Sat, 27 Feb. 2016, 00:00 UTC — Mon, 29 Feb. 2016, 00:00 UTC 

On-line

SSCTF event.

Format: Jeopardy Jeopardy

Official URL: http://lab.seclover.com/

This event's weight is subject of public voting!

Future weight: 8.42 

Rating weight: 8.42 

Event organizers 


no logo

SSCTF 2016 in Xi’an China and the second XCTF League , is organized by the Cloversec Lab of Xi'an Clover Information Technology Co.,Ltd. Our event format includes online contest and onsite contest. The online contest is in jeopardy format. The onsite contest will take the attack-defence format.

In October of 2014, Cloversec Company held its own information security contest, SSCTF 2014. With more than 500 teams participating. One year later, the company successfully hosted the Huashan Cup Network Security Contest of 2015 with more than 800 teams and 2000 competitors participating. Based on our practical experience in dealing with various abstruse security problems and the experience we learned in holding the contests, we are confident to present competitors with a fantastic contest which can stimulate all their potentials. In 2016, we will hold the second SSCTF Contest, which serves as the XCTF League, to improve the international influence of SSCTF.

Top 14 (Top 10 local Teams and Top 4 International Teams from the Silk Road Countries/Regions, including Central Asian, Middle East, East Europe and Western Europe) of the SSCTF 2016 Quals automatically qualify for the SSCTF 2016 Finals, will be hosted in Xi'an, China(The start city of the Silk Road) on April 2nd to 3rd, 2016.

Prizes

Top 3 teams of the SSCTF 2016 Quals will win prize.
1st: 2000 CNY
2nd: 1000 CNY
3rd: 500 CNY

We will randomly choose 15 teams among the rest ones and award a RMB100 bonus for them respectively

Scoreboard

517 teams total

PlaceTeamCTF pointsRating points
1 FlappyPig 4710.00016.840
2 217 4410.00012.094
3 Nu1L 4210.00010.333
4 KaisHack 4110.0009.452
5 没有一个系统是安全的 4010.0008.853
6 天枢 3510.0007.678
7 ****** 3410.0007.299
8 forx 3410.0007.149
9 BambooFox 3310.0006.853
10 Never Stop Exploiting 3210.0006.580
11 Plaid Parliament of Pwning 3110.0006.325
12 ROIS 3110.0006.261
13 D3siprox 3110.0006.207
14 Dragon Sector 3010.0005.982
15 HackXore 3010.0005.942
16 107 2810.0005.550
17 SHARK 2810.0005.519
18 0ops 2610.0005.134
19 L 2510.0004.930
20 scryptos 2410.0004.729
21 0xFA 2410.0004.709
22 yangyue250216 2310.0004.512
23 Shellphish 2110.0004.138
24 TastyBytes 2110.0004.123
25 khack40 2010.0003.930
26 Lancet 2010.0003.917
27 Sigma 2010.0003.905
28 bob 1910.0003.715
29 AK95 1910.0003.705
30 oo at xx 1910.0003.695
31 p4 1910.0003.686
32 Dawn 1810.0003.499
33 BalalaikaCr3w 1810.0003.491
34 snake 1710.0003.305
35 DeliciousHorse 1610.0003.119
36 ISITDTU 1610.0003.112
37 int3pids 1610.0003.106
38 dcua 1610.0003.100
39 dodododo 1610.0003.094
40 a1exdandy 1610.0003.089
41 Dystopian Narwhals 1610.0003.084
42 PLUS 1610.0003.079
43 aegis 1610.0003.074
44 X1cT34m 1510.0002.891
45 EverSec 1510.0002.887
46 WildWolf 1510.0002.882
47 宫保鸡丁 1510.0002.879
48 中国网警 1510.0002.875
49 du1iqvw 1510.0002.871
50 WS5TYnBoZg== 1510.0002.868
51 TOIH 1410.0002.686
52 凝聚网安工作室 1410.0002.683
53 Lilac 1410.0002.680
54 Thanos 1210.0002.319
55 Fourchette Bombe 1210.0002.316
56 .elite 1210.0002.313
57 xil.se 1210.0002.311
58 Insanity 1210.0002.308
59 LOUYS 1110.0002.127
60 安全盒子团队 1110.0002.125
61 MV9rwGOf08 1110.0002.122
62 sec0d 1010.0001.941
63 Redbud 1000.0001.921
64 Shadow Servants 910.0001.758
65 Raccoons 910.0001.756
66 Evil0x 810.0001.576
67 LittleTips 810.0001.574
68 larva 810.0001.572
69 TokyoWesterns 810.0001.570
70 th3jackers 800.0001.550
71 v0rt3x 710.0001.388
72 莲子百合 710.0001.386
73 Hackeriet 710.0001.385
74 天枢2 710.0001.383
75 RingZer0 Team 710.0001.382
76 ALLES! 710.0001.380
77 Hexpresso 710.0001.379
78 6Te4m 700.0001.359
79 mikemase 700.0001.358
80 Mammon Machine 700.0001.357
81 talentA 610.0001.194
82 Nabla 610.0001.193
83 b01lers 610.0001.192
84 WS5TYnBoZg== 610.0004.059
85 610.0001.190
86 Invulnerable 610.0001.188
87 Espacio 610.0001.187
88 0x90r00t 610.0001.186
89 B0wa9a 610.0001.185
90 C1Sec 510.0001.005
91 Snatch The Root 510.0001.004
92 morganFr33man 510.0001.003
93 WISEYE 510.0001.002
94 Blue-Whale 510.0001.001
95 Capture the Swag 510.0001.000
96 Shady Hats 510.0000.999
97 securtiy_test_well 510.0000.999
98 xXxXxaAaAa 510.0000.998
99 stalker 510.0000.997
100 chinaH.L.B 510.0000.996
101 tank1st99 510.0000.995
102 0xbadf00d 510.0000.994
103 wxtel 410.0000.815
104 smoke leet everyday 410.0000.814
105 op.rad 410.0000.813
106 fetchAndLog 410.0000.812
107 NULLify 410.0000.812
108 New_World 410.0000.811
109 ClearCode 410.0000.810
110 Huu 410.0000.809
111 probe 410.0000.809
112 306 410.0000.808
113 Hell.zip 410.0000.807
114 风尘 410.0000.807
115 NIS 410.0000.806
116 01dDriver 410.0000.806
117 SDT/SDT 410.0000.805
118 Batman's Kitchen 410.0000.804
119 sherl0ck 410.0000.804
120 C521 410.0000.803
121 熊孩子 410.0000.803
122 n4m4h4mum3r0n 410.0000.802
123 FirstBlood 410.0000.801
124 KSUCDC 410.0000.801
125 OpenToAll 410.0000.800
126 Efiens|12345679 410.0000.800
127 w0pr 410.0000.799
128 noraneco 410.0000.799
129 J4ckFi5h 400.0000.780
130 jfhs 400.0000.780
131 Tasteless 400.0000.779
132 squareroots 400.0000.779
133 Team Action Kaktus 400.0000.778
134 hxp 400.0000.778
135 Future Of Europe 400.0000.777
136 TJUNSA 310.0000.616
137 Neosec 310.0000.616
138 ALLXss 310.0000.615
139 维尼熊宝贝 310.0000.615
140 phrack飞客 310.0000.614
141 SCAUSEC 310.0000.614
142 CUBESEC 310.0000.613
143 GCC 310.0000.613
144 distcc 310.0000.613
145 OyVsyo 310.0000.612
146 CyberOps 310.0000.612
147 xxxx 310.0000.611
148 奔跑的菜鸟 310.0000.611
149 千里目 310.0000.611
150 zctf_test 310.0000.610
151 KuBik 310.0000.610
152 CTF酱油队 310.0000.610
153 No Internet Access 310.0000.609
154 Give Me Fiv3 310.0000.609
155 KITCTF 310.0000.609
156 WindSpeaker 310.0000.608
157 FTCTeam 310.0000.608
158 0x34044 310.0000.607
159 黑化肥发灰会挥发 310.0000.607
160 REU 310.0000.607
161 rays 310.0000.606
162 DarkEye 310.0000.606
163 xeksec 310.0000.606
164 c21h30o2 310.0000.606
165 bibiotty 310.0000.605
166 约瑟翰·庞麦郎 300.0000.587
167 CTF-infinit 300.0000.587
168 5eee663a5d5b35d8216cae05d3b55163 300.0000.586
169 Shurhands 300.0000.586
170 CAT-Security 300.0000.586
171 大隔壁 300.0000.586
172 TOIH 300.0003.271
173 crtl 300.0000.585
174 DarkEye 300.0001.191
175 Spirit+ 210.0000.424
176 SWAT.ME 210.0000.423
177 Syclover 210.0000.423
178 pirate 210.0000.423
179 KKSEC 210.0000.422
180 F4nt45i4 210.0000.422
181 Rs-team 210.0000.422
182 Antarctica-momo 210.0000.422
183 Bushwhackers 210.0000.421
184 BalaBala 210.0000.421
185 XDay 210.0000.421
186 HackCat 210.0000.421
187 S0uL'S Team 210.0000.420
188 WEB飞虎队 210.0000.420
189 Honeypot 210.0000.420
190 CorpOfHack 210.0000.420
191 Avidya:HACKquest 210.0000.419
192 DFCI 210.0000.419
193 BlackH0le 200.0000.401
194 SiBears 200.0000.401
195 mingming 200.0000.401
196 reooo43 200.0000.400
197 gewahbsrwabhr 200.0000.400
198 Avidya 200.0000.400
199 FluxFingers 200.0000.400
200 Shielder 200.0000.400
201 Rdot.org 200.0000.399
202 GWHT 110.0000.238
203 FirstBlood 110.0001.040
204 千里之外的小怨海 110.0000.238
205 sjtu_aaa 110.0000.238
206 X_Ray 110.0000.238
207 who@mI 110.0000.237
208 小明你好 110.0000.237
209 SmallCute 110.0000.237
210 Pandemonium 110.0000.237
211 Xyz 110.0000.237
212 Blake 110.0000.236
213 BreakPoint 110.0000.236
214 undefined 110.0000.236
215 Phoenix 110.0000.236
216 ILOVETFMAN 110.0000.236
217 ghost 110.0000.235
218 曹哈哈·刘嘻嘻 110.0000.235
219 CTF酱油组 110.0000.235
220 05b28e49a5fa08531e486b21d4128f28 110.0000.235
221 \xfafu 110.0000.235
222 funtastic 110.0000.235
223 SUS 110.0000.234
224 106106 110.0000.234
225 firststart 110.0000.234
226 DL 110.0000.234
227 怪盗鸭德 110.0000.234
228 Gooooo 110.0000.234
229 ByteBandits 110.0000.233
230 kopipacket 110.0000.233
231 happy 110.0000.233
232 wowotou 110.0000.233
233 33°灰 110.0000.233
234 cma 110.0000.233
235 张君雅小盆宇 110.0000.232
236 Brutewoorse 110.0000.232
237 pkcjl 110.0000.232
238 drdr 110.0000.232
239 hexfact0r 110.0000.232
240 CInsects 110.0000.232
241 kirito_test 110.0000.232
242 OPT 110.0000.231
243 渣渣三人组 110.0000.231
244 小彩笔 110.0000.231
245 队名叫什么好呢 110.0000.231
246 nobody 110.0000.231
247 036473f1726e2e71ff4ce326a677a3ae 110.0000.231
248 wolfpy 110.0000.231
249 xjnu 110.0000.230
250 90Sec Team 110.0000.230
251 TmTs 110.0000.230
252 The Bebop17 Squad 110.0000.230
253 niexinming 110.0000.230
254 CCSF_HACKERS 110.0000.230
255 err0r-451 110.0000.230
256 Hawks 110.0000.230
257 et_illustratis 110.0000.229
258 xSTF 110.0000.229
259 taurus 110.0000.229
260 0x8F 100.0000.211
261 Sonic_Rainboom 100.0000.211
262 hedgehog 100.0000.211
263 viper 100.0000.211
264 471a8ed6323cd897a9858688e8c9f689 100.0000.211
265 a1ta1r 100.0000.211
266 andnotorg 100.0000.210
267 PDKT 100.0000.210
268 duguhu 100.0000.210
269 i3r0_9R3 100.0000.210
270 e11even 100.0000.210
271 3year 100.0000.210
272 insecure 100.0000.210
273 6l0ry 100.0000.210
274 amn3s1a 100.0000.209
275 UIN HACKING 100.0000.209
276 SAINTSEC 100.0000.209
277 q86 100.0000.209
278 Cybrosis 100.0000.209
279 delicious_cakes 100.0000.209
280 Shine 100.0000.209
281 junoim1234 100.0000.209
282 粟悟饭与龟波功 100.0000.209
283 cctt 100.0000.209
284 CHN.ROUTE 100.0000.208
285 BabyPhD 100.0000.208
286 wtfmehftw 100.0000.208
287 zjicmISA 10.0000.047
288 watch0ut 10.0000.047
289 a0zy 10.0000.047
290 shit team 10.0000.047
291 m00zh33 10.0000.047
292 Qsaka 10.0000.047
293 浪浪 10.0000.047
294 SlidePot 10.0000.047
295 temp_888 10.0000.046
296 我还是个宝宝 10.0000.046
297 GooDay 10.0000.046
298 专业划水 10.0000.046
299 testyou 10.0000.046
300 xxx 10.0000.046
301 以上排名作废 10.0000.046
302 瑶光 10.0000.046
303 BlackWhite 10.0000.046
304 华东理工 10.0000.046
305 小书房 10.0000.045
306 ByStudent 10.0000.045
307 老王邻居 10.0000.045
308 NO.096 10.0000.045
309 酱油 10.0000.045
310 6﹟502 10.0000.045
311 Xp0int 10.0000.045
312 Hydra 10.0000.045
313 波霸 10.0000.045
314 11211 10.0000.045
315 M0nster 10.0000.045
316 justforfun 10.0000.045
317 B216 10.0000.044
318 划船不用桨 10.0000.044
319 INFERNO 10.0000.044
320 xfree|fuckbat 10.0000.044
321 171 10.0000.044
322 西邮红客 10.0000.044
323 arr0w1 10.0000.044
324 A 10.0000.044
325 流浪行星 10.0000.044
326 ds 10.0000.044
327 topsec 10.0000.044
328 桃花岛 10.0000.044
329 床前明月光 10.0000.043
330 安全脉搏第二小分队 10.0000.043
331 0叉00 10.0000.043
332 LZ_NS 10.0000.043
333 六月雨 10.0000.043
334 What? 10.0000.043
335 H-UNION 10.0000.043
336 DJ_fantasy 10.0000.043
337 Seclover 10.0000.043
338 8-bit 10.0000.043
339 HELL0 10.0000.043
340 Crazy8 10.0000.043
341 菜刀队 10.0000.043
342 phrack飞客 10.0000.657
343 Xmix 10.0000.042
344 404 10.0000.042
345 专注酱油20年 10.0000.042
346 YY_XX_HH 10.0000.042
347 猫王 10.0000.042
348 jsufhe 10.0000.042
349 NFJD 10.0000.042
350 sekureco.org 10.0000.042
351 hell 10.0000.042
352 applePie 10.0000.042
353 DMU Hackers 10.0000.042
354 nupsec 10.0000.042
355 DogThrustRabbit 10.0000.042
356 Dark Daisy 10.0000.042
357 axyz 10.0000.041
358 Bingo 10.0000.041
359 cimer 10.0000.041
360 725 10.0000.041
361 10.0000.041
362 谁在背后说我帅 10.0000.041
363 左右手 10.0000.041
364 ssctf 10.0000.041
365 we are laji 10.0000.041
366 grrr 10.0000.041
367 GWGHOST 10.0000.041
368 瞬间boom 10.0000.041
369 sicnuteam 10.0000.041
370 WOLFPACK 10.0000.041
371 c00kie 10.0000.041
372 michael 10.0000.041
373 just1 10.0000.040
374 ' 10.0000.040
375 yuzunzz 10.0000.040
376 jiangyouwang 10.0000.040
377 SHSEC 10.0000.040
378 95e783cc3b27ba77a80b04a3bb2c79e4 10.0000.040
379 001 10.0000.040
380 ztaos 10.0000.040
381 菜鸡 10.0000.040
382 lly123 10.0000.040
383 eee 10.0000.040
384 only_cban 10.0000.040
385 大水逼联盟 10.0000.040
386 HPUSec 10.0000.040
387 s3cer 10.0000.040
388 CCoday 10.0000.040
389 Assassin 10.0000.040
390 MaltSugar/132aae1d26 10.0000.039
391 527 10.0000.039
392 DreamStar 10.0000.039
393 我们来打铁 10.0000.039
394 qgs 10.0000.039
395 海军撸战队 10.0000.039
396 最贵挫逼小组 10.0000.039
397 0xFFFFF 10.0000.039
398 Punch Line 10.0000.039
399 dogggg 10.0000.039
400 sebao 10.0000.039
401 务实守信 10.0000.039
402 tayueliuxiang 10.0000.039
403 lemonade 10.0000.039
404 None 10.0000.039
405 To be number 0 10.0000.039
406 WithoutConcept 10.0000.039
407 hehee 10.0000.039
408 Pyth0n 10.0000.039
409 三江学院队 10.0000.038
410 EF0m 10.0000.038
411 弹丸论破 10.0000.038
412 havefun 10.0000.038
413 McDull 10.0000.038
414 blue-lotus 10.0000.038
415 你好啊 10.0000.038
416 g33z 10.0000.038
417 Level5 10.0000.038
418 KerKerYuan 10.0000.038
419 DECBUG 10.0000.038
420 thinks 10.0000.038
421 2333 10.0000.038
422 0x1111111 10.0000.038
423 Vic 10.0000.038
424 XDay 10.0000.459
425 zj9s.0kami 10.0000.038
426 Sanya_Bay 10.0000.038
427 unregister 10.0000.038
428 Sn0w0lf 10.0000.038
429 哈哈哈落落 10.0000.038
430 liarod 10.0000.037
431 大烧饼小组|root 10.0000.037
432 xiaobh 10.0000.037
433 takedownher 10.0000.037
434 uen 10.0000.037
435 SAAA 10.0000.037
436 Team Liequal 10.0000.037
437 Just4Fun 10.0000.037
438 Ksoy 10.0000.037
439 viccon 10.0000.037
440 CTG 10.0000.037
441 R小米 10.0000.037
442 rw3b 10.0000.037
443 226安全团队 10.0000.037
444 TeamName 10.0000.037
445 f_Team 10.0000.037
446 萌萌哒的新人们 10.0000.037
447 我们都是叶良辰 10.0000.037
448 eleven 10.0000.037
449 Xs翔兽电竞俱乐部 10.0000.037
450 东京有点热 10.0000.037
451 一人打酱油 10.0000.037
452 d 10.0000.037
453 BXS_n 10.0000.036
454 OverDover 10.0000.036
455 cnnetarmy 10.0000.036
456 403 10.0000.036
457 isitdtu2 10.0000.036
458 Orzs 10.0000.036
459 faketeam 10.0000.036
460 江门市酱油团 10.0000.036
461 noname 10.0000.036
462 zer0pay 10.0000.036
463 GOONERS 10.0000.036
464 只是来打酱油的 10.0000.036
465 xor 10.0000.036
466 祝你们性福 10.0000.036
467 D@rk$h3ll 10.0000.036
468 qwertyuiop 10.0000.036
469 Jacy 10.0000.036
470 WWW 10.0000.036
471 PKTeam 10.0000.036
472 CTRLUREIP 10.0000.036
473 safetech 10.0000.036
474 NUSGreyhats 10.0000.036
475 SDUST_LZS 10.0000.036
476 地水 10.0000.036
477 101 10.0000.036
478 Pocahontas 10.0000.035
479 AGSEC 10.0000.035
480 f0r9etpwd 10.0000.035
481 BU 10.0000.035
482 dc562 10.0000.035
483 N** 10.0000.035
484 Mi'a 10.0000.035
485 Salvation 10.0000.035
486 Bing0 10.0000.035
487 aaa- 10.0000.035
488 卫生队 10.0000.035
489 Marchare 10.0000.035
490 Phantom 10.0000.035
491 MTeam 10.0000.035
492 天驱 10.0000.035
493 FPE 10.0000.035
494 Azure Assassin Alliance 10.0000.035
495 see_see_see 10.0000.035
496 小白菜一株 10.0000.035
497 嘿嘿嘿 10.0000.035
498 VeCtOr 10.0000.035
499 Briner 10.0000.035
500 vegetables 10.0000.035
501 guest 10.0000.035
502 bjFinder 10.0000.035
503 T123 10.0000.035
504 DjigIT 10.0000.035
505 Desiprox Team 10.0000.035
506 seiyakyokai 10.0000.035
507 do9dark 10.0000.034
508 crayontheft 10.0000.034
509 TeamRedAce 10.0000.034
510 Tower of Hanoi 10.0000.034
511 Yozakura 10.0000.034
512 IS☢LA 10.0000.034
513 ttt 10.0000.034
514 omakase 10.0000.034
515 0x494d45 10.0000.034
516 buscoequipo 10.0000.034
517 ¯\__(ツ)__/¯ 10.0000.017
warchantua – Feb. 22, 2016, 8:03 a.m.

Next time PLEASE, don't use Chinese language in online CTF.


kuteminh11 – Feb. 22, 2016, 12:04 p.m.

Is there an option to choose English? I don't understand Chinese language.


01001000entai – Feb. 24, 2016, 7:25 a.m.

@B V @Minh Kute Our website is bilingual (English and Chinese)


5t0rm5had0w – Feb. 25, 2016, 8:27 a.m.

We are new to SSCTF. Do we have to register our team (Create the same team) in the SSCTF site to participate this CTF.


AnarKyx – Feb. 25, 2016, 11:18 p.m.

Wow. Displaying both languages at the same time is a little ridiculous.

Non stop Code verification errors. Use a captcha like google's that people can actually read, and maybe provide a refresh option to skip the current captcha if it's not readable?


01001000entai – Feb. 26, 2016, 7:02 a.m.

@Shan Prashanth
I'm SSCTF Adminitrator,Before the end of the game time, you are Has been SSCTF website can be registered, If you have any problem, please concact ctf@seclover.com,thx :)


01001000entai – Feb. 26, 2016, 7:29 a.m.

@AnarKy
about language problem It has been unable to change,I'm so sorry,
about captcha problem ,We changed captcha font and font size,now recognizable should be no problem
If you have any problem, please concact ctf@seclover.com,thx :)


Fma – Feb. 27, 2016, 12:34 a.m.

If you will open a CTF to everybody then please do so with support for English (proper full support not mixing both). Also I don't think non-Chinese speaking people can use Tentent QQ for support or putting challenges on a Chinese website such as weibo is good. Not fun at all..


niklasb – Feb. 27, 2016, 12:46 a.m.

Files not downloadable from here (Germany), getting network errors. Please decrease rating for this contest, it's not really internationally accessible.


WhiteLightning – Feb. 27, 2016, 1:06 a.m.

Do I am only person which has problem with registering? I'm finishing with: Register Faile, Invite Code Or Email Error!


Urk3L – Feb. 27, 2016, 1:11 a.m.

Same error, again and again... "Register Faile,The Team Name Is Already In Use Or Input Email Is Error!"


Delete-me – Feb. 27, 2016, 1:12 a.m.

Maybe next time when you guys decide to create a CTF

1.) Translate the english better can't understand half of it

2.) Registration shouldn't take 10+ minutes I can't even register because it is saying team already created ?? How .....

3.) the layout is a bit confusing.


ravidhr – Feb. 27, 2016, 2:13 a.m.

i dont understand chinese, please use english


ulimateshi – Feb. 27, 2016, 3:20 a.m.

CTF for the Chinese team :)))


01001000entai – Feb. 27, 2016, 3:55 a.m.

@Steve Urk3L You can try again,if the user's infomation or teamname are same the other team,Please use the different,Good Luck!


hanto – Feb. 27, 2016, 5:46 a.m.

I'm not an admin but if you want to chat about this ctf please join #ssctf on freenode, thanks!


Dacat – Feb. 27, 2016, 7:40 a.m.

Can't get the Welcome flag unless you're a Weibo member? Oh dear.


leopoldine.lolcat – Feb. 27, 2016, 11:32 a.m.

@Kris Hunt
And I can't register to weibo because my country is not in the list for the SMS check XD
Dat ... CTF ... !
Dont waste your time everybody, boycott that CTF.


cr019283 – Feb. 27, 2016, 1:50 p.m.

I can't even download challenges. First it shows me two hours to download 0.5MB and 5 min later in interrupts. Is it only for Chinese teams? It's quite poorly organized and unfriendly for non-Chinese.


n0n3m4 – Feb. 27, 2016, 5:03 p.m.

Quite disappointed with this CTF.


havocmage – Feb. 27, 2016, 5:07 p.m.

invitation code stopped work.


forenzicator – Feb. 27, 2016, 10:11 p.m.

I cannot register. I am getting error messages. This CTF is not internationally friendly.


Lays – Feb. 28, 2016, 2:16 p.m.

worst CTF ever.


Pwny – Feb. 28, 2016, 5:39 p.m.

Really worst :3


H3LL0 – Feb. 28, 2016, 6:39 p.m.

ugly ctf :S :S :S :S


MrMugiwara – Feb. 28, 2016, 6:44 p.m.

Fuck a lot your language


Dropzero – Feb. 28, 2016, 6:59 p.m.

omg...


saintmeh – Feb. 28, 2016, 8:42 p.m.

I decided to go ahead and spend an hour of contest time expressing my opinion of this CTF
Good:
*Not the worst CTF ever. I question the motive behind comments to the contrary. I seem to remember a recent Iranian CTF that entirely lacked English or a functioning login.
*There were some good challenges. I liked the XSS and the python challenges. I actually used existing tools I had written for real life engagements on them.
*The site's user interface was the most beautiful and informative of 2016. I like the graphs and how you individually separated team member points. The layout would be obvious if the translation was much better. Pagification might be better at 25 or 50(instead of 10 teams per page). Other than that, great job.
*The challenges were alright. I felt that some were even very practical.
*You had unified flag formats. You seemed to keep cheating to a minimum(judging by the team results).
Bad:
*The language was confusing, but not impossible. I only speak English and I could barely understand the site.
*some challenges didn't seem to handle the inevitable brute forcing skiddy. I would suggest black listing IPs that hammer your server.
*Your translation was... much worse than I would expect from the average skilled citizen of your nation; it is as bad as some of the clumsiest people on this comments section.
*Registration was horrible. I had trouble with registration and password recovery. I still can't change my country, but I suppose that's not a big problem. It's correct on CTFtime
*A CDN might have helped other members to participate. They should know how to use VPNs, but they shouldn't have to use them if everyone else doesn't. I doubled my normal ranking and I didn't do it through hard work and determination.

Personal Conclusion:
Your challenge, over all, was not a waste of time. I had fun and it was challenging. Hacking isn't meant to be easy. It was moderated fairly and communications were maintained through the notices. It's obvious that a good deal of work was put into the interface and the challenges(for the most part) were okay. It seems like you may benefit from having someone internationalize it for you. I feel like I did better in this CTF mostly because other's(Germany for one) weren't given a fair chance. I was only able to spend 5 hours on this CTF and I managed top 10%. I normally place top 20% by myself with 15 hours of work or 10% with 35+hours of work. You could also get rid of some of the challenges(Weibo). I agree with half of the comments, but people on here can be unfairly harsh. This would be 4 stars if it was entirely internationally friendly and it didn't have the Weibo challenge. There is serious room for improvement, but I feel that it would be comparatively easy to fix. Overall, it was okay. :)


smlight – Feb. 29, 2016, 12:17 a.m.

the layout is unreasonable...


kopi-c – Feb. 29, 2016, 1:47 a.m.

My detailed feedback is as follows. First, I can say I only looked at Misc10, Crypto100, Crypto200, Web100. After that, I gave up on the event. So I might have missed some good other content. My overall impression was that this CTF required a lot of guessing in general.
- The website was barely usable. I had problems reaching it at times (not unusual for CTFs I guess). The dual language setting was confusing, and the English translation was not well done. Of course you can guess what the core functionality is, but that should not be required. I don't see multiple user accounts per team as necessary. I was not able to change my account's country to something else than China, and I was not able to change the profile pic. There was no usable error message.
- The graphs of team points looked fancy, but splines are really not appropriate for this (academic nitpocking). In addition, only the top teams were listed (or I missed how to display more teams)
- Misc10 was apparently only solveable by Chinese, so the organizers gave the flag to everyone in the end. It was only 10 points, so that hardly mattered much.
- I started with Crypto 100, which looked like a solid basic crypto challenge. Python code for a byte-wise symmetric substitution/rotation algorithm was provided, together with something that might have been the plaintext, and something that might be the ciphertext (called "out"), and something that seemed to be ciphertext of the flag. In the end, this challenge was decent, the only problem was that it was unclear that a) key would have to be printable characters, and b) the plaintext provided was truncated.
- In Crypto 200, it was easy to get to almost solving the challenge (which was unrelated to cryptography and involved scripting and unzip'ing a lot of files). I did not manage to solve the challenge, because I did not find unprintable characters in the comments of one of the 5k .zip files! I would count this as stego challenge at best, and more likely as guessing.
- Web100 apparently required to trick some regex-based blacklisting of file extensions in a POST-handling server-side script. The actual content of upload did not matter. In the end, this looked a lot like guessing to me as well (trick was to use double spaces in file extension?)

The technical difficulty of the challenges seemed to be higher than, for example, HackIM --- which is good. There were severe problems with English in the challenges and on the website, which left you wondering whether you were possibly missing easy things all the time. But on top of that, there was so much guessing required in the challenges that even if you knew what you were doing technically, you (at least I) could not finish it quickly. Together with infrastructure-related problems for an international audience, my overall conclusion is probably to not participate again in 2017.


amon – Feb. 29, 2016, 6:32 a.m.

1/2

I actually thought the CTF was pretty good apart from a couple of hiccups. Here's my breakdown:

Caveats:

1. I live in Singapore so I might have had a slight advantage in terms of connectivity.
2. I cannot read Chinese. I actually relied a lot on Google Translate so despite being from a country that does include Chinese as one of the official languages, I do not have an advantage on that front.

Background:

My team has solved:
1. Web 200 (Can You Hit Me?)
2. Re 100
3. Crypto/Pwn 100 (HeHeDa)
4. Crypto/Pwn 200 (Chain Rule)
5. Crypto/Pwn 300 (Nonogram)
6. Crypto/Pwn 400 (Pwn1)
7. Misc 10 (Welcome) <-- A member of my team signed up for Weibo (they send to Singapore mobile numbers) and actually got it before they released the flag
8. Misc 300 (Hungry Game)

Positive:

1. Most of the challenges were very technically difficult
2. The challenges were also very intellectually interesting. I learnt a lot about QR codes and Nonograms from 'Crypto 300'. Pwn1 has a very interesting premise.
3. The organisers did respond to issues very quickly. For example, it became pretty apparent early on that International players (including me) had problems with joining in the QQ chat group. The IRC channel on Freenode that was setup was very well moderated with pretty quick response times and good admin rotations.
4. Flag formats were strictly adhered to.
5. The 'guessing' comments might be not entirely deserved. Yes, there are challenges like Web 1 that requires a lot of assumptions about the underlying technology, but in contrast to a previous poster, Crypto 200 wasn't guessing at all. The challenge included very transparent clues as you progress. You weren't supposed to look for a comment within a single file in a zip, but comments for all the files within the zip. Now, I do agree that this was categorised badly though. The choice of placing it in Crypto/Pwn might have been why people were not expecting it to be a stego challenge.

Negative:

1. The infrastructure did get very slow once the competition progressed. The wav file from Puzzle was a pain to download.
2. The translated English wasn't exactly very understandable. Still a lot better than HackIM's English though.
3. Some challenges in the Crypto/Pwn category might have been misclassfied. Nonogram and Chain Rule might have been better classified as MISC.
4. The web challenges would probably be better if there was an info leak vector to obtain the source code or simply provide it as part of the challenge to reduce having to make assumptions about exactly what the vulnerability is. Web 1 is a good example of something that should be simple but didn't get many solutions because it is not easy to reason about it.
5. I did not experience problems with Registration or the site but it seems like there are too many people who experienced it to ignore this point. Perhaps it has load issues?.


amon – Feb. 29, 2016, 6:33 a.m.

2/2

My conclusions:

The CTF is far from perfect but I feel that it is still a valuable to play. I'm definitely looking forward to the solutions for everything because the challenges are interesting. I do hope the organisers make their next CTF more international friendly and provision for heavier loads. My rating for the CTF in the current state is 3.5 but I also concur that it's easily a 4-4.5 if it was a little smoother to play and reduced the need for assumptions.


Pharisaeus – Feb. 29, 2016, 8:25 a.m.

Far from the worst (HackIM set the bar really high) but also not particularly good. One problem was unintelligible language and poor task description which required stegano-like stills to figure out what the authors had in mind. Confusing categories for the tasks made it even more difficult. Some tasks required psychic abilities...
For example decoding single Nonogram task gives you "b2403b96?8924408|->:id|salt:5" and you have to figure out that "id" is the command you need to send to the server to get next task and that this hash is in fact a substring of md5 hash of a single letter of the flag concatenated with the salt value. And as much as the task itself was fine (solving nonogram, decoding qrcode, bruting md5 hash) the biggest challenge was to guess what were you even supposed to do and how to communicate with the server. I know admins were trying to salvage this by posting multiple hints, but it only proves that no-one has actually tested the task before the CTF.
There were also other tasks which required a lot of guessing (like Web) before you could proceed with some actual technical work. I understand that finding the attack vector is often part of the task, but it's nice if you can somehow figure it out / predict based on some info-leak rather than just have a lucky guess. I'm not mentioning some RE tasks pretty much unsolvable for people without (surely legal) latest IDA, because this is a very common thing.


n0n3m4 – Feb. 29, 2016, 1:50 p.m.

Overall, rating weight should be set to 0 or 5, I think.


Pharisaeus – Feb. 29, 2016, 2:36 p.m.

Let's not exaggerate with 0, even BreakIn got 5 points ;)


Damonsson – Feb. 29, 2016, 3:29 p.m.

Rating 5 is maximum imo. Web category was a joke

web200 == recon200. And sendemail with payload.
Web100? Check ip, and if chineese send flag?
Web400 no comment, and this challange name FlagMAN. MAN - like Man in the middle, which exist for OAuth.
Web300 partially totally guessing for url_encode needed, might weel was rot-25
Only Web500 was normally


Number4 – Feb. 29, 2016, 8:39 p.m.

What was Web100 ?


niklasb – Feb. 29, 2016, 9:27 p.m.

Web100 was http://www.wooyun.org/bugs/wooyun-2015-0125982. My 2cents:

Web100, 300 and 400 were completely blind and guessing only. I believe web300 or 400 randomly url_decoded your Github username in order to create an injection point. For web100 you had to "inject" a PHP file by bypassing a filename filter, but it would store the file as .jpg. Later admins in IRC told us that it is just a "simulation" and you simply get the flag if you bypass the filter (of course without giving out a formal notice about this on the website). The bug itself was apparently described on a famous Chinese security bug website: http://www.wooyun.org/bugs/wooyun-2015-0125982 If you don't know the bug, it's pretty much guessing only and random tampering with HTTP headers.

Crypto200 had nothing to do with crypto. Crypto100 was almost good, except they truncated the plaintext for some reason, just so it would still involve at least *some* guessing I suppose. It still ended up being kind of fun.

Misc100 was stego in a PDF document, apparently you just had to Google for PDF stego and try some of the tools until you find the right one. Misc300 was kind of fun.

I didn't end up looking into RE and pwn in detail, but I think those were OK, although people in IRC tell me that there was a *lot* of guessing involved as well.

Admins in IRC gave out significant hints in public, without adding them to the website. E.g. they mentioned that web300/400 is a MongoDB injection.


mpgn_x64 – March 1, 2016, 8:55 a.m.

"Rating weight: 20.00" the joke...


Z33R0 – March 1, 2016, 1:45 p.m.

As a Chinese, I just cant stop laughing here. Their English is ..... OK lets say it could be defined as English, perhaps Ssnglish is more appropriate. i have no reason to comment a negative word for it. After all SSCTF is the first CTF game in China for the whole world(as far as i know). i really enjoy it, though it's full of "Chinese Culture". I love misc 300 which is a really interesting game and i learned a lot from it. Frankly i was in QQ group i know because of the limited number of staff they had worked for the whole 48 hours, they dooo their best. I suppose we should give them applause and support instead of that worst or worst ever. ps : I'm not sure whether you can get my points, actually i think Chinese if much easier than your English. have a good one :)


Pharisaeus – March 1, 2016, 2:41 p.m.

@Z33R0 it's nothing personal against China, but people expected something more for a CTF that was scored 20. Just look at tasks from Insomnia teaser (https://ctftime.org/event/258/tasks/) which was also scored 20, or for example from last year's DefCamp Quals (https://ctftime.org/event/239/tasks/) which was worth 10. It's not hard to notice that the quality here was not the same. It would be different if the initial score was 0 or 5, then people would have different expectations.


Angelboy – March 1, 2016, 3:59 p.m.

It's so terriable. Waste time.....


mpgn_x64 – March 1, 2016, 8:48 p.m.

@Pharisaeus Exactly ! you say it


h0twinter – March 2, 2016, 2:08 a.m.

@Pharisaeus Even Break in and HackIM received 5 weighting points....this one is definitely better than any of them...Although I do admit 20 is an overkill. As for network issues...I don't know what to say about it, since it's most likely the GFW's fault and yeah I agreed the translation was really bad. Frankly, I don't know why they decided to release it to the world, since it is a part of XCTF event, I think there are some rules they have to stick with being a part of the huge event? Having played lot of Chinese CTFs...I would say this one is a normal Chinese CTF...


Dropzero – March 2, 2016, 2:39 a.m.

niubility...


Z33R0 – March 2, 2016, 6:23 a.m.

@Pharisaeus Whatever I do believe they will do better next time:)


n0n3m4 – March 7, 2016, 10:24 a.m.

The rating weight poll disappeared despite the votes given there.
Keep up the good job, ctftime admins.