Sat, 27 Feb. 2016, 00:00 UTC — Mon, 29 Feb. 2016, 00:00 UTC 

On-line

SSCTF event.

Format: Jeopardy Jeopardy

Official URL: http://lab.seclover.com/

This event's weight is subject of public voting!

Future weight: 8.89 

Rating weight: 8.89 

Event organizers 


no logo

SSCTF 2016 in Xi’an China and the second XCTF League , is organized by the Cloversec Lab of Xi'an Clover Information Technology Co.,Ltd. Our event format includes online contest and onsite contest. The online contest is in jeopardy format. The onsite contest will take the attack-defence format.

In October of 2014, Cloversec Company held its own information security contest, SSCTF 2014. With more than 500 teams participating. One year later, the company successfully hosted the Huashan Cup Network Security Contest of 2015 with more than 800 teams and 2000 competitors participating. Based on our practical experience in dealing with various abstruse security problems and the experience we learned in holding the contests, we are confident to present competitors with a fantastic contest which can stimulate all their potentials. In 2016, we will hold the second SSCTF Contest, which serves as the XCTF League, to improve the international influence of SSCTF.

Top 14 (Top 10 local Teams and Top 4 International Teams from the Silk Road Countries/Regions, including Central Asian, Middle East, East Europe and Western Europe) of the SSCTF 2016 Quals automatically qualify for the SSCTF 2016 Finals, will be hosted in Xi'an, China(The start city of the Silk Road) on April 2nd to 3rd, 2016.

Prizes

Top 3 teams of the SSCTF 2016 Quals will win prize.
1st: 2000 CNY
2nd: 1000 CNY
3rd: 500 CNY

We will randomly choose 15 teams among the rest ones and award a RMB100 bonus for them respectively

Scoreboard

517 teams total

PlaceTeamCTF pointsRating points
1 FlappyPig 4710.00017.780
2 217 4410.00012.769
3 Nu1L 4210.00010.910
4 KaisHack 4110.0009.980
5 没有一个系统是安全的 4010.0009.347
6 天枢 3510.0008.107
7 ****** 3410.0007.706
8 forx 3410.0007.548
9 BambooFox 3310.0007.235
10 Never Stop Exploiting 3210.0006.948
11 Plaid Parliament of Pwning 3110.0006.678
12 ROIS 3110.0006.611
13 D3siprox 3110.0006.554
14 Dragon Sector 3010.0006.316
15 HackXore 3010.0006.274
16 107 2810.0005.859
17 SHARK 2810.0005.827
18 0ops 2610.0005.420
19 L 2510.0005.205
20 scryptos 2410.0004.993
21 0xFA 2410.0004.972
22 yangyue250216 2310.0004.764
23 Shellphish 2110.0004.369
24 ScienZiati 2110.0004.353
25 khack40 2010.0004.149
26 Lancet 2010.0004.136
27 Sigma 2010.0004.123
28 bob 1910.0003.923
29 AK95 1910.0003.912
30 oo at xx 1910.0003.901
31 p4 1910.0003.892
32 Dawn 1810.0003.694
33 BalalaikaCr3w 1810.0003.686
34 snake 1710.0003.489
35 DeliciousHorse 1610.0003.293
36 ISITDTU 1610.0003.286
37 int3pids 1610.0003.279
38 dcua 1610.0003.273
39 dodododo 1610.0003.267
40 a1exdandy 1610.0003.261
41 Dystopian Narwhals 1610.0003.256
42 PLUS 1610.0003.250
43 aegis 1610.0003.246
44 X1cT34m 1510.0003.052
45 EverSec 1510.0003.048
46 WildWolf 1510.0003.043
47 宫保鸡丁 1510.0003.039
48 中国网警 1510.0003.035
49 du1iqvw 1510.0003.032
50 WS5TYnBoZg== 1510.0003.028
51 TOIH 1410.0002.836
52 凝聚网安工作室 1410.0002.832
53 7HxzZ 1410.0002.829
54 Thanos 1210.0002.448
55 Fourchette Bombe 1210.0002.445
56 .elite 1210.0002.443
57 xil.se 1210.0002.440
58 Insanity 1210.0002.437
59 LOUYS 1110.0002.246
60 安全盒子团队 1110.0002.243
61 MV9rwGOf08 1110.0002.241
62 sec0d 1010.0002.050
63 Redbud 1000.0002.029
64 Shadow Servants 910.0001.857
65 Raccoons 910.0001.854
66 Evil0x 810.0001.664
67 LittleTips 810.0001.662
68 larva 810.0001.660
69 TokyoWesterns 810.0001.658
70 th3jackers 800.0001.637
71 v0rt3x 710.0001.465
72 莲子百合 710.0001.464
73 Hackeriet 710.0001.462
74 天枢2 710.0001.460
75 RingZer0 Team 710.0001.459
76 ALLES! 710.0001.457
77 Hexpresso 710.0001.456
78 6Te4m 700.0001.435
79 mikemase 700.0001.434
80 Mammon Machine 700.0001.432
81 talentA 610.0001.261
82 Nabla 610.0001.260
83 b01lers 610.0001.258
84 WS5TYnBoZg== 610.0004.285
85 610.0001.256
86 Invulnerable 610.0001.255
87 Espacio 610.0001.254
88 0x90r00t 610.0001.252
89 B0wa9a 610.0001.251
90 C1Sec 510.0001.061
91 Snatch The Root 510.0001.060
92 morganFr33man 510.0001.059
93 WISEYE 510.0001.058
94 Blue-Whale 510.0001.057
95 Capture the Swag 510.0001.056
96 Shady Hats 510.0001.055
97 securtiy_test_well 510.0001.054
98 xXxXxaAaAa 510.0001.053
99 stalker 510.0001.052
100 chinaH.L.B 510.0001.052
101 tank1st99 510.0001.051
102 0xbadf00d 510.0001.050
103 wxtel 410.0000.860
104 smoke leet everyday 410.0000.859
105 op.rad 410.0000.859
106 fetchAndLog 410.0000.858
107 NULLify 410.0000.857
108 New_World 410.0000.856
109 ClearCode 410.0000.855
110 Huu 410.0000.855
111 probe 410.0000.854
112 306 410.0000.853
113 Hell.zip 410.0000.853
114 风尘 410.0000.852
115 NIS 410.0000.851
116 01dDriver 410.0000.851
117 SDT/SDT 410.0000.850
118 Batman's Kitchen 410.0000.849
119 sherl0ck 410.0000.849
120 C521 410.0000.848
121 熊孩子 410.0000.847
122 n4m4h4mum3r0n 410.0000.847
123 FirstBlood 410.0000.846
124 KSUCDC 410.0000.846
125 OpenToAll 410.0000.845
126 Efiens|12345679 410.0000.844
127 w0pr 410.0000.844
128 noraneco 410.0000.843
129 J4ckFi5h 400.0000.824
130 jfhs 400.0000.823
131 Tasteless 400.0000.823
132 squareroots 400.0000.822
133 Team Action Kaktus 400.0000.822
134 H4x0rPsch0rr 400.0000.821
135 Future Of Europe 400.0000.821
136 TJUNSA 310.0000.650
137 Neosec 310.0000.650
138 ALLXss 310.0000.650
139 维尼熊宝贝 310.0000.649
140 phrack飞客 310.0000.649
141 SCAUSEC 310.0000.648
142 CUBESEC 310.0000.648
143 GCC 310.0000.647
144 distcc 310.0000.647
145 OyVsyo 310.0000.646
146 CyberOps 310.0000.646
147 xxxx 310.0000.646
148 奔跑的菜鸟 310.0000.645
149 千里目 310.0000.645
150 zctf_test 310.0000.644
151 KuBik 310.0000.644
152 CTF酱油队 310.0000.644
153 No Internet Access 310.0000.643
154 Give Me Fiv3 310.0000.643
155 KITCTF 310.0000.642
156 WindSpeaker 310.0000.642
157 FTCTeam 310.0000.642
158 0x34044 310.0000.641
159 黑化肥发灰会挥发 310.0000.641
160 REU 310.0000.641
161 rays 310.0000.640
162 DarkEye 310.0000.640
163 xeksec 310.0000.640
164 c21h30o2 310.0000.639
165 bibiotty 310.0000.639
166 约瑟翰·庞麦郎 300.0000.620
167 CTF-infinit 300.0000.619
168 5eee663a5d5b35d8216cae05d3b55163 300.0000.619
169 Shurhands 300.0000.619
170 CAT-Security 300.0000.619
171 大隔壁 300.0000.618
172 TOIH 300.0003.454
173 crtl 300.0000.618
174 DarkEye 300.0001.257
175 Spirit+ 210.0000.447
176 SWAT.ME 210.0000.447
177 Syclover 210.0000.447
178 pirate 210.0000.446
179 KKSEC 210.0000.446
180 F4nt45i4 210.0000.446
181 Rs-team 210.0000.445
182 Antarctica-momo 210.0000.445
183 Bushwhackers 210.0000.445
184 BalaBala 210.0000.445
185 XDay 210.0000.444
186 HackCat 210.0000.444
187 S0uL'S Team 210.0000.444
188 WEB飞虎队 210.0000.444
189 Honeypot 210.0000.443
190 CorpOfHack 210.0000.443
191 Avidya:HACKquest 210.0000.443
192 DFCI 210.0000.443
193 BlackH0le 200.0000.424
194 SiBears 200.0000.423
195 mingming 200.0000.423
196 reooo43 200.0000.423
197 gewahbsrwabhr 200.0000.423
198 Avidya 200.0000.422
199 FluxFingers 200.0000.422
200 Shielder 200.0000.422
201 Rdot.org 200.0000.422
202 GWHT 110.0000.252
203 FirstBlood 110.0001.098
204 千里之外的小怨海 110.0000.251
205 sjtu_aaa 110.0000.251
206 X_Ray 110.0000.251
207 who@mI 110.0000.251
208 小明你好 110.0000.250
209 SmallCute 110.0000.250
210 Pandemonium 110.0000.250
211 Xyz 110.0000.250
212 Blake 110.0000.250
213 BreakPoint 110.0000.249
214 undefined 110.0000.249
215 Phoenix 110.0000.249
216 ILOVETFMAN 110.0000.249
217 ghost 110.0000.249
218 曹哈哈·刘嘻嘻 110.0000.248
219 CTF酱油组 110.0000.248
220 05b28e49a5fa08531e486b21d4128f28 110.0000.248
221 \xfafu 110.0000.248
222 funtastic 110.0000.248
223 SUS 110.0000.247
224 106106 110.0000.247
225 firststart 110.0000.247
226 DL 110.0000.247
227 怪盗鸭德 110.0000.247
228 Gooooo 110.0000.247
229 ByteBandits 110.0000.246
230 kopipacket 110.0000.246
231 happy 110.0000.246
232 wowotou 110.0000.246
233 33°灰 110.0000.246
234 cma 110.0000.246
235 张君雅小盆宇 110.0000.245
236 Brutewoorse 110.0000.245
237 pkcjl 110.0000.245
238 drdr 110.0000.245
239 hexfact0r 110.0000.245
240 CInsects 110.0000.245
241 kirito_test 110.0000.245
242 OPT 110.0000.244
243 渣渣三人组 110.0000.244
244 小彩笔 110.0000.244
245 队名叫什么好呢 110.0000.244
246 nobody 110.0000.244
247 036473f1726e2e71ff4ce326a677a3ae 110.0000.244
248 wolfpy 110.0000.243
249 xjnu 110.0000.243
250 90Sec Team 110.0000.243
251 TmTs 110.0000.243
252 bebop17 110.0000.243
253 niexinming 110.0000.243
254 CCSF_HACKERS 110.0000.243
255 err0r-451 110.0000.242
256 Hawks 110.0000.242
257 et_illustratis 110.0000.242
258 xSTF 110.0000.242
259 taurus 110.0000.242
260 0x8F 100.0000.223
261 Sonic_Rainboom 100.0000.223
262 hedgehog 100.0000.223
263 viper 100.0000.223
264 471a8ed6323cd897a9858688e8c9f689 100.0000.222
265 a1ta1r 100.0000.222
266 andnotorg 100.0000.222
267 MAVISANG 100.0000.222
268 duguhu 100.0000.222
269 i3r0_9R3 100.0000.222
270 e11even 100.0000.222
271 3year 100.0000.222
272 insecure 100.0000.221
273 n00bCTF 100.0000.221
274 amn3s1a 100.0000.221
275 UIN HACKING 100.0000.221
276 SAINTSEC 100.0000.221
277 q86 100.0000.221
278 Cybrosis 100.0000.221
279 delicious_cakes 100.0000.221
280 Shine 100.0000.220
281 junoim1234 100.0000.220
282 粟悟饭与龟波功 100.0000.220
283 cctt 100.0000.220
284 CHN.ROUTE 100.0000.220
285 BabyPhD 100.0000.220
286 wtfmehftw 100.0000.220
287 zjicmISA 10.0000.050
288 watch0ut 10.0000.050
289 a0zy 10.0000.050
290 shit team 10.0000.050
291 m00zh33 10.0000.049
292 Qsaka 10.0000.049
293 浪浪 10.0000.049
294 SlidePot 10.0000.049
295 temp_888 10.0000.049
296 我还是个宝宝 10.0000.049
297 GooDay 10.0000.049
298 专业划水 10.0000.049
299 testyou 10.0000.049
300 xxx 10.0000.049
301 以上排名作废 10.0000.048
302 瑶光 10.0000.048
303 BlackWhite 10.0000.048
304 华东理工 10.0000.048
305 小书房 10.0000.048
306 ByStudent 10.0000.048
307 老王邻居 10.0000.048
308 NO.096 10.0000.048
309 酱油 10.0000.048
310 6﹟502 10.0000.048
311 Xp0int 10.0000.047
312 Hydra 10.0000.047
313 波霸 10.0000.047
314 11211 10.0000.047
315 M0nster 10.0000.047
316 justforfun 10.0000.047
317 B216 10.0000.047
318 划船不用桨 10.0000.047
319 INFERNO 10.0000.047
320 xfree|fuckbat 10.0000.047
321 171 10.0000.047
322 西邮红客 10.0000.046
323 arr0w1 10.0000.046
324 A 10.0000.046
325 流浪行星 10.0000.046
326 ds 10.0000.046
327 topsec 10.0000.046
328 桃花岛 10.0000.046
329 床前明月光 10.0000.046
330 安全脉搏第二小分队 10.0000.046
331 0叉00 10.0000.046
332 LZ_NS 10.0000.046
333 六月雨 10.0000.046
334 What? 10.0000.045
335 H-UNION 10.0000.045
336 DJ_fantasy 10.0000.045
337 Seclover 10.0000.045
338 8-bit 10.0000.045
339 HELL0 10.0000.045
340 Crazy8 10.0000.045
341 菜刀队 10.0000.045
342 phrack飞客 10.0000.693
343 Xmix 10.0000.045
344 404 10.0000.045
345 专注酱油20年 10.0000.045
346 YY_XX_HH 10.0000.045
347 猫王 10.0000.044
348 jsufhe 10.0000.044
349 NFJD 10.0000.044
350 sekureco.org 10.0000.044
351 hell 10.0000.044
352 applePie 10.0000.044
353 DMU Hackers 10.0000.044
354 nupsec 10.0000.044
355 DogThrustRabbit 10.0000.044
356 Dark Daisy 10.0000.044
357 axyz 10.0000.044
358 Bingo 10.0000.044
359 cimer 10.0000.044
360 725 10.0000.044
361 10.0000.044
362 谁在背后说我帅 10.0000.043
363 左右手 10.0000.043
364 ssctf 10.0000.043
365 we are laji 10.0000.043
366 grrr 10.0000.043
367 GWGHOST 10.0000.043
368 瞬间boom 10.0000.043
369 sicnuteam 10.0000.043
370 WOLFPACK 10.0000.043
371 c00kie 10.0000.043
372 michael 10.0000.043
373 just1 10.0000.043
374 ' 10.0000.043
375 yuzunzz 10.0000.043
376 jiangyouwang 10.0000.043
377 SHSEC 10.0000.042
378 95e783cc3b27ba77a80b04a3bb2c79e4 10.0000.042
379 001 10.0000.042
380 ztaos 10.0000.042
381 菜鸡 10.0000.042
382 lly123 10.0000.042
383 eee 10.0000.042
384 only_cban 10.0000.042
385 大水逼联盟 10.0000.042
386 HPUSec 10.0000.042
387 s3cer 10.0000.042
388 CCoday 10.0000.042
389 Assassin 10.0000.042
390 MaltSugar/132aae1d26 10.0000.042
391 527 10.0000.042
392 DreamStar 10.0000.042
393 我们来打铁 10.0000.041
394 qgs 10.0000.041
395 海军撸战队 10.0000.041
396 最贵挫逼小组 10.0000.041
397 0xFFFFF 10.0000.041
398 Punch Line 10.0000.041
399 dogggg 10.0000.041
400 sebao 10.0000.041
401 务实守信 10.0000.041
402 tayueliuxiang 10.0000.041
403 lemonade 10.0000.041
404 None 10.0000.041
405 To be number 0 10.0000.041
406 WithoutConcept 10.0000.041
407 hehee 10.0000.041
408 Pyth0n 10.0000.041
409 三江学院队 10.0000.041
410 EF0m 10.0000.041
411 弹丸论破 10.0000.041
412 havefun 10.0000.040
413 McDull 10.0000.040
414 blue-lotus 10.0000.040
415 你好啊 10.0000.040
416 666 10.0000.040
417 Level5 10.0000.040
418 KerKerYuan 10.0000.040
419 DECBUG 10.0000.040
420 thinks 10.0000.040
421 2333 10.0000.040
422 0x1111111 10.0000.040
423 Vic 10.0000.040
424 XDay 10.0000.484
425 zj9s.0kami 10.0000.040
426 Sanya_Bay 10.0000.040
427 unregister 10.0000.040
428 Sn0w0lf 10.0000.040
429 哈哈哈落落 10.0000.040
430 liarod 10.0000.040
431 大烧饼小组|root 10.0000.040
432 xiaobh 10.0000.039
433 takedownher 10.0000.039
434 uen 10.0000.039
435 SAAA 10.0000.039
436 Team Liequal 10.0000.039
437 Just4Fun 10.0000.039
438 Ksoy 10.0000.039
439 viccon 10.0000.039
440 CTG 10.0000.039
441 R小米 10.0000.039
442 rw3b 10.0000.039
443 226安全团队 10.0000.039
444 TeamName 10.0000.039
445 f_Team 10.0000.039
446 萌萌哒的新人们 10.0000.039
447 我们都是叶良辰 10.0000.039
448 eleven 10.0000.039
449 Xs翔兽电竞俱乐部 10.0000.039
450 东京有点热 10.0000.039
451 一人打酱油 10.0000.039
452 d 10.0000.039
453 BXS_n 10.0000.038
454 OverDover 10.0000.038
455 cnnetarmy 10.0000.038
456 403 10.0000.038
457 isitdtu2 10.0000.038
458 Orzs 10.0000.038
459 faketeam 10.0000.038
460 江门市酱油团 10.0000.038
461 noname 10.0000.038
462 zer0pay 10.0000.038
463 GOONERS 10.0000.038
464 只是来打酱油的 10.0000.038
465 xor 10.0000.038
466 祝你们性福 10.0000.038
467 D@rk$h3ll 10.0000.038
468 qwertyuiop 10.0000.038
469 Jacy 10.0000.038
470 WWW 10.0000.038
471 PKTeam 10.0000.038
472 CTRLUREIP 10.0000.038
473 safetech 10.0000.038
474 NUSGreyhats 10.0000.038
475 SDUST_LZS 10.0000.038
476 地水 10.0000.038
477 101 10.0000.038
478 Pocahontas 10.0000.037
479 AGSEC 10.0000.037
480 f0r9etpwd 10.0000.037
481 BU 10.0000.037
482 dc562 10.0000.037
483 N** 10.0000.037
484 Mi'a 10.0000.037
485 Salvation 10.0000.037
486 Bing0 10.0000.037
487 aaa- 10.0000.037
488 卫生队 10.0000.037
489 Marchare 10.0000.037
490 Phantom 10.0000.037
491 MTeam 10.0000.037
492 天驱 10.0000.037
493 FPE 10.0000.037
494 Azure Assassin Alliance 10.0000.037
495 see_see_see 10.0000.037
496 小白菜一株 10.0000.037
497 嘿嘿嘿 10.0000.037
498 VeCtOr 10.0000.037
499 Briner 10.0000.037
500 vegetables 10.0000.037
501 guest 10.0000.037
502 bjFinder 10.0000.037
503 T123 10.0000.037
504 DjigIT 10.0000.037
505 Desiprox Team 10.0000.036
506 seiyakyokai 10.0000.036
507 do9dark 10.0000.036
508 crayontheft 10.0000.036
509 TeamRedAce 10.0000.036
510 Hanoiati 10.0000.036
511 Yozakura 10.0000.036
512 IS☢LA 10.0000.036
513 ttt 10.0000.036
514 omakase 10.0000.036
515 0x494d45 10.0000.036
516 buscoequipo 10.0000.036
517 Kesatria Garuda 10.0000.018
warchantua – Feb. 22, 2016, 8:03 a.m.

Next time PLEASE, don't use Chinese language in online CTF.


kuteminh11 – Feb. 22, 2016, 12:04 p.m.

Is there an option to choose English? I don't understand Chinese language.


01001000entai – Feb. 24, 2016, 7:25 a.m.

@B V @Minh Kute Our website is bilingual (English and Chinese)


5t0rm5had0w – Feb. 25, 2016, 8:27 a.m.

We are new to SSCTF. Do we have to register our team (Create the same team) in the SSCTF site to participate this CTF.


AnarKyx – Feb. 25, 2016, 11:18 p.m.

Wow. Displaying both languages at the same time is a little ridiculous.

Non stop Code verification errors. Use a captcha like google's that people can actually read, and maybe provide a refresh option to skip the current captcha if it's not readable?


01001000entai – Feb. 26, 2016, 7:02 a.m.

@Shan Prashanth
I'm SSCTF Adminitrator,Before the end of the game time, you are Has been SSCTF website can be registered, If you have any problem, please concact ctf@seclover.com,thx :)


01001000entai – Feb. 26, 2016, 7:29 a.m.

@AnarKy
about language problem It has been unable to change,I'm so sorry,
about captcha problem ,We changed captcha font and font size,now recognizable should be no problem
If you have any problem, please concact ctf@seclover.com,thx :)


Fma – Feb. 27, 2016, 12:34 a.m.

If you will open a CTF to everybody then please do so with support for English (proper full support not mixing both). Also I don't think non-Chinese speaking people can use Tentent QQ for support or putting challenges on a Chinese website such as weibo is good. Not fun at all..


niklasb – Feb. 27, 2016, 12:46 a.m.

Files not downloadable from here (Germany), getting network errors. Please decrease rating for this contest, it's not really internationally accessible.


WhiteLightning – Feb. 27, 2016, 1:06 a.m.

Do I am only person which has problem with registering? I'm finishing with: Register Faile, Invite Code Or Email Error!


Urk3L – Feb. 27, 2016, 1:11 a.m.

Same error, again and again... "Register Faile,The Team Name Is Already In Use Or Input Email Is Error!"


CyberPunk – Feb. 27, 2016, 1:12 a.m.

Maybe next time when you guys decide to create a CTF

1.) Translate the english better can't understand half of it

2.) Registration shouldn't take 10+ minutes I can't even register because it is saying team already created ?? How .....

3.) the layout is a bit confusing.


ravidhr – Feb. 27, 2016, 2:13 a.m.

i dont understand chinese, please use english


ulimateshi – Feb. 27, 2016, 3:20 a.m.

CTF for the Chinese team :)))


01001000entai – Feb. 27, 2016, 3:55 a.m.

@Steve Urk3L You can try again,if the user's infomation or teamname are same the other team,Please use the different,Good Luck!


hanto – Feb. 27, 2016, 5:46 a.m.

I'm not an admin but if you want to chat about this ctf please join #ssctf on freenode, thanks!


Dacat – Feb. 27, 2016, 7:40 a.m.

Can't get the Welcome flag unless you're a Weibo member? Oh dear.


leopoldine.lolcat – Feb. 27, 2016, 11:32 a.m.

@Kris Hunt
And I can't register to weibo because my country is not in the list for the SMS check XD
Dat ... CTF ... !
Dont waste your time everybody, boycott that CTF.


cr019283 – Feb. 27, 2016, 1:50 p.m.

I can't even download challenges. First it shows me two hours to download 0.5MB and 5 min later in interrupts. Is it only for Chinese teams? It's quite poorly organized and unfriendly for non-Chinese.


n0n3m4 – Feb. 27, 2016, 5:03 p.m.

Quite disappointed with this CTF.


havocmage – Feb. 27, 2016, 5:07 p.m.

invitation code stopped work.


forenzicator – Feb. 27, 2016, 10:11 p.m.

I cannot register. I am getting error messages. This CTF is not internationally friendly.


Lays – Feb. 28, 2016, 2:16 p.m.

worst CTF ever.


blah_cat – Feb. 28, 2016, 5:39 p.m.

Really worst :3


H3LL0 – Feb. 28, 2016, 6:39 p.m.

ugly ctf :S :S :S :S


MrMugiwara – Feb. 28, 2016, 6:44 p.m.

Fuck a lot your language


Dropzero – Feb. 28, 2016, 6:59 p.m.

omg...


saintmeh – Feb. 28, 2016, 8:42 p.m.

I decided to go ahead and spend an hour of contest time expressing my opinion of this CTF
Good:
*Not the worst CTF ever. I question the motive behind comments to the contrary. I seem to remember a recent Iranian CTF that entirely lacked English or a functioning login.
*There were some good challenges. I liked the XSS and the python challenges. I actually used existing tools I had written for real life engagements on them.
*The site's user interface was the most beautiful and informative of 2016. I like the graphs and how you individually separated team member points. The layout would be obvious if the translation was much better. Pagification might be better at 25 or 50(instead of 10 teams per page). Other than that, great job.
*The challenges were alright. I felt that some were even very practical.
*You had unified flag formats. You seemed to keep cheating to a minimum(judging by the team results).
Bad:
*The language was confusing, but not impossible. I only speak English and I could barely understand the site.
*some challenges didn't seem to handle the inevitable brute forcing skiddy. I would suggest black listing IPs that hammer your server.
*Your translation was... much worse than I would expect from the average skilled citizen of your nation; it is as bad as some of the clumsiest people on this comments section.
*Registration was horrible. I had trouble with registration and password recovery. I still can't change my country, but I suppose that's not a big problem. It's correct on CTFtime
*A CDN might have helped other members to participate. They should know how to use VPNs, but they shouldn't have to use them if everyone else doesn't. I doubled my normal ranking and I didn't do it through hard work and determination.

Personal Conclusion:
Your challenge, over all, was not a waste of time. I had fun and it was challenging. Hacking isn't meant to be easy. It was moderated fairly and communications were maintained through the notices. It's obvious that a good deal of work was put into the interface and the challenges(for the most part) were okay. It seems like you may benefit from having someone internationalize it for you. I feel like I did better in this CTF mostly because other's(Germany for one) weren't given a fair chance. I was only able to spend 5 hours on this CTF and I managed top 10%. I normally place top 20% by myself with 15 hours of work or 10% with 35+hours of work. You could also get rid of some of the challenges(Weibo). I agree with half of the comments, but people on here can be unfairly harsh. This would be 4 stars if it was entirely internationally friendly and it didn't have the Weibo challenge. There is serious room for improvement, but I feel that it would be comparatively easy to fix. Overall, it was okay. :)


smlight – Feb. 29, 2016, 12:17 a.m.

the layout is unreasonable...


kopi-c – Feb. 29, 2016, 1:47 a.m.

My detailed feedback is as follows. First, I can say I only looked at Misc10, Crypto100, Crypto200, Web100. After that, I gave up on the event. So I might have missed some good other content. My overall impression was that this CTF required a lot of guessing in general.
- The website was barely usable. I had problems reaching it at times (not unusual for CTFs I guess). The dual language setting was confusing, and the English translation was not well done. Of course you can guess what the core functionality is, but that should not be required. I don't see multiple user accounts per team as necessary. I was not able to change my account's country to something else than China, and I was not able to change the profile pic. There was no usable error message.
- The graphs of team points looked fancy, but splines are really not appropriate for this (academic nitpocking). In addition, only the top teams were listed (or I missed how to display more teams)
- Misc10 was apparently only solveable by Chinese, so the organizers gave the flag to everyone in the end. It was only 10 points, so that hardly mattered much.
- I started with Crypto 100, which looked like a solid basic crypto challenge. Python code for a byte-wise symmetric substitution/rotation algorithm was provided, together with something that might have been the plaintext, and something that might be the ciphertext (called "out"), and something that seemed to be ciphertext of the flag. In the end, this challenge was decent, the only problem was that it was unclear that a) key would have to be printable characters, and b) the plaintext provided was truncated.
- In Crypto 200, it was easy to get to almost solving the challenge (which was unrelated to cryptography and involved scripting and unzip'ing a lot of files). I did not manage to solve the challenge, because I did not find unprintable characters in the comments of one of the 5k .zip files! I would count this as stego challenge at best, and more likely as guessing.
- Web100 apparently required to trick some regex-based blacklisting of file extensions in a POST-handling server-side script. The actual content of upload did not matter. In the end, this looked a lot like guessing to me as well (trick was to use double spaces in file extension?)

The technical difficulty of the challenges seemed to be higher than, for example, HackIM --- which is good. There were severe problems with English in the challenges and on the website, which left you wondering whether you were possibly missing easy things all the time. But on top of that, there was so much guessing required in the challenges that even if you knew what you were doing technically, you (at least I) could not finish it quickly. Together with infrastructure-related problems for an international audience, my overall conclusion is probably to not participate again in 2017.


amon – Feb. 29, 2016, 6:32 a.m.

1/2

I actually thought the CTF was pretty good apart from a couple of hiccups. Here's my breakdown:

Caveats:

1. I live in Singapore so I might have had a slight advantage in terms of connectivity.
2. I cannot read Chinese. I actually relied a lot on Google Translate so despite being from a country that does include Chinese as one of the official languages, I do not have an advantage on that front.

Background:

My team has solved:
1. Web 200 (Can You Hit Me?)
2. Re 100
3. Crypto/Pwn 100 (HeHeDa)
4. Crypto/Pwn 200 (Chain Rule)
5. Crypto/Pwn 300 (Nonogram)
6. Crypto/Pwn 400 (Pwn1)
7. Misc 10 (Welcome) <-- A member of my team signed up for Weibo (they send to Singapore mobile numbers) and actually got it before they released the flag
8. Misc 300 (Hungry Game)

Positive:

1. Most of the challenges were very technically difficult
2. The challenges were also very intellectually interesting. I learnt a lot about QR codes and Nonograms from 'Crypto 300'. Pwn1 has a very interesting premise.
3. The organisers did respond to issues very quickly. For example, it became pretty apparent early on that International players (including me) had problems with joining in the QQ chat group. The IRC channel on Freenode that was setup was very well moderated with pretty quick response times and good admin rotations.
4. Flag formats were strictly adhered to.
5. The 'guessing' comments might be not entirely deserved. Yes, there are challenges like Web 1 that requires a lot of assumptions about the underlying technology, but in contrast to a previous poster, Crypto 200 wasn't guessing at all. The challenge included very transparent clues as you progress. You weren't supposed to look for a comment within a single file in a zip, but comments for all the files within the zip. Now, I do agree that this was categorised badly though. The choice of placing it in Crypto/Pwn might have been why people were not expecting it to be a stego challenge.

Negative:

1. The infrastructure did get very slow once the competition progressed. The wav file from Puzzle was a pain to download.
2. The translated English wasn't exactly very understandable. Still a lot better than HackIM's English though.
3. Some challenges in the Crypto/Pwn category might have been misclassfied. Nonogram and Chain Rule might have been better classified as MISC.
4. The web challenges would probably be better if there was an info leak vector to obtain the source code or simply provide it as part of the challenge to reduce having to make assumptions about exactly what the vulnerability is. Web 1 is a good example of something that should be simple but didn't get many solutions because it is not easy to reason about it.
5. I did not experience problems with Registration or the site but it seems like there are too many people who experienced it to ignore this point. Perhaps it has load issues?.


amon – Feb. 29, 2016, 6:33 a.m.

2/2

My conclusions:

The CTF is far from perfect but I feel that it is still a valuable to play. I'm definitely looking forward to the solutions for everything because the challenges are interesting. I do hope the organisers make their next CTF more international friendly and provision for heavier loads. My rating for the CTF in the current state is 3.5 but I also concur that it's easily a 4-4.5 if it was a little smoother to play and reduced the need for assumptions.


Pharisaeus – Feb. 29, 2016, 8:25 a.m.

Far from the worst (HackIM set the bar really high) but also not particularly good. One problem was unintelligible language and poor task description which required stegano-like stills to figure out what the authors had in mind. Confusing categories for the tasks made it even more difficult. Some tasks required psychic abilities...
For example decoding single Nonogram task gives you "b2403b96?8924408|->:id|salt:5" and you have to figure out that "id" is the command you need to send to the server to get next task and that this hash is in fact a substring of md5 hash of a single letter of the flag concatenated with the salt value. And as much as the task itself was fine (solving nonogram, decoding qrcode, bruting md5 hash) the biggest challenge was to guess what were you even supposed to do and how to communicate with the server. I know admins were trying to salvage this by posting multiple hints, but it only proves that no-one has actually tested the task before the CTF.
There were also other tasks which required a lot of guessing (like Web) before you could proceed with some actual technical work. I understand that finding the attack vector is often part of the task, but it's nice if you can somehow figure it out / predict based on some info-leak rather than just have a lucky guess. I'm not mentioning some RE tasks pretty much unsolvable for people without (surely legal) latest IDA, because this is a very common thing.


n0n3m4 – Feb. 29, 2016, 1:50 p.m.

Overall, rating weight should be set to 0 or 5, I think.


Pharisaeus – Feb. 29, 2016, 2:36 p.m.

Let's not exaggerate with 0, even BreakIn got 5 points ;)


Damonsson – Feb. 29, 2016, 3:29 p.m.

Rating 5 is maximum imo. Web category was a joke

web200 == recon200. And sendemail with payload.
Web100? Check ip, and if chineese send flag?
Web400 no comment, and this challange name FlagMAN. MAN - like Man in the middle, which exist for OAuth.
Web300 partially totally guessing for url_encode needed, might weel was rot-25
Only Web500 was normally


Number4 – Feb. 29, 2016, 8:39 p.m.

What was Web100 ?


niklasb – Feb. 29, 2016, 9:27 p.m.

Web100 was http://www.wooyun.org/bugs/wooyun-2015-0125982. My 2cents:

Web100, 300 and 400 were completely blind and guessing only. I believe web300 or 400 randomly url_decoded your Github username in order to create an injection point. For web100 you had to "inject" a PHP file by bypassing a filename filter, but it would store the file as .jpg. Later admins in IRC told us that it is just a "simulation" and you simply get the flag if you bypass the filter (of course without giving out a formal notice about this on the website). The bug itself was apparently described on a famous Chinese security bug website: http://www.wooyun.org/bugs/wooyun-2015-0125982 If you don't know the bug, it's pretty much guessing only and random tampering with HTTP headers.

Crypto200 had nothing to do with crypto. Crypto100 was almost good, except they truncated the plaintext for some reason, just so it would still involve at least *some* guessing I suppose. It still ended up being kind of fun.

Misc100 was stego in a PDF document, apparently you just had to Google for PDF stego and try some of the tools until you find the right one. Misc300 was kind of fun.

I didn't end up looking into RE and pwn in detail, but I think those were OK, although people in IRC tell me that there was a *lot* of guessing involved as well.

Admins in IRC gave out significant hints in public, without adding them to the website. E.g. they mentioned that web300/400 is a MongoDB injection.


JohnMcClane – March 1, 2016, 8:55 a.m.

"Rating weight: 20.00" the joke...


Z33R0 – March 1, 2016, 1:45 p.m.

As a Chinese, I just cant stop laughing here. Their English is ..... OK lets say it could be defined as English, perhaps Ssnglish is more appropriate. i have no reason to comment a negative word for it. After all SSCTF is the first CTF game in China for the whole world(as far as i know). i really enjoy it, though it's full of "Chinese Culture". I love misc 300 which is a really interesting game and i learned a lot from it. Frankly i was in QQ group i know because of the limited number of staff they had worked for the whole 48 hours, they dooo their best. I suppose we should give them applause and support instead of that worst or worst ever. ps : I'm not sure whether you can get my points, actually i think Chinese if much easier than your English. have a good one :)


Pharisaeus – March 1, 2016, 2:41 p.m.

@Z33R0 it's nothing personal against China, but people expected something more for a CTF that was scored 20. Just look at tasks from Insomnia teaser (https://ctftime.org/event/258/tasks/) which was also scored 20, or for example from last year's DefCamp Quals (https://ctftime.org/event/239/tasks/) which was worth 10. It's not hard to notice that the quality here was not the same. It would be different if the initial score was 0 or 5, then people would have different expectations.


Angelboy – March 1, 2016, 3:59 p.m.

It's so terriable. Waste time.....


JohnMcClane – March 1, 2016, 8:48 p.m.

@Pharisaeus Exactly ! you say it


h0twinter – March 2, 2016, 2:08 a.m.

@Pharisaeus Even Break in and HackIM received 5 weighting points....this one is definitely better than any of them...Although I do admit 20 is an overkill. As for network issues...I don't know what to say about it, since it's most likely the GFW's fault and yeah I agreed the translation was really bad. Frankly, I don't know why they decided to release it to the world, since it is a part of XCTF event, I think there are some rules they have to stick with being a part of the huge event? Having played lot of Chinese CTFs...I would say this one is a normal Chinese CTF...


Dropzero – March 2, 2016, 2:39 a.m.

niubility...


Z33R0 – March 2, 2016, 6:23 a.m.

@Pharisaeus Whatever I do believe they will do better next time:)


n0n3m4 – March 7, 2016, 10:24 a.m.

The rating weight poll disappeared despite the votes given there.
Keep up the good job, ctftime admins.