Sat, 27 Feb. 2016, 00:00 UTC — Mon, 29 Feb. 2016, 00:00 UTC 

On-line

SSCTF event.

Format: Jeopardy Jeopardy

Official URL: http://lab.seclover.com/

This event's weight is subject of public voting!

Future weight: 8.47 

Rating weight: 8.47 

Event organizers 


no logo

SSCTF 2016 in Xi’an China and the second XCTF League , is organized by the Cloversec Lab of Xi'an Clover Information Technology Co.,Ltd. Our event format includes online contest and onsite contest. The online contest is in jeopardy format. The onsite contest will take the attack-defence format.

In October of 2014, Cloversec Company held its own information security contest, SSCTF 2014. With more than 500 teams participating. One year later, the company successfully hosted the Huashan Cup Network Security Contest of 2015 with more than 800 teams and 2000 competitors participating. Based on our practical experience in dealing with various abstruse security problems and the experience we learned in holding the contests, we are confident to present competitors with a fantastic contest which can stimulate all their potentials. In 2016, we will hold the second SSCTF Contest, which serves as the XCTF League, to improve the international influence of SSCTF.

Top 14 (Top 10 local Teams and Top 4 International Teams from the Silk Road Countries/Regions, including Central Asian, Middle East, East Europe and Western Europe) of the SSCTF 2016 Quals automatically qualify for the SSCTF 2016 Finals, will be hosted in Xi'an, China(The start city of the Silk Road) on April 2nd to 3rd, 2016.

Prizes

Top 3 teams of the SSCTF 2016 Quals will win prize.
1st: 2000 CNY
2nd: 1000 CNY
3rd: 500 CNY

We will randomly choose 15 teams among the rest ones and award a RMB100 bonus for them respectively

Scoreboard

517 teams total

PlaceTeamCTF pointsRating points
1 FlappyPig 4710.00016.940
2 217 4410.00012.166
3 Nu1L 4210.00010.394
4 KaisHack 4110.0009.509
5 没有一个系统是安全的 4010.0008.905
6 天枢 3510.0007.724
7 ****** 3410.0007.342
8 forx 3410.0007.191
9 BambooFox 3310.0006.893
10 Never Stop Exploiting 3210.0006.620
11 Plaid Parliament of Pwning 3110.0006.363
12 ROIS 3110.0006.299
13 D3siprox 3110.0006.244
14 Dragon Sector 3010.0006.018
15 HackXore 3010.0005.978
16 107 2810.0005.583
17 SHARK 2810.0005.551
18 0ops 2610.0005.164
19 L 2510.0004.960
20 scryptos 2410.0004.757
21 0xFA 2410.0004.737
22 yangyue250216 2310.0004.539
23 Shellphish 2110.0004.163
24 pwnspiracy 2110.0004.147
25 khack40 2010.0003.953
26 Lancet 2010.0003.940
27 Sigma 2010.0003.928
28 bob 1910.0003.737
29 AK95 1910.0003.727
30 oo at xx 1910.0003.717
31 p4 1910.0003.708
32 Dawn 1810.0003.520
33 BalalaikaCr3w 1810.0003.512
34 snake 1710.0003.324
35 DeliciousHorse 1610.0003.137
36 ISITDTU 1610.0003.131
37 int3pids 1610.0003.124
38 dcua 1610.0003.118
39 dodododo 1610.0003.112
40 a1exdandy 1610.0003.107
41 Dystopian Narwhals 1610.0003.102
42 PLUS 1610.0003.097
43 aegis 1610.0003.092
44 X1cT34m 1510.0002.908
45 EverSec 1510.0002.904
46 WildWolf 1510.0002.900
47 宫保鸡丁 1510.0002.896
48 中国网警 1510.0002.892
49 du1iqvw 1510.0002.888
50 WS5TYnBoZg== 1510.0002.885
51 TOIH 1410.0002.702
52 凝聚网安工作室 1410.0002.698
53 Lilac 1410.0002.695
54 Thanos 1210.0002.333
55 Fourchette Bombe 1210.0002.330
56 .elite 1210.0002.327
57 xil.se 1210.0002.325
58 Insanity 1210.0002.322
59 LOUYS 1110.0002.140
60 安全盒子团队 1110.0002.137
61 MV9rwGOf08 1110.0002.135
62 sec0d 1010.0001.953
63 Redbud 1000.0001.933
64 Shadow Servants 910.0001.769
65 Raccoons 910.0001.767
66 Evil0x 810.0001.585
67 LittleTips 810.0001.583
68 larva 810.0001.581
69 TokyoWesterns 810.0001.579
70 th3jackers 800.0001.560
71 v0rt3x 710.0001.396
72 莲子百合 710.0001.394
73 Hackeriet 710.0001.393
74 天枢2 710.0001.391
75 RingZer0 Team 710.0001.390
76 ALLES! 710.0001.388
77 Hexpresso 710.0001.387
78 6Te4m 700.0001.367
79 mikemase 700.0001.366
80 Mammon Machine 700.0001.365
81 talentA 610.0001.202
82 Nabla 610.0001.200
83 b01lers 610.0001.199
84 WS5TYnBoZg== 610.0004.083
85 610.0001.197
86 Invulnerable 610.0001.195
87 Espacio 610.0001.194
88 0x90r00t 610.0001.193
89 B0wa9a 610.0001.192
90 C1Sec 510.0001.011
91 Snatch The Root 510.0001.010
92 morganFr33man 510.0001.009
93 WISEYE 510.0001.008
94 Blue-Whale 510.0001.007
95 Capture the Swag 510.0001.006
96 Shady Hats 510.0001.005
97 securtiy_test_well 510.0001.004
98 xXxXxaAaAa 510.0001.004
99 stalker 510.0001.003
100 chinaH.L.B 510.0001.002
101 tank1st99 510.0001.001
102 0xbadf00d 510.0001.000
103 wxtel 410.0000.820
104 smoke leet everyday 410.0000.819
105 op.rad 410.0000.818
106 fetchAndLog 410.0000.817
107 NULLify 410.0000.816
108 New_World 410.0000.816
109 ClearCode 410.0000.815
110 Huu 410.0000.814
111 probe 410.0000.814
112 306 410.0000.813
113 Hell.zip 410.0000.812
114 风尘 410.0000.812
115 NIS 410.0000.811
116 01dDriver 410.0000.810
117 SDT/SDT 410.0000.810
118 Batman's Kitchen 410.0000.809
119 sherl0ck 410.0000.808
120 C521 410.0000.808
121 熊孩子 410.0000.807
122 n4m4h4mum3r0n 410.0000.807
123 FirstBlood 410.0000.806
124 KSUCDC 410.0000.806
125 OpenToAll 410.0000.805
126 Efiens|12345679 410.0000.805
127 w0pr 410.0000.804
128 noraneco 410.0000.803
129 J4ckFi5h 400.0000.785
130 jfhs 400.0000.784
131 Tasteless 400.0000.784
132 squareroots 400.0000.783
133 Team Action Kaktus 400.0000.783
134 hxp 400.0000.783
135 Future Of Europe 400.0000.782
136 TJUNSA 310.0000.620
137 Neosec 310.0000.619
138 ALLXss 310.0000.619
139 维尼熊宝贝 310.0000.618
140 phrack飞客 310.0000.618
141 SCAUSEC 310.0000.618
142 CUBESEC 310.0000.617
143 GCC 310.0000.617
144 distcc 310.0000.616
145 OyVsyo 310.0000.616
146 CyberOps 310.0000.615
147 xxxx 310.0000.615
148 奔跑的菜鸟 310.0000.615
149 千里目 310.0000.614
150 zctf_test 310.0000.614
151 KuBik 310.0000.614
152 CTF酱油队 310.0000.613
153 No Internet Access 310.0000.613
154 Give Me Fiv3 310.0000.612
155 KITCTF 310.0000.612
156 WindSpeaker 310.0000.612
157 FTCTeam 310.0000.611
158 0x34044 310.0000.611
159 黑化肥发灰会挥发 310.0000.611
160 REU 310.0000.610
161 rays 310.0000.610
162 DarkEye 310.0000.610
163 xeksec 310.0000.609
164 c21h30o2 310.0000.609
165 bibiotty 310.0000.609
166 约瑟翰·庞麦郎 300.0000.591
167 CTF-infinit 300.0000.590
168 5eee663a5d5b35d8216cae05d3b55163 300.0000.590
169 Shurhands 300.0000.590
170 CAT-Security 300.0000.589
171 大隔壁 300.0000.589
172 TOIH 300.0003.290
173 crtl 300.0000.588
174 DarkEye 300.0001.198
175 Spirit+ 210.0000.426
176 SWAT.ME 210.0000.426
177 Syclover 210.0000.425
178 pirate 210.0000.425
179 KKSEC 210.0000.425
180 F4nt45i4 210.0000.425
181 Rs-team 210.0000.424
182 Antarctica-momo 210.0000.424
183 Bushwhackers 210.0000.424
184 BalaBala 210.0000.424
185 XDay 210.0000.423
186 HackCat 210.0000.423
187 S0uL'S Team 210.0000.423
188 WEB飞虎队 210.0000.423
189 Honeypot 210.0000.422
190 CorpOfHack 210.0000.422
191 Avidya:HACKquest 210.0000.422
192 PENSIUN | DFCI | SUKSMA 210.0000.422
193 BlackH0le 200.0000.404
194 SiBears 200.0000.403
195 mingming 200.0000.403
196 reooo43 200.0000.403
197 gewahbsrwabhr 200.0000.403
198 Avidya 200.0000.402
199 FluxFingers 200.0000.402
200 Shielder 200.0000.402
201 Rdot.org 200.0000.402
202 GWHT 110.0000.240
203 FirstBlood 110.0001.046
204 千里之外的小怨海 110.0000.239
205 sjtu_aaa 110.0000.239
206 X_Ray 110.0000.239
207 who@mI 110.0000.239
208 小明你好 110.0000.239
209 SmallCute 110.0000.238
210 Pandemonium 110.0000.238
211 Xyz 110.0000.238
212 Blake 110.0000.238
213 BreakPoint 110.0000.238
214 undefined 110.0000.237
215 Phoenix 110.0000.237
216 ILOVETFMAN 110.0000.237
217 ghost 110.0000.237
218 曹哈哈·刘嘻嘻 110.0000.237
219 CTF酱油组 110.0000.236
220 05b28e49a5fa08531e486b21d4128f28 110.0000.236
221 \xfafu 110.0000.236
222 funtastic 110.0000.236
223 SUS 110.0000.236
224 106106 110.0000.236
225 firststart 110.0000.235
226 DL 110.0000.235
227 怪盗鸭德 110.0000.235
228 Gooooo 110.0000.235
229 ByteBandits 110.0000.235
230 kopipacket 110.0000.235
231 happy 110.0000.234
232 wowotou 110.0000.234
233 33°灰 110.0000.234
234 cma 110.0000.234
235 张君雅小盆宇 110.0000.234
236 Brutewoorse 110.0000.234
237 pkcjl 110.0000.234
238 drdr 110.0000.233
239 hexfact0r 110.0000.233
240 CInsects 110.0000.233
241 kirito_test 110.0000.233
242 OPT 110.0000.233
243 渣渣三人组 110.0000.233
244 小彩笔 110.0000.233
245 队名叫什么好呢 110.0000.232
246 nobody 110.0000.232
247 036473f1726e2e71ff4ce326a677a3ae 110.0000.232
248 wolfpy 110.0000.232
249 xjnu 110.0000.232
250 90Sec Team 110.0000.232
251 TmTs 110.0000.232
252 The Bebop17 Squad 110.0000.231
253 niexinming 110.0000.231
254 CCSF_HACKERS 110.0000.231
255 err0r-451 110.0000.231
256 Hawks 110.0000.231
257 et_illustratis 110.0000.231
258 xSTF 110.0000.231
259 taurus 110.0000.231
260 0x8F 100.0000.212
261 Sonic_Rainboom 100.0000.212
262 hedgehog 100.0000.212
263 viper 100.0000.212
264 471a8ed6323cd897a9858688e8c9f689 100.0000.212
265 a1ta1r 100.0000.212
266 andnotorg 100.0000.212
267 PDKT 100.0000.212
268 duguhu 100.0000.211
269 i3r0_9R3 100.0000.211
270 e11even 100.0000.211
271 3year 100.0000.211
272 insecure 100.0000.211
273 6l0ry 100.0000.211
274 amn3s1a 100.0000.211
275 UIN HACKING 100.0000.211
276 SAINTSEC 100.0000.211
277 q86 100.0000.210
278 Cybrosis 100.0000.210
279 delicious_cakes 100.0000.210
280 Shine 100.0000.210
281 junoim1234 100.0000.210
282 粟悟饭与龟波功 100.0000.210
283 cctt 100.0000.210
284 CHN.ROUTE 100.0000.210
285 BabyPhD 100.0000.210
286 wtfmehftw 100.0000.209
287 zjicmISA 10.0000.047
288 watch0ut 10.0000.047
289 a0zy 10.0000.047
290 shit team 10.0000.047
291 m00zh33 10.0000.047
292 Qsaka 10.0000.047
293 浪浪 10.0000.047
294 SlidePot 10.0000.047
295 temp_888 10.0000.047
296 我还是个宝宝 10.0000.047
297 GooDay 10.0000.047
298 专业划水 10.0000.046
299 testyou 10.0000.046
300 xxx 10.0000.046
301 以上排名作废 10.0000.046
302 瑶光 10.0000.046
303 BlackWhite 10.0000.046
304 华东理工 10.0000.046
305 小书房 10.0000.046
306 ByStudent 10.0000.046
307 老王邻居 10.0000.046
308 NO.096 10.0000.045
309 酱油 10.0000.045
310 6﹟502 10.0000.045
311 Xp0int 10.0000.045
312 Hydra 10.0000.045
313 波霸 10.0000.045
314 11211 10.0000.045
315 M0nster 10.0000.045
316 justforfun 10.0000.045
317 B216 10.0000.045
318 划船不用桨 10.0000.045
319 INFERNO 10.0000.045
320 xfree|fuckbat 10.0000.044
321 171 10.0000.044
322 西邮红客 10.0000.044
323 arr0w1 10.0000.044
324 A 10.0000.044
325 流浪行星 10.0000.044
326 ds 10.0000.044
327 topsec 10.0000.044
328 桃花岛 10.0000.044
329 床前明月光 10.0000.044
330 安全脉搏第二小分队 10.0000.044
331 0叉00 10.0000.044
332 LZ_NS 10.0000.043
333 六月雨 10.0000.043
334 What? 10.0000.043
335 H-UNION 10.0000.043
336 DJ_fantasy 10.0000.043
337 Seclover 10.0000.043
338 8-bit 10.0000.043
339 HELL0 10.0000.043
340 Crazy8 10.0000.043
341 菜刀队 10.0000.043
342 phrack飞客 10.0000.661
343 Xmix 10.0000.043
344 404 10.0000.043
345 专注酱油20年 10.0000.043
346 YY_XX_HH 10.0000.042
347 猫王 10.0000.042
348 jsufhe 10.0000.042
349 NFJD 10.0000.042
350 sekureco.org 10.0000.042
351 hell 10.0000.042
352 applePie 10.0000.042
353 DMU Hackers 10.0000.042
354 nupsec 10.0000.042
355 DogThrustRabbit 10.0000.042
356 Dark Daisy 10.0000.042
357 axyz 10.0000.042
358 Bingo 10.0000.042
359 cimer 10.0000.042
360 725 10.0000.042
361 10.0000.041
362 谁在背后说我帅 10.0000.041
363 左右手 10.0000.041
364 ssctf 10.0000.041
365 we are laji 10.0000.041
366 grrr 10.0000.041
367 GWGHOST 10.0000.041
368 瞬间boom 10.0000.041
369 sicnuteam 10.0000.041
370 WOLFPACK 10.0000.041
371 c00kie 10.0000.041
372 michael 10.0000.041
373 just1 10.0000.041
374 ' 10.0000.041
375 yuzunzz 10.0000.041
376 jiangyouwang 10.0000.041
377 SHSEC 10.0000.040
378 95e783cc3b27ba77a80b04a3bb2c79e4 10.0000.040
379 001 10.0000.040
380 ztaos 10.0000.040
381 菜鸡 10.0000.040
382 lly123 10.0000.040
383 eee 10.0000.040
384 only_cban 10.0000.040
385 大水逼联盟 10.0000.040
386 HPUSec 10.0000.040
387 s3cer 10.0000.040
388 CCoday 10.0000.040
389 Assassin 10.0000.040
390 MaltSugar/132aae1d26 10.0000.040
391 527 10.0000.040
392 DreamStar 10.0000.040
393 我们来打铁 10.0000.040
394 qgs 10.0000.039
395 海军撸战队 10.0000.039
396 最贵挫逼小组 10.0000.039
397 0xFFFFF 10.0000.039
398 Punch Line 10.0000.039
399 dogggg 10.0000.039
400 sebao 10.0000.039
401 务实守信 10.0000.039
402 tayueliuxiang 10.0000.039
403 lemonade 10.0000.039
404 None 10.0000.039
405 To be number 0 10.0000.039
406 WithoutConcept 10.0000.039
407 hehee 10.0000.039
408 Pyth0n 10.0000.039
409 三江学院队 10.0000.039
410 EF0m 10.0000.039
411 弹丸论破 10.0000.039
412 havefun 10.0000.039
413 McDull 10.0000.038
414 blue-lotus 10.0000.038
415 你好啊 10.0000.038
416 g33z 10.0000.038
417 Level5 10.0000.038
418 KerKerYuan 10.0000.038
419 DECBUG 10.0000.038
420 thinks 10.0000.038
421 2333 10.0000.038
422 0x1111111 10.0000.038
423 Vic 10.0000.038
424 XDay 10.0000.461
425 zj9s.0kami 10.0000.038
426 Sanya_Bay 10.0000.038
427 unregister 10.0000.038
428 Sn0w0lf 10.0000.038
429 哈哈哈落落 10.0000.038
430 liarod 10.0000.038
431 大烧饼小组|root 10.0000.038
432 xiaobh 10.0000.038
433 takedownher 10.0000.038
434 uen 10.0000.037
435 SAAA 10.0000.037
436 Team Liequal 10.0000.037
437 Just4Fun 10.0000.037
438 Ksoy 10.0000.037
439 viccon 10.0000.037
440 CTG 10.0000.037
441 R小米 10.0000.037
442 rw3b 10.0000.037
443 226安全团队 10.0000.037
444 TeamName 10.0000.037
445 f_Team 10.0000.037
446 萌萌哒的新人们 10.0000.037
447 我们都是叶良辰 10.0000.037
448 eleven 10.0000.037
449 Xs翔兽电竞俱乐部 10.0000.037
450 东京有点热 10.0000.037
451 一人打酱油 10.0000.037
452 d 10.0000.037
453 BXS_n 10.0000.037
454 OverDover 10.0000.037
455 cnnetarmy 10.0000.037
456 403 10.0000.037
457 isitdtu2 10.0000.037
458 Orzs 10.0000.036
459 faketeam 10.0000.036
460 江门市酱油团 10.0000.036
461 noname 10.0000.036
462 zer0pay 10.0000.036
463 GOONERS 10.0000.036
464 只是来打酱油的 10.0000.036
465 xor 10.0000.036
466 祝你们性福 10.0000.036
467 D@rk$h3ll 10.0000.036
468 qwertyuiop 10.0000.036
469 Jacy 10.0000.036
470 WWW 10.0000.036
471 PKTeam 10.0000.036
472 CTRLUREIP 10.0000.036
473 safetech 10.0000.036
474 NUSGreyhats 10.0000.036
475 SDUST_LZS 10.0000.036
476 地水 10.0000.036
477 101 10.0000.036
478 Pocahontas 10.0000.036
479 AGSEC 10.0000.036
480 f0r9etpwd 10.0000.036
481 BU 10.0000.036
482 dc562 10.0000.036
483 N** 10.0000.036
484 Mi'a 10.0000.035
485 Salvation 10.0000.035
486 Bing0 10.0000.035
487 aaa- 10.0000.035
488 卫生队 10.0000.035
489 Marchare 10.0000.035
490 Phantom 10.0000.035
491 MTeam 10.0000.035
492 天驱 10.0000.035
493 FPE 10.0000.035
494 Azure Assassin Alliance 10.0000.035
495 see_see_see 10.0000.035
496 小白菜一株 10.0000.035
497 嘿嘿嘿 10.0000.035
498 VeCtOr 10.0000.035
499 Briner 10.0000.035
500 vegetables 10.0000.035
501 guest 10.0000.035
502 bjFinder 10.0000.035
503 T123 10.0000.035
504 DjigIT 10.0000.035
505 Desiprox Team 10.0000.035
506 seiyakyokai 10.0000.035
507 do9dark 10.0000.035
508 crayontheft 10.0000.035
509 TeamRedAce 10.0000.035
510 Tower of Hanoi 10.0000.035
511 Yozakura 10.0000.035
512 IS☢LA 10.0000.035
513 ttt 10.0000.034
514 omakase 10.0000.034
515 0x494d45 10.0000.034
516 buscoequipo 10.0000.034
517 ¯\__(ツ)__/¯ 10.0000.017
warchantua – Feb. 22, 2016, 8:03 a.m.

Next time PLEASE, don't use Chinese language in online CTF.


kuteminh11 – Feb. 22, 2016, 12:04 p.m.

Is there an option to choose English? I don't understand Chinese language.


01001000entai – Feb. 24, 2016, 7:25 a.m.

@B V @Minh Kute Our website is bilingual (English and Chinese)


5t0rm5had0w – Feb. 25, 2016, 8:27 a.m.

We are new to SSCTF. Do we have to register our team (Create the same team) in the SSCTF site to participate this CTF.


AnarKyx – Feb. 25, 2016, 11:18 p.m.

Wow. Displaying both languages at the same time is a little ridiculous.

Non stop Code verification errors. Use a captcha like google's that people can actually read, and maybe provide a refresh option to skip the current captcha if it's not readable?


01001000entai – Feb. 26, 2016, 7:02 a.m.

@Shan Prashanth
I'm SSCTF Adminitrator,Before the end of the game time, you are Has been SSCTF website can be registered, If you have any problem, please concact ctf@seclover.com,thx :)


01001000entai – Feb. 26, 2016, 7:29 a.m.

@AnarKy
about language problem It has been unable to change,I'm so sorry,
about captcha problem ,We changed captcha font and font size,now recognizable should be no problem
If you have any problem, please concact ctf@seclover.com,thx :)


Fma – Feb. 27, 2016, 12:34 a.m.

If you will open a CTF to everybody then please do so with support for English (proper full support not mixing both). Also I don't think non-Chinese speaking people can use Tentent QQ for support or putting challenges on a Chinese website such as weibo is good. Not fun at all..


niklasb – Feb. 27, 2016, 12:46 a.m.

Files not downloadable from here (Germany), getting network errors. Please decrease rating for this contest, it's not really internationally accessible.


WhiteLightning – Feb. 27, 2016, 1:06 a.m.

Do I am only person which has problem with registering? I'm finishing with: Register Faile, Invite Code Or Email Error!


Urk3L – Feb. 27, 2016, 1:11 a.m.

Same error, again and again... "Register Faile,The Team Name Is Already In Use Or Input Email Is Error!"


Delete-me – Feb. 27, 2016, 1:12 a.m.

Maybe next time when you guys decide to create a CTF

1.) Translate the english better can't understand half of it

2.) Registration shouldn't take 10+ minutes I can't even register because it is saying team already created ?? How .....

3.) the layout is a bit confusing.


ravidhr – Feb. 27, 2016, 2:13 a.m.

i dont understand chinese, please use english


ulimateshi – Feb. 27, 2016, 3:20 a.m.

CTF for the Chinese team :)))


01001000entai – Feb. 27, 2016, 3:55 a.m.

@Steve Urk3L You can try again,if the user's infomation or teamname are same the other team,Please use the different,Good Luck!


hanto – Feb. 27, 2016, 5:46 a.m.

I'm not an admin but if you want to chat about this ctf please join #ssctf on freenode, thanks!


Dacat – Feb. 27, 2016, 7:40 a.m.

Can't get the Welcome flag unless you're a Weibo member? Oh dear.


leopoldine.lolcat – Feb. 27, 2016, 11:32 a.m.

@Kris Hunt
And I can't register to weibo because my country is not in the list for the SMS check XD
Dat ... CTF ... !
Dont waste your time everybody, boycott that CTF.


cr019283 – Feb. 27, 2016, 1:50 p.m.

I can't even download challenges. First it shows me two hours to download 0.5MB and 5 min later in interrupts. Is it only for Chinese teams? It's quite poorly organized and unfriendly for non-Chinese.


n0n3m4 – Feb. 27, 2016, 5:03 p.m.

Quite disappointed with this CTF.


havocmage – Feb. 27, 2016, 5:07 p.m.

invitation code stopped work.


forenzicator – Feb. 27, 2016, 10:11 p.m.

I cannot register. I am getting error messages. This CTF is not internationally friendly.


Lays – Feb. 28, 2016, 2:16 p.m.

worst CTF ever.


Pwny – Feb. 28, 2016, 5:39 p.m.

Really worst :3


H3LL0 – Feb. 28, 2016, 6:39 p.m.

ugly ctf :S :S :S :S


MrMugiwara – Feb. 28, 2016, 6:44 p.m.

Fuck a lot your language


Dropzero – Feb. 28, 2016, 6:59 p.m.

omg...


saintmeh – Feb. 28, 2016, 8:42 p.m.

I decided to go ahead and spend an hour of contest time expressing my opinion of this CTF
Good:
*Not the worst CTF ever. I question the motive behind comments to the contrary. I seem to remember a recent Iranian CTF that entirely lacked English or a functioning login.
*There were some good challenges. I liked the XSS and the python challenges. I actually used existing tools I had written for real life engagements on them.
*The site's user interface was the most beautiful and informative of 2016. I like the graphs and how you individually separated team member points. The layout would be obvious if the translation was much better. Pagification might be better at 25 or 50(instead of 10 teams per page). Other than that, great job.
*The challenges were alright. I felt that some were even very practical.
*You had unified flag formats. You seemed to keep cheating to a minimum(judging by the team results).
Bad:
*The language was confusing, but not impossible. I only speak English and I could barely understand the site.
*some challenges didn't seem to handle the inevitable brute forcing skiddy. I would suggest black listing IPs that hammer your server.
*Your translation was... much worse than I would expect from the average skilled citizen of your nation; it is as bad as some of the clumsiest people on this comments section.
*Registration was horrible. I had trouble with registration and password recovery. I still can't change my country, but I suppose that's not a big problem. It's correct on CTFtime
*A CDN might have helped other members to participate. They should know how to use VPNs, but they shouldn't have to use them if everyone else doesn't. I doubled my normal ranking and I didn't do it through hard work and determination.

Personal Conclusion:
Your challenge, over all, was not a waste of time. I had fun and it was challenging. Hacking isn't meant to be easy. It was moderated fairly and communications were maintained through the notices. It's obvious that a good deal of work was put into the interface and the challenges(for the most part) were okay. It seems like you may benefit from having someone internationalize it for you. I feel like I did better in this CTF mostly because other's(Germany for one) weren't given a fair chance. I was only able to spend 5 hours on this CTF and I managed top 10%. I normally place top 20% by myself with 15 hours of work or 10% with 35+hours of work. You could also get rid of some of the challenges(Weibo). I agree with half of the comments, but people on here can be unfairly harsh. This would be 4 stars if it was entirely internationally friendly and it didn't have the Weibo challenge. There is serious room for improvement, but I feel that it would be comparatively easy to fix. Overall, it was okay. :)


smlight – Feb. 29, 2016, 12:17 a.m.

the layout is unreasonable...


kopi-c – Feb. 29, 2016, 1:47 a.m.

My detailed feedback is as follows. First, I can say I only looked at Misc10, Crypto100, Crypto200, Web100. After that, I gave up on the event. So I might have missed some good other content. My overall impression was that this CTF required a lot of guessing in general.
- The website was barely usable. I had problems reaching it at times (not unusual for CTFs I guess). The dual language setting was confusing, and the English translation was not well done. Of course you can guess what the core functionality is, but that should not be required. I don't see multiple user accounts per team as necessary. I was not able to change my account's country to something else than China, and I was not able to change the profile pic. There was no usable error message.
- The graphs of team points looked fancy, but splines are really not appropriate for this (academic nitpocking). In addition, only the top teams were listed (or I missed how to display more teams)
- Misc10 was apparently only solveable by Chinese, so the organizers gave the flag to everyone in the end. It was only 10 points, so that hardly mattered much.
- I started with Crypto 100, which looked like a solid basic crypto challenge. Python code for a byte-wise symmetric substitution/rotation algorithm was provided, together with something that might have been the plaintext, and something that might be the ciphertext (called "out"), and something that seemed to be ciphertext of the flag. In the end, this challenge was decent, the only problem was that it was unclear that a) key would have to be printable characters, and b) the plaintext provided was truncated.
- In Crypto 200, it was easy to get to almost solving the challenge (which was unrelated to cryptography and involved scripting and unzip'ing a lot of files). I did not manage to solve the challenge, because I did not find unprintable characters in the comments of one of the 5k .zip files! I would count this as stego challenge at best, and more likely as guessing.
- Web100 apparently required to trick some regex-based blacklisting of file extensions in a POST-handling server-side script. The actual content of upload did not matter. In the end, this looked a lot like guessing to me as well (trick was to use double spaces in file extension?)

The technical difficulty of the challenges seemed to be higher than, for example, HackIM --- which is good. There were severe problems with English in the challenges and on the website, which left you wondering whether you were possibly missing easy things all the time. But on top of that, there was so much guessing required in the challenges that even if you knew what you were doing technically, you (at least I) could not finish it quickly. Together with infrastructure-related problems for an international audience, my overall conclusion is probably to not participate again in 2017.


amon – Feb. 29, 2016, 6:32 a.m.

1/2

I actually thought the CTF was pretty good apart from a couple of hiccups. Here's my breakdown:

Caveats:

1. I live in Singapore so I might have had a slight advantage in terms of connectivity.
2. I cannot read Chinese. I actually relied a lot on Google Translate so despite being from a country that does include Chinese as one of the official languages, I do not have an advantage on that front.

Background:

My team has solved:
1. Web 200 (Can You Hit Me?)
2. Re 100
3. Crypto/Pwn 100 (HeHeDa)
4. Crypto/Pwn 200 (Chain Rule)
5. Crypto/Pwn 300 (Nonogram)
6. Crypto/Pwn 400 (Pwn1)
7. Misc 10 (Welcome) <-- A member of my team signed up for Weibo (they send to Singapore mobile numbers) and actually got it before they released the flag
8. Misc 300 (Hungry Game)

Positive:

1. Most of the challenges were very technically difficult
2. The challenges were also very intellectually interesting. I learnt a lot about QR codes and Nonograms from 'Crypto 300'. Pwn1 has a very interesting premise.
3. The organisers did respond to issues very quickly. For example, it became pretty apparent early on that International players (including me) had problems with joining in the QQ chat group. The IRC channel on Freenode that was setup was very well moderated with pretty quick response times and good admin rotations.
4. Flag formats were strictly adhered to.
5. The 'guessing' comments might be not entirely deserved. Yes, there are challenges like Web 1 that requires a lot of assumptions about the underlying technology, but in contrast to a previous poster, Crypto 200 wasn't guessing at all. The challenge included very transparent clues as you progress. You weren't supposed to look for a comment within a single file in a zip, but comments for all the files within the zip. Now, I do agree that this was categorised badly though. The choice of placing it in Crypto/Pwn might have been why people were not expecting it to be a stego challenge.

Negative:

1. The infrastructure did get very slow once the competition progressed. The wav file from Puzzle was a pain to download.
2. The translated English wasn't exactly very understandable. Still a lot better than HackIM's English though.
3. Some challenges in the Crypto/Pwn category might have been misclassfied. Nonogram and Chain Rule might have been better classified as MISC.
4. The web challenges would probably be better if there was an info leak vector to obtain the source code or simply provide it as part of the challenge to reduce having to make assumptions about exactly what the vulnerability is. Web 1 is a good example of something that should be simple but didn't get many solutions because it is not easy to reason about it.
5. I did not experience problems with Registration or the site but it seems like there are too many people who experienced it to ignore this point. Perhaps it has load issues?.


amon – Feb. 29, 2016, 6:33 a.m.

2/2

My conclusions:

The CTF is far from perfect but I feel that it is still a valuable to play. I'm definitely looking forward to the solutions for everything because the challenges are interesting. I do hope the organisers make their next CTF more international friendly and provision for heavier loads. My rating for the CTF in the current state is 3.5 but I also concur that it's easily a 4-4.5 if it was a little smoother to play and reduced the need for assumptions.


Pharisaeus – Feb. 29, 2016, 8:25 a.m.

Far from the worst (HackIM set the bar really high) but also not particularly good. One problem was unintelligible language and poor task description which required stegano-like stills to figure out what the authors had in mind. Confusing categories for the tasks made it even more difficult. Some tasks required psychic abilities...
For example decoding single Nonogram task gives you "b2403b96?8924408|->:id|salt:5" and you have to figure out that "id" is the command you need to send to the server to get next task and that this hash is in fact a substring of md5 hash of a single letter of the flag concatenated with the salt value. And as much as the task itself was fine (solving nonogram, decoding qrcode, bruting md5 hash) the biggest challenge was to guess what were you even supposed to do and how to communicate with the server. I know admins were trying to salvage this by posting multiple hints, but it only proves that no-one has actually tested the task before the CTF.
There were also other tasks which required a lot of guessing (like Web) before you could proceed with some actual technical work. I understand that finding the attack vector is often part of the task, but it's nice if you can somehow figure it out / predict based on some info-leak rather than just have a lucky guess. I'm not mentioning some RE tasks pretty much unsolvable for people without (surely legal) latest IDA, because this is a very common thing.


n0n3m4 – Feb. 29, 2016, 1:50 p.m.

Overall, rating weight should be set to 0 or 5, I think.


Pharisaeus – Feb. 29, 2016, 2:36 p.m.

Let's not exaggerate with 0, even BreakIn got 5 points ;)


Damonsson – Feb. 29, 2016, 3:29 p.m.

Rating 5 is maximum imo. Web category was a joke

web200 == recon200. And sendemail with payload.
Web100? Check ip, and if chineese send flag?
Web400 no comment, and this challange name FlagMAN. MAN - like Man in the middle, which exist for OAuth.
Web300 partially totally guessing for url_encode needed, might weel was rot-25
Only Web500 was normally


Number4 – Feb. 29, 2016, 8:39 p.m.

What was Web100 ?


niklasb – Feb. 29, 2016, 9:27 p.m.

Web100 was http://www.wooyun.org/bugs/wooyun-2015-0125982. My 2cents:

Web100, 300 and 400 were completely blind and guessing only. I believe web300 or 400 randomly url_decoded your Github username in order to create an injection point. For web100 you had to "inject" a PHP file by bypassing a filename filter, but it would store the file as .jpg. Later admins in IRC told us that it is just a "simulation" and you simply get the flag if you bypass the filter (of course without giving out a formal notice about this on the website). The bug itself was apparently described on a famous Chinese security bug website: http://www.wooyun.org/bugs/wooyun-2015-0125982 If you don't know the bug, it's pretty much guessing only and random tampering with HTTP headers.

Crypto200 had nothing to do with crypto. Crypto100 was almost good, except they truncated the plaintext for some reason, just so it would still involve at least *some* guessing I suppose. It still ended up being kind of fun.

Misc100 was stego in a PDF document, apparently you just had to Google for PDF stego and try some of the tools until you find the right one. Misc300 was kind of fun.

I didn't end up looking into RE and pwn in detail, but I think those were OK, although people in IRC tell me that there was a *lot* of guessing involved as well.

Admins in IRC gave out significant hints in public, without adding them to the website. E.g. they mentioned that web300/400 is a MongoDB injection.


mpgn_x64 – March 1, 2016, 8:55 a.m.

"Rating weight: 20.00" the joke...


Z33R0 – March 1, 2016, 1:45 p.m.

As a Chinese, I just cant stop laughing here. Their English is ..... OK lets say it could be defined as English, perhaps Ssnglish is more appropriate. i have no reason to comment a negative word for it. After all SSCTF is the first CTF game in China for the whole world(as far as i know). i really enjoy it, though it's full of "Chinese Culture". I love misc 300 which is a really interesting game and i learned a lot from it. Frankly i was in QQ group i know because of the limited number of staff they had worked for the whole 48 hours, they dooo their best. I suppose we should give them applause and support instead of that worst or worst ever. ps : I'm not sure whether you can get my points, actually i think Chinese if much easier than your English. have a good one :)


Pharisaeus – March 1, 2016, 2:41 p.m.

@Z33R0 it's nothing personal against China, but people expected something more for a CTF that was scored 20. Just look at tasks from Insomnia teaser (https://ctftime.org/event/258/tasks/) which was also scored 20, or for example from last year's DefCamp Quals (https://ctftime.org/event/239/tasks/) which was worth 10. It's not hard to notice that the quality here was not the same. It would be different if the initial score was 0 or 5, then people would have different expectations.


Angelboy – March 1, 2016, 3:59 p.m.

It's so terriable. Waste time.....


mpgn_x64 – March 1, 2016, 8:48 p.m.

@Pharisaeus Exactly ! you say it


h0twinter – March 2, 2016, 2:08 a.m.

@Pharisaeus Even Break in and HackIM received 5 weighting points....this one is definitely better than any of them...Although I do admit 20 is an overkill. As for network issues...I don't know what to say about it, since it's most likely the GFW's fault and yeah I agreed the translation was really bad. Frankly, I don't know why they decided to release it to the world, since it is a part of XCTF event, I think there are some rules they have to stick with being a part of the huge event? Having played lot of Chinese CTFs...I would say this one is a normal Chinese CTF...


Dropzero – March 2, 2016, 2:39 a.m.

niubility...


Z33R0 – March 2, 2016, 6:23 a.m.

@Pharisaeus Whatever I do believe they will do better next time:)


n0n3m4 – March 7, 2016, 10:24 a.m.

The rating weight poll disappeared despite the votes given there.
Keep up the good job, ctftime admins.