 MrS 10.0000.167
265 gtn_code 10.0000.167
266 006 10.0000.167
267 StrikeFish88 10.0000.166
268 cylarcy 10.0000.166
269 icanhazip 10.0000.166
270 Occupe 10.0000.166
271 praetorianguard 10.0000.165
272 Iron-Maiden 10.0000.165
273 th3jackers 10.0000.165
274 DOFE 10.0000.165
275 Yozakura 10.0000.164
276 Mx 10.0000.164
277 balls 10.0000.164
278 oneup 10.0000.163
279 whoamiii 10.0000.163
280 op.rad 10.0000.163
281 Undocumented 10.0000.163
282 DiGIMON 10.0000.162
283 vovanbi94 10.0000.162
284 azneye 10.0000.162
285 233 10.0000.162
286 )#$#)#R#RKKKGV 10.0000.161
287 2nit 10.0000.161
288 hy00un 10.0000.161
289 Yacine101 10.0000.161
290 KINdred 10.0000.161
291 VTM 10.0000.160
292 Master Ironbar 10.0000.160
293 Yonk0 10.0000.160
294 Own the World 10.0000.160
295 mRt 10.0000.159
296 Movember 10.0000.159
297 Dokko 10.0000.159
298 N0_0p3rati0nS 10.0000.159
299 hem 10.0000.158
300 Phoenix Team 10.0000.158
301 GG 10.0000.158
302 Paki Tigers 10.0000.158
303 we are the 1% 10.0000.158
304 CTF-BR 10.0000.157
305 arizona 10.0000.157
306 dote 10.0000.157
307 New_guy 10.0000.157
308 Gibdeon 10.0000.157
309 Ascent 10.0000.156
310 Linux4TheWin 10.0000.156
311 efiens 10.0000.156
312 c0mas 10.0000.156
313 doratest 0.0000.000
314 yolos 0.0000.000
315 lets_try 0.0000.000
316 Tasteless 0.0000.000
317 CONAN REDSOLDIERS 0.0000.000
318 meutime 0.0000.000
319 DTUHAX 0.0003.475
320 1234 0.0000.000
321 Serjao Tean 0.0000.000
322 GCC 0.0000.000
323 clown 0.0000.000
324 ByteBandits 0.0000.000
325 XiaoMing 0.0000.000
326 synack 0.0000.000
327 RPISEC 0.0000.000
328 nuc13us 0.0000.000
329 j93 0.0000.000
330 noobs 0.0000.000
331 TheKillingTime 0.0000.000
332 kileak 0.0000.000
333 ByungShinOfCK 0.0000.000
334 cemalshukri 0.0000.000
335 citizen 0.0000.000
336 Root.Storm 0.0000.000
337 GoldyLock 0.0000.000
338 Iq tracking 0.0000.000
339 SUSlo.PAS 0.0000.000
340 TestPWN 0.0000.000
341 boroda 0.0000.000
342 Administrator 0.0000.000
343 ByteOfLatte 0.0000.000
344 BageJake 0.0000.000
345 ⁠⁠⁠LickTheCloud 0.0000.000
346 pwniz 0.0000.000
347 pwnizz 0.0000.000
348 pros 0.0000.000
349 hxp 0.0000.000
350 purean 0.0000.000
351 k0rt3V 0.0000.000
352 Byte 0.0000.000
353 scifi 0.0000.000
354 xxxx 0.0000.000
355 dpnz 0.0000.000
356 MeePwn 0.0000.000
357 RTFM 0.0003.848
358 Feeders_Unite 0.0000.000
359 M4sked Ph4ntom 0.0000.000
360 KXTI_t 0.0000.000
361 toto 0.0000.000
362 404 0.0000.000
363 pwnspiracy 0.0000.000
364 toddy>nho 0.0000.000
365 b1zzy 0.0000.000
366 ARONA_TEAM 0.0000.000
367 Prato Pratoso 0.0000.000
368 the beatles 0.0000.000
369 7dsins 0.0000.000
370 p0W3rSh3ll 0.0000.000
371 NOSAFE 0.0000.000
372 darksouls 0.0000.000
373 dalbo 0.0000.000
374 H4CK3R5 0.0000.000
375 C@0S 0.0000.000
376 nvr 0.0000.000
377 LewisU 0.0000.000
378 black_crows 0.0000.000
379 PawPatrol 0.0000.000
380 social smoke 0.0000.000
381 Bladeism 0.0000.000
382 LORD5 0.0000.000
383 _18i81_ 0.0000.000
384 Richard Fawkes 0.0000.000
385 BattleBorn 0.0000.000
386 Allahu Akbar 0.0000.000
387 ShellCode 0.0000.000
388 SkolFlags 0.0000.000
389 Time assalt 0.0000.000
390 nop_these 0.0000.000
391 C4V31R4 T34M 0.0000.000
392 HJHSH 0.0000.000
393 The Bads 0.0000.000
394 Rhizomatic 0.0000.000
395 Pwn October 0.0000.000
396 mementomori 0.0000.000
397 OASIS 0.0000.000
398 @_@ 0.0000.000
399 So0o 0.0000.000
400 Ph3rr1s 0.0000.000
401 ensa morocco 0.0000.000
402 GRX 0.0000.000
403 MStwo 0.0000.000
404 Mone 0.0000.000
405 hellowar 0.0000.000
406 Verde 0.0000.000
407 Team01 0.0000.000
408 altecfour 0.0000.000
409 3squ4dr40 cl4ss3 β 0.0000.000
410 Dr_Fez 0.0000.000
411 hy00un 0.0000.161
412 kemmio 0.0000.000
413 matehackers 0.0000.000
414 iG 0.0000.000
415 WAtester 0.0000.000
416 tyleroar 0.0000.000
417 YanTayga 0.0000.000
418 Desiprox Team 0.0000.000
419 Internet Cafe Legends 0.0000.000
420 EC0BR4V0 0.0000.000
421 0xM3R 0.0000.000
422 Insane 0.0000.000
423 Lampião Hacker 0.0000.000
424 N4S4_C41U 0.0000.000
425 Bolt108 0.0000.000
426 JustSkidding 0.0000.000
427 Pereira Security Team 0.0000.000
428 Glidermed 0.0000.000
429 r3turn h4ck1ng; 0.0000.000
430 FundaoHUE 0.0000.000
431 _try 0.0000.000
432 not found 0.0000.000
433 Team Shinobi 0.0000.000
434 lesdudumaximo 0.0000.000
435 pipe solo 0.0000.000
436 0byte 0.0000.000
437 first try 0.0000.000
438 Baile de Favela 0.0000.000
439 crazy 0.0000.000
440 Saintz 0.0000.000
441 b0tch_sec 0.0000.000
442 loopback.br 0.0000.000
443 objEEdump 0.0000.000
444 Noor 0.0000.000
445 Snakes 0.0000.000
446 TCS 0.0000.000
447 Ar3a-55 0.0000.000
448 Delusions of Grandeur 0.0000.000
449 mollaa 0.0000.000
450 oqned 0.0000.000
451 NEED_MORE_PiNG 0.0000.000
452 anastiel 0.0000.000
453 Support_kva 0.0000.000
454 jackdaw 0.0000.000
455 S3R4P|-|1MDr3aM 0.0000.000
456 unichamps 0.0000.000
457 H4x0r's Aju 0.0000.000
458 TheFoxes 0.0000.000
459 ABNT 0.0000.000
460 cyberkastike 0.0000.000
461 DustLoiterers 0.0000.000
462 WTFBROS 0.0000.000
463 CMIC 0.0000.000
464 Arya 0.0000.000
465 Knightsec 0.0000.000
466 David Manouchehri 0.0000.000
467 +Security 0.0000.000
468 Black Space 0.0000.000
469 AsssassiNOPs 0.0000.000
470 Dancing Simpletons 0.0000.000
471 b01lers 0.0000.000
472 French Toast Mafia 0.0000.000
473 KasaBR 0.0000.000
474 no123 0.0000.000
475 Dial 5 0.0000.000
476 BugZrU 0.0000.000
477 AllTheBits 0.0000.000
478 asd 0.0000.000
479 Tribu 0.0000.000
480 autolycos 0.0000.000
481 Lilac 0.0000.000
482 NullByte 0.0000.000
483 ¯\__(ツ)__/¯ 0.0000.000
484 Jockers 0.0000.000
485 IS☢LA 0.0000.000
486 ARGOS 0.0000.000
487 KXTI_5 0.0000.000
488 marco's 0.0000.000
489 participe_ctf 0.0000.000
490 chomuX 0.0000.000
491 nine_inch_males 0.0000.000
492 redalert 0.0000.000
493 wil0la 0.0000.000
494 Bring On The Fyre 0.0000.000
495 undefined 0.0000.000
496 cazador 0.0000.000
497 Team SYN 0.0000.000
498 vnn 0.0000.000
499 A 0.0000.000
500 sczi 0.0000.000
501 T224 0.0000.000
502 BlackSpace 0.0000.000
503 PPPP 0.0000.000
504 HackigPPP 0.0000.000
505 yakinikyuu 0.0000.000
506 crackatoa 0.0000.000
507 hAIXer 0.0000.524
508 Tokist 0.0000.000
509 grow 0.0000.000
510 qcu 0.0000.000
511 jason 0.0000.000
512 KXTI_11111 0.0000.000
513 CLGT 0.0000.000
514 0x90 0.0000.000
515 [email protected] 0.0000.000
516 loogie_team 0.0000.000
517 zzoru 0.0000.000
518 stlsec 0.0000.000
519 FS6 0.0000.000
520 gnashsec 0.0000.000
521 TecLand Core -1000.0000.000
simonvikMarch 25, 2016, 11:03 a.m.

The countdown on your site does not handle different TZ very well :)


PharisaeusMarch 28, 2016, 10:52 p.m.

I though that this whole CTF thing is to have fun and learn something but apparently some people (like @solarwind from dcua) take this a bit too seriously, and try to help their team by abusing the new score voting system. They won Volga so Volga score to max, they didn't do so well on Pwn2Win? Score to min. Great logic guys, very mature of you! It seems some people need to grow up a bit to be given that kind of "power".

I guess the idea of voting was there to help fixing appropriate score for the CTF using post-ctf feedback, but some teams apparently need to abuse this to help their team get better position in ctftime ranking. My advice: "try harder" during the CTF, and you won't need to cheat by downvoting CTFs you didn't win.


solarwindMarch 29, 2016, 7:52 p.m.

Pharisaeus, if you think anyone should vote in the way you want it -- you are wrong. Current voting system is made for everyone have a voice, and all voices are equal. Why I voted that way I clearly stated in comment.
You can vote in a way you want. If you don't agree with me -- vote different score.
To everyone who think that can shut up others or force them to obey by insulting or assaulting them -- that is not working here. We have rights for free speech and equality, and will use them anytime we want.


ktMarch 29, 2016, 7:57 p.m.

Dear Pwn2Win organizers and other newly registered users on the voting page: your votes worth nothing, because only last year's TOP50 teams' vote count.

Your CTF was not good at all. I am saying this after we finished #5 on your CTF and we were #5 on CTFtime last year. I also personally played on ~70-80 CTFs (and on multiple prestigious finals) so I think I can say I / we have some CTF experience.

What you are doing here is a disgrace to the CTF scene. I mean: smearing dcua's name? Really? Please go and do a reality check. You are talking about the current leader team on CTFtime... Also you are upvoting your own CTF on the voting. That looks legit to you?

Your challenges were boring, no innovation whatsoever and almost every challenge were stego-like "Find out what we thought". The crypto challenge did not even responded if I send in a newline character (and you said it was intentional). A lot of challenge had nothing to do with real security.

Next time please make less challenges (nobody wants to solve ~80 of them) but make them better. Play on other CTFs and learn how a good challenge look like. Quality before quantity please.


PharisaeusMarch 29, 2016, 8:47 p.m.

@KT read the rules -> "Team members of last years top 50 and teams scored > 0 points can vote". This means any votes from the participating teams count, not only from the "top teams". I don't think teams who can't vote can even enter the "poll", so any votes there count. I guess the organisers exaggerated there and went out of place attacking dcua, but at the same time they must have invested a lot of effort into this (with good results!) so it's understandable to get angry when someone votes you to 1 (because they didn't win, since they focused on a different CTFs at the same time...)

@solarwind I understand that everyone has a vote, and I'm ok with that. I just naively thought that we're all adults here and will use the votes to set proper score for mis-graded competitions. And you voted this CTF at 5 and then 1 point, which means lower than HackIM or BreakIn which were 5, while it was on entirely different level. So now I'm not sure if we played a different CTF, or maybe you simply want to lower the points awarded to the teams that were higher than you... Anyway, it's your vote, you can do whatever you want with it.

As for the accusation that the CTF had some non-security oriented tasks -> it was clearly written from the beginning. There were 2 more CTFs going on at the same time so anyone could have picked another one (I doubt you can fully man 3 CTFs at the same time) if the theme of this one was not to your taste.


solarwindMarch 30, 2016, 4:40 a.m.

Pharisaeus, about Breakin and Hackim -- if you review my comments in that topics, I was voting for 0 in first and 5 in second. Breakin this year had tasks of very low quality, anyone interested can check orgs writeups for all tasks on github. Hackim had pwnables and web of higher level than Pwn2Win, has a good progress in fixing cheating (~25 teams from TOP-30 banned), and orgs there not allowed themselfs to insult players.

I understand your desire to manipulate rating weight in more favorable way for you, that is exactly why voting system was created. Voting system is preventing any single biased team to occupy it. Other teams have the same rights as you have.
I lead dcua right from the creation in 2012 year, played in ~300 competitions, and some people here were playing long before that -- have 10+ years experience of international CTFs. It is possible we may have an idea what good CTFs are too.


PharisaeusMarch 30, 2016, 7:38 a.m.

@solarwind judging by the votes (excluding of course votes from organisers themselves) it seems as if you're the only one trying to "manipulate rating weight in more favourable way for you" ;)
I might not have played as much as you did, but I can also spot a good and a bad CTF. While this one was neither perfect nor the level of Insomnia or 0CTF, it was still not a 1-point CTF.
And since you voted 10p for Securinets one can only wonder if you really think it was that much better, or maybe it's just that there were no top teams above you... :)


gnxMarch 30, 2016, 8:47 a.m.

@solarwind Just to remind you, you or someone on your team gave a very positive feedback from the event on the form. But in voting time, do it? Really unfortunate, only gives us reason to suspect of their intentions.

@Pharisaues Thank you for the support! <3 Poland (true hackers!!!)


gnxMarch 30, 2016, 10:54 a.m.

@solarwind HackIM had web of higher level than Pwn2Win? hahahahahah

Bathing and Grooming: https://github.com/epicleet/write-ups-2016/tree/pwn2win-ctf-2016/pwn2win-ctf-2016/web/bathing-and-grooming-400
Free Web Access: https://github.com/p4-team/ctf/tree/master/2016-03-26-pwn2win/free_web_access
Facebug, Command and Control Server, etc etc

Pwn2Win have an Attack Step involving Kernel Exploit Development.

Try Harder guy, don't cry!


solarwindMarch 30, 2016, 12:15 p.m.

2 Pharisaeus -- I will vote in a way I feel apropriate. This thing is called democracy. I have the same rights to vote as anyone else, and will use it in a way I think is right. If you dont agree with me -- you can try to influence me or others by arguments, but please do not try to limit my right to vote.

2 Álisson Bertochi -- we don't usually do feedback in any forms, if it doesn't give additional points for ctf. I can ensure you it was not me filling any of your forms. I'm representing official team position -- your CTF is worth what it was openly voted here.
About quality of your tasks -- see above message from KT, and try also looking on tasks from HackIm. I was aware of writeups you mentioned. Forcing ppl to code MD5 in SQL is stupid, this tests coding skills, not infosec. Kernel exploit development is not that innovative as you may think -- CSAW finals are doing it regularly, on recent chinese CTFs were tasks about it, I also know CTF (eCSI 2015) where windows kernel exploitation was used.

Really, people -- stop trying to challenge basic priniciples of democracy, deny the right to vote for someone you don't like or who have different opinion. Democracy is a bad system for sure, but others are worse.
The bad example of democracy is mentioned Securinets CTF scoring. The situation with cheating there is the same as was on HackIm 2016, but orgs are actively supporting locals and almost no foreign teams participated there to do objective voting. Any vote will be overvoted by that local teams, and I don't see any way how it can be fixed there without limiting the vote rights I'm standing for. My vote and comment there are sarcasm, ofcourse Securinets don't deserve 10 points if any at all.


gnxMarch 30, 2016, 1:07 p.m.

@solarwind - "Forcing ppl to code MD5 in SQL is stupid, this tests coding skills, not infosec". A team solved the task by a different way, you could have done too, "thinking outside the box" (hackers do that!!). It was a challenge that involves cryptography.

Our Kernel Exploitation was ARM-based.

My request is: do not try to belittle the work of others teams.

The day you do a better event, we turn to talk.


gnxMarch 30, 2016, 1:35 p.m.

To conclude, as you said, your voting criterion is based on sarcasm, and not real quality.


solarwindMarch 30, 2016, 1:57 p.m.

I saw SQL MD5 implementation 'Bathing and Grooming' in your intended solution -- so you seems was thinking that coding MD5 in SQL is good challenge. How others solved it is different question, it is not related to quality of your tasks -- that who found innovative way for otherwise stupid task is good and deserves respect, not your work.
ARM based kernel exploitation -- pwnable.kr towelroot challenge exists for like a year.

I'm not trying to belittle your work, I'm showing you that there are alot of other good work exists, better ctfs and good teams are available. I looked into profiles and past CTF results of all teams involved into Pwn2Win organization ("CTF-BR"), and think that your and your team opinion about own coolness may be exaggerated. But you can continue to think that you are "true hackers" and others are "jokers" if you wish.


gnxMarch 30, 2016, 2:08 p.m.

We are not bloodsuckers, while you are trying to win ALL CTFs from the Earth (but never created one), we are creating challenges that you can not solve (and we have no time to play). Sorry, "Top 1". =D


gynvaelMarch 30, 2016, 2:23 p.m.

Hi there ;)

Well, the discussion seems to be getting pretty personal. Is there any reason to continue it btw?

IMO it's worth looking at the public voting as an experiment. My guess is that kyprizel, at some point, will do some math and check what kind of correlation is between how teams vote and how good did they do on a CTF, and decide whether to keep this system, or go back to the old way, or try something else. Afair when this whole idea was discussed back in 2014, the gaming-the-system* problem was already considered. Also, it's only natural for humans to feel more positive about CTFs they did well in, and more pessimistic about the ones they didn't do well in - this isn't deliberate gaming-a-system, but it's there.

* <wink> also, hackers gaming a system?! how could that be! http://giphy.com/gifs/PFwKHjOcIoVUc </wink>

Maybe a solution lies elsewhere? Maybe instead of voting on score each team could fill a survey saying whether they encountered problems with tasks, whether the CTF website was working and admins were responsive. Maybe prizes should be taken into consideration as well, and whether it's a "major CTF" (i.e. DEF CON CTF qualifier). Maybe based on such surveys it kyprizel could decide on the score?
Or maybe there is another, better solution :)

Anyway, all I'm saying that it's probably worth more to discuss the system, than each others votes ;)


solarwindMarch 30, 2016, 2:30 p.m.

2 Álisson Bertochi -- creating challenges that no one can solve is easy,
$ openssl rand -base64 33 | tee flag.txt | sha256sum
8d740cfbed669abfbb2c68604903613640b0c432423f66b797161154cb98efe5

If you have no time to play, or otherwise suck on ctfs -- show respect to those who suck less. You tried to create CTF -- thats great, and we showed you respect by spending our time playing it. It was strange to see that org team members are insulting us on voting page.


gnxMarch 30, 2016, 2:34 p.m.

Thank you Gynvael (<3 Poland), I will end the discussion here.


thotypousMarch 30, 2016, 4:51 p.m.

@Mykola I think Alisson already made clear why he got angry about your vote (good feedback -- of course, not yours -- in the form received from dcua versus your vote), so you can have a idea on what he had in mind when he offended you. But of course there was no reason for us to take your opinion personally, and I sincerely apologize for this. I'm also not implying that was your fault nor trying to make excuses: of course it was *our fault*. I'm just humbly asking for empathy. I always admired dcua because you had the effort to participate in Pwn2Win 2 years ago, when it was Portuguese-only. You took the effort to use Google Translate and play the CTF even when it was at its very early stages and didn't figure in ctftime. I hope that you may be able to forgive this episode and take part in future editions of the event.

Now taking a stand in defense of our CTF, *of course* we are not saying it was the best CTF in the world. Please, we are not even close to that. There are lots of things we can improve in the CTF, and we are very grateful for every single feedback we had. Even though we are new in the scene, we put our best effort on the CTF and tried to innovate at least a little. Our Kernel Exploitation task may not be a big deal, but we tried to make it fun by making it resemble a device driver in an embedded ARM architecture. With Timekeeper's Lock we tried to bring one of the first FPGA-based reverse engineering tasks in a complex but solvable problem (Dragon Sector almost solved it, but had some bad luck with members getting ill during the CTF). Bathing and Grooming was more about coding than infosec, but for hacking sometimes you need to code fast some very complex payload.

The CTF had its infrastructure deficiencies, challenges which required guessing, lack of more binary exploitation problems, and many other issues, but we tried to minimize this by being responsive in the IRC channel and by publishing hints. Wouldn't it be worse if we published no hints? I'm not asking anyone to change their vote, but I believe that for a CTF which is going international for the first time, we did pretty well.

Finally, I would like to thank all teams who played our CTF and for all comments criticizing us and giving feedback. I hope to see you again in the next edition.

I would also like to say that we had no intention to manipulate our own score by voting in our own CTF. We only did so because it is said that only votes from top50 teams and from participants with score>0 are computed. Our team is not listed as participant, and is not top50. "Tecland Core" is listed as a player, but we are not registered as members of this team in ctftime, and also it had negative score (we used it for testing purposes during the CTF). Therefore we used the voting comments only as "right of reply" to comments criticizing the competition.


geoladoMarch 31, 2016, 12:27 a.m.

Hey , just a tiny addendum here :
About the complaint of too many PPC and Phys challenges . In Brazil CTF culture isn't disseminated , but the Programming marathons are the main College event of the courses of Computer Science and Engineering . So we wanted to bring more people that were not familiar nor known about the existence of CTFs , thus fomenting the CTF scene in Brazil . With that in mind , we've added PPC and Phys challenges in order to make the people coming from Programing events not feel so lost .

Sorry about all the mess and
thanks for all the feed back , we hope we can improve in the future (:


thotypousApril 4, 2016, 2:15 p.m.

We are glad to announce Dragon Sector was the first team to solve the Attack Step (which stayed available post-CTF)
http://ctf.tecland.com.br/pwn2win-ctf-2016-attack-step-winner


Sign in to comment.