Sat, 27 Feb. 2016, 00:00 UTC — Mon, 29 Feb. 2016, 00:00 UTC 

On-line

SSCTF event.

Format: Jeopardy Jeopardy

Official URL: http://lab.seclover.com/

This event's future weight is subject of public voting!

Future weight: 9.18 

Rating weight: 9.18 

Event organizers 

no logo

SSCTF 2016 in Xi’an China and the second XCTF League , is organized by the Cloversec Lab of Xi'an Clover Information Technology Co.,Ltd. Our event format includes online contest and onsite contest. The online contest is in jeopardy format. The onsite contest will take the attack-defence format.

In October of 2014, Cloversec Company held its own information security contest, SSCTF 2014. With more than 500 teams participating. One year later, the company successfully hosted the Huashan Cup Network Security Contest of 2015 with more than 800 teams and 2000 competitors participating. Based on our practical experience in dealing with various abstruse security problems and the experience we learned in holding the contests, we are confident to present competitors with a fantastic contest which can stimulate all their potentials. In 2016, we will hold the second SSCTF Contest, which serves as the XCTF League, to improve the international influence of SSCTF.

Top 14 (Top 10 local Teams and Top 4 International Teams from the Silk Road Countries/Regions, including Central Asian, Middle East, East Europe and Western Europe) of the SSCTF 2016 Quals automatically qualify for the SSCTF 2016 Finals, will be hosted in Xi'an, China(The start city of the Silk Road) on April 2nd to 3rd, 2016.

Prizes

Top 3 teams of the SSCTF 2016 Quals will win prize.
1st: 2000 CNY
2nd: 1000 CNY
3rd: 500 CNY

We will randomly choose 15 teams among the rest ones and award a RMB100 bonus for them respectively

Scoreboard

517 teams total

PlaceTeamCTF pointsRating points
1 FlappyPig 4710.00018.360
2 217 4410.00013.185
3 Nu1L 4210.00011.265
4 KaisHack 4110.00010.306
5 没有一个系统是安全的 4010.0009.652
6 天枢 3510.0008.371
7 ****** 3410.0007.958
8 forx 3410.0007.794
9 BambooFox 3310.0007.471
10 Never Stop Exploiting 3210.0007.174
11 Plaid Parliament of Pwning 3110.0006.896
12 ROIS 3110.0006.827
13 D3siprox 3110.0006.768
14 Dragon Sector 3010.0006.522
15 HackXore 3010.0006.479
16 107 2810.0006.051
17 SHARK 2810.0006.017
18 0ops 2610.0005.597
19 L-Team 2510.0005.375
20 scryptos 2410.0005.156
21 0xFA 2410.0005.134
22 yangyue250216 2310.0004.920
23 Shellphish 2110.0004.512
24 pwnspiracy 2110.0004.495
25 khack40 2010.0004.285
26 Lancet 2010.0004.271
27 Sigma 2010.0004.258
28 bob 1910.0004.051
29 AK95 1910.0004.039
30 oo at xx 1910.0004.029
31 p4 1910.0004.019
32 Dawn 1810.0003.815
33 BalalaikaCr3w 1810.0003.806
34 snake 1710.0003.603
35 DeliciousHorse 1610.0003.400
36 ISITDTU 1610.0003.393
37 int3pids 1610.0003.386
38 dcua 1610.0003.380
39 dodododo 1610.0003.373
40 a1exdandy 1610.0003.367
41 Dystopian Narwhals 1610.0003.362
42 PLUS 1610.0003.357
43 aegis 1610.0003.351
44 X1cT34m 1510.0003.152
45 EverSec 1510.0003.147
46 WildWolf 1510.0003.143
47 宫保鸡丁 1510.0003.138
48 中国网警 1510.0003.134
49 du1iqvw 1510.0003.130
50 WS5TYnBoZg== 1510.0003.127
51 TOIH 1410.0002.928
52 凝聚网安工作室 1410.0002.925
53 Lilac 1410.0002.921
54 Thanos 1210.0002.528
55 Fourchette Bombe 1210.0002.525
56 .elite 1210.0002.522
57 xil.se 1210.0002.519
58 Insanity 1210.0002.517
59 LOUYS 1110.0002.319
60 安全盒子团队 1110.0002.316
61 MV9rwGOf08 1110.0002.314
62 sec0d 1010.0002.117
63 Redbud 1000.0002.095
64 Shadow Servants 910.0001.917
65 Raccoons 910.0001.915
66 Evil0x 810.0001.718
67 LittleTips 810.0001.716
68 larva 810.0001.714
69 TokyoWesterns 810.0001.712
70 th3jackers 800.0001.690
71 v0rt3x 710.0001.513
72 莲子百合 710.0001.511
73 Hackeriet 710.0001.510
74 天枢2 710.0001.508
75 RingZer0 Team 710.0001.506
76 ALLES! 710.0001.505
77 Hexpresso 710.0001.503
78 6Te4m 700.0001.482
79 mikemase 700.0001.481
80 Mammon Machine 700.0001.479
81 talentA 610.0001.302
82 Nabla 610.0001.301
83 b01lers 610.0001.300
84 WS5TYnBoZg== 610.0004.425
85 610.0001.297
86 Invulnerable 610.0001.296
87 Espacio 610.0001.294
88 0x90r00t 610.0001.293
89 B0wa9a 610.0001.292
90 C1Sec 510.0001.096
91 Snatch The Root 510.0001.095
92 morganFr33man 510.0001.094
93 WISEYE 510.0001.093
94 Blue-Whale 510.0001.092
95 Capture the Swag 510.0001.091
96 Shady Hats 510.0001.090
97 securtiy_test_well 510.0001.089
98 xXxXxaAaAa 510.0001.088
99 stalker 510.0001.087
100 chinaH.L.B 510.0001.086
101 tank1st99 510.0001.085
102 0xbadf00d 510.0001.084
103 wxtel 410.0000.888
104 smoke leet everyday 410.0000.887
105 op.rad 410.0000.887
106 fetchAndLog 410.0000.886
107 NULLify 410.0000.885
108 New_World 410.0000.884
109 ClearCode 410.0000.883
110 Huu 410.0000.883
111 probe 410.0000.882
112 306 410.0000.881
113 Hell.zip 410.0000.880
114 风尘 410.0000.880
115 NIS 410.0000.879
116 01dDriver 410.0000.878
117 SDT/SDT 410.0000.878
118 Batman's Kitchen 410.0000.877
119 sherl0ck 410.0000.876
120 C521 410.0000.876
121 熊孩子 410.0000.875
122 n4m4h4mum3r0n 410.0000.874
123 FirstBlood 410.0000.874
124 KSUCDC 410.0000.873
125 OpenToAll 410.0000.873
126 Efiens|12345679 410.0000.872
127 w0pr 410.0000.871
128 noraneco 410.0000.871
129 J4ckFi5h 400.0000.851
130 jfhs 400.0000.850
131 Tasteless 400.0000.850
132 squareroots 400.0000.849
133 Team Action Kaktus 400.0000.849
134 hxp 400.0000.848
135 Future Of Europe 400.0000.848
136 TJUNSA 310.0000.672
137 Neosec 310.0000.671
138 ALLXss 310.0000.671
139 维尼熊宝贝 310.0000.670
140 phrack飞客 310.0000.670
141 SCAUSEC 310.0000.669
142 CUBESEC 310.0000.669
143 GCC 310.0000.668
144 distcc 310.0000.668
145 OyVsyo 310.0000.668
146 CyberOps 310.0000.667
147 xxxx 310.0000.667
148 奔跑的菜鸟 310.0000.666
149 千里目 310.0000.666
150 zctf_test 310.0000.665
151 KuBik 310.0000.665
152 CTF酱油队 310.0000.665
153 No Internet Access 310.0000.664
154 Give Me Fiv3 310.0000.664
155 KITCTF 310.0000.663
156 WindSpeaker 310.0000.663
157 FTCTeam 310.0000.663
158 0x34044 310.0000.662
159 黑化肥发灰会挥发 310.0000.662
160 REU 310.0000.662
161 rays 310.0000.661
162 DarkEye 310.0000.661
163 xeksec 310.0000.661
164 c21h30o2 310.0000.660
165 bibiotty 310.0000.660
166 约瑟翰·庞麦郎 300.0000.640
167 CTF-infinit 300.0000.640
168 5eee663a5d5b35d8216cae05d3b55163 300.0000.639
169 Shurhands 300.0000.639
170 CAT-Security 300.0000.639
171 大隔壁 300.0000.638
172 TOIH 300.0003.566
173 crtl 300.0000.638
174 DarkEye 300.0001.298
175 Spirit+ 210.0000.462
176 SWAT.ME 210.0000.461
177 Syclover 210.0000.461
178 pirate 210.0000.461
179 KKSEC 210.0000.461
180 F4nt45i4 210.0000.460
181 Rs-team 210.0000.460
182 Antarctica-momo 210.0000.460
183 Bushwhackers 210.0000.459
184 BalaBala 210.0000.459
185 XDay 210.0000.459
186 HackCat 210.0000.459
187 S0uL'S Team 210.0000.458
188 WEB飞虎队 210.0000.458
189 Honeypot 210.0000.458
190 CorpOfHack 210.0000.458
191 Avidya:HACKquest 210.0000.457
192 PENSIUN | DFCI | SUKSMA 210.0000.457
193 BlackH0le 200.0000.437
194 SiBears 200.0000.437
195 mingming 200.0000.437
196 reooo43 200.0000.437
197 gewahbsrwabhr 200.0000.436
198 Avidya 200.0000.436
199 FluxFingers 200.0000.436
200 Shielder 200.0000.436
201 Rdot.org 200.0000.435
202 GWHT 110.0000.260
203 FirstBlood 110.0001.133
204 千里之外的小怨海 110.0000.259
205 sjtu_aaa 110.0000.259
206 X_Ray 110.0000.259
207 who@mI 110.0000.259
208 小明你好 110.0000.259
209 SmallCute 110.0000.258
210 Pandemonium 110.0000.258
211 Xyz 110.0000.258
212 Blake 110.0000.258
213 BreakPoint 110.0000.257
214 undefined 110.0000.257
215 Phoenix 110.0000.257
216 ILOVETFMAN 110.0000.257
217 GHOST 110.0000.257
218 曹哈哈·刘嘻嘻 110.0000.257
219 CTF酱油组 110.0000.256
220 05b28e49a5fa08531e486b21d4128f28 110.0000.256
221 \xfafu 110.0000.256
222 funtastic 110.0000.256
223 SUS 110.0000.256
224 106106 110.0000.255
225 firststart 110.0000.255
226 DL 110.0000.255
227 怪盗鸭德 110.0000.255
228 Gooooo 110.0000.255
229 ByteBandits 110.0000.254
230 kopipacket 110.0000.254
231 happy 110.0000.254
232 wowotou 110.0000.254
233 33°灰 110.0000.254
234 cma 110.0000.254
235 张君雅小盆宇 110.0000.253
236 Brutewoorse 110.0000.253
237 pkcjl 110.0000.253
238 drdr 110.0000.253
239 DTUHAX 110.0000.253
240 CInsects 110.0000.253
241 kirito_test 110.0000.252
242 OPT 110.0000.252
243 渣渣三人组 110.0000.252
244 小彩笔 110.0000.252
245 队名叫什么好呢 110.0000.252
246 nobody 110.0000.252
247 036473f1726e2e71ff4ce326a677a3ae 110.0000.252
248 wolfpy 110.0000.251
249 xjnu 110.0000.251
250 90Sec Team 110.0000.251
251 TmTs 110.0000.251
252 The Bebop17 Squad 110.0000.251
253 niexinming 110.0000.251
254 CCSF_HACKERS 110.0000.251
255 err0r-451 110.0000.250
256 Hawks 110.0000.250
257 et_illustratis 110.0000.250
258 xSTF 110.0000.250
259 taurus 110.0000.250
260 0x8F 100.0000.230
261 Sonic_Rainboom 100.0000.230
262 hedgehog 100.0000.230
263 viper 100.0000.230
264 471a8ed6323cd897a9858688e8c9f689 100.0000.230
265 a1ta1r 100.0000.230
266 andnotorg 100.0000.229
267 PDKT 100.0000.229
268 duguhu 100.0000.229
269 i3r0_9R3 100.0000.229
270 e11even 100.0000.229
271 3year 100.0000.229
272 insecure 100.0000.229
273 6l0ry 100.0000.229
274 amn3s1a 100.0000.228
275 UIN HACKING 100.0000.228
276 SAINTSEC 100.0000.228
277 q86 100.0000.228
278 Cybrosis 100.0000.228
279 delicious_cakes 100.0000.228
280 Shine 100.0000.228
281 junoim1234 100.0000.228
282 粟悟饭与龟波功 100.0000.227
283 cctt 100.0000.227
284 CHN.ROUTE 100.0000.227
285 BabyPhD 100.0000.227
286 wtfmehftw 100.0000.227
287 cuzISA 10.0000.051
288 watch0ut 10.0000.051
289 a0zy 10.0000.051
290 shit team 10.0000.051
291 m00zh33 10.0000.051
292 Qsaka 10.0000.051
293 浪浪 10.0000.051
294 SlidePot 10.0000.051
295 temp_888 10.0000.051
296 我还是个宝宝 10.0000.051
297 GooDay 10.0000.050
298 专业划水 10.0000.050
299 testyou 10.0000.050
300 xxx 10.0000.050
301 以上排名作废 10.0000.050
302 瑶光 10.0000.050
303 BlackWhite 10.0000.050
304 华东理工 10.0000.050
305 小书房 10.0000.050
306 ByStudent 10.0000.049
307 老王邻居 10.0000.049
308 NO.096 10.0000.049
309 酱油 10.0000.049
310 6﹟502 10.0000.049
311 Xp0int 10.0000.049
312 Hydra 10.0000.049
313 波霸 10.0000.049
314 11211 10.0000.049
315 M0nster 10.0000.049
316 justforfun 10.0000.049
317 B216 10.0000.048
318 划船不用桨 10.0000.048
319 INFERNO 10.0000.048
320 xfree|fuckbat 10.0000.048
321 171 10.0000.048
322 西邮红客 10.0000.048
323 arr0w1 10.0000.048
324 A 10.0000.048
325 流浪行星 10.0000.048
326 ds 10.0000.048
327 topsec 10.0000.048
328 桃花岛 10.0000.047
329 床前明月光 10.0000.047
330 安全脉搏第二小分队 10.0000.047
331 0叉00 10.0000.047
332 LZ_NS 10.0000.047
333 六月雨 10.0000.047
334 What? 10.0000.047
335 H-UNION 10.0000.047
336 DJ_fantasy 10.0000.047
337 Seclover 10.0000.047
338 8-bit 10.0000.047
339 HELL0 10.0000.047
340 Crazy8 10.0000.046
341 菜刀队 10.0000.046
342 phrack飞客 10.0000.716
343 Xmix 10.0000.046
344 404 10.0000.046
345 专注酱油20年 10.0000.046
346 YY_XX_HH 10.0000.046
347 猫王 10.0000.046
348 jsufhe 10.0000.046
349 NFJD 10.0000.046
350 sekureco.org 10.0000.046
351 hell 10.0000.046
352 applePie 10.0000.046
353 DMU Hackers 10.0000.045
354 nupsec 10.0000.045
355 DogThrustRabbit 10.0000.045
356 Dark Daisy 10.0000.045
357 axyz 10.0000.045
358 Bingo 10.0000.045
359 cimer 10.0000.045
360 725 10.0000.045
361 10.0000.045
362 谁在背后说我帅 10.0000.045
363 左右手 10.0000.045
364 ssctf 10.0000.045
365 we are laji 10.0000.045
366 grrr 10.0000.045
367 GWGHOST 10.0000.045
368 瞬间boom 10.0000.044
369 sicnuteam 10.0000.044
370 WOLFPACK 10.0000.044
371 c00kie 10.0000.044
372 michael 10.0000.044
373 just1 10.0000.044
374 ' 10.0000.044
375 yuzunzz 10.0000.044
376 jiangyouwang 10.0000.044
377 SHSEC 10.0000.044
378 95e783cc3b27ba77a80b04a3bb2c79e4 10.0000.044
379 001 10.0000.044
380 ztaos 10.0000.044
381 菜鸡 10.0000.044
382 lly123 10.0000.044
383 eee 10.0000.043
384 only_cban 10.0000.043
385 大水逼联盟 10.0000.043
386 HPUSec 10.0000.043
387 s3cer 10.0000.043
388 CCoday 10.0000.043
389 Assassin 10.0000.043
390 MaltSugar/132aae1d26 10.0000.043
391 527 10.0000.043
392 DreamStar 10.0000.043
393 我们来打铁 10.0000.043
394 qgs 10.0000.043
395 海军撸战队 10.0000.043
396 最贵挫逼小组 10.0000.043
397 0xFFFFF 10.0000.043
398 Punch Line 10.0000.043
399 dogggg 10.0000.042
400 sebao 10.0000.042
401 务实守信 10.0000.042
402 tayueliuxiang 10.0000.042
403 lemonade 10.0000.042
404 None 10.0000.042
405 To be number 0 10.0000.042
406 WithoutConcept 10.0000.042
407 hehee 10.0000.042
408 Pyth0n 10.0000.042
409 三江学院队 10.0000.042
410 EF0m 10.0000.042
411 弹丸论破 10.0000.042
412 havefun 10.0000.042
413 McDull 10.0000.042
414 blue-lotus 10.0000.042
415 你好啊 10.0000.042
416 g33z 10.0000.042
417 Level5 10.0000.042
418 KerKerYuan 10.0000.041
419 DECBUG 10.0000.041
420 thinks 10.0000.041
421 2333 10.0000.041
422 0x1111111 10.0000.041
423 Vic 10.0000.041
424 XDay 10.0000.500
425 zj9s.0kami 10.0000.041
426 Sanya_Bay 10.0000.041
427 unregister 10.0000.041
428 Sn0w0lf 10.0000.041
429 哈哈哈落落 10.0000.041
430 liarod 10.0000.041
431 大烧饼小组|root 10.0000.041
432 xiaobh 10.0000.041
433 takedownher 10.0000.041
434 uen 10.0000.041
435 SAAA 10.0000.041
436 Team Liequal 10.0000.041
437 Just4Fun 10.0000.040
438 Ksoy 10.0000.040
439 viccon 10.0000.040
440 CTG 10.0000.040
441 R小米 10.0000.040
442 rw3b 10.0000.040
443 226安全团队 10.0000.040
444 TeamName 10.0000.040
445 f_Team 10.0000.040
446 萌萌哒的新人们 10.0000.040
447 我们都是叶良辰 10.0000.040
448 eleven 10.0000.040
449 Xs翔兽电竞俱乐部 10.0000.040
450 东京有点热 10.0000.040
451 一人打酱油 10.0000.040
452 d 10.0000.040
453 BXS_n 10.0000.040
454 OverDover 10.0000.040
455 cnnetarmy 10.0000.040
456 403 10.0000.040
457 isitdtu2 10.0000.040
458 Orzs 10.0000.040
459 faketeam 10.0000.039
460 江门市酱油团 10.0000.039
461 noname 10.0000.039
462 zer0pay 10.0000.039
463 GOONERS 10.0000.039
464 只是来打酱油的 10.0000.039
465 XOR 10.0000.039
466 祝你们性福 10.0000.039
467 D@rk$h3ll 10.0000.039
468 qwertyuiop 10.0000.039
469 Jacy 10.0000.039
470 WWW 10.0000.039
471 PKTeam 10.0000.039
472 CTRLUREIP 10.0000.039
473 safetech 10.0000.039
474 NUSGreyhats 10.0000.039
475 SDUST_LZS 10.0000.039
476 地水 10.0000.039
477 101 10.0000.039
478 Pocahontas 10.0000.039
479 AGSEC 10.0000.039
480 f0r9etpwd 10.0000.039
481 BU 10.0000.039
482 DC562 10.0000.039
483 N** 10.0000.038
484 Mi'a 10.0000.038
485 Salvation 10.0000.038
486 Bing0 10.0000.038
487 aaa- 10.0000.038
488 卫生队 10.0000.038
489 Marchare 10.0000.038
490 Phantom 10.0000.038
491 MTeam 10.0000.038
492 天驱 10.0000.038
493 FPE 10.0000.038
494 Azure Assassin Alliance 10.0000.038
495 see_see_see 10.0000.038
496 小白菜一株 10.0000.038
497 嘿嘿嘿 10.0000.038
498 VeCtOr 10.0000.038
499 Briner 10.0000.038
500 vegetables 10.0000.038
501 guest 10.0000.038
502 bjFinder 10.0000.038
503 T123 10.0000.038
504 DjigIT 10.0000.038
505 Desiprox Team 10.0000.038
506 seiyakyokai 10.0000.038
507 do9dark 10.0000.038
508 crayontheft 10.0000.038
509 TeamRedAce 10.0000.038
510 Tower of Hanoi 10.0000.037
511 Yozakura 10.0000.037
512 IS☢LA 10.0000.037
513 ttt 10.0000.037
514 omakase 10.0000.037
515 0x494d45 10.0000.037
516 buscoequipo 10.0000.037
517 ¯\__(ツ)__/¯ 10.0000.019
warchantuaFeb. 22, 2016, 8:03 a.m.

Next time PLEASE, don't use Chinese language in online CTF.


kuteminh11Feb. 22, 2016, 12:04 p.m.

Is there an option to choose English? I don't understand Chinese language.


01001000entaiFeb. 24, 2016, 7:25 a.m.

@B V @Minh Kute Our website is bilingual (English and Chinese)


5t0rm5had0wFeb. 25, 2016, 8:27 a.m.

We are new to SSCTF. Do we have to register our team (Create the same team) in the SSCTF site to participate this CTF.


AnarKyxFeb. 25, 2016, 11:18 p.m.

Wow. Displaying both languages at the same time is a little ridiculous.

Non stop Code verification errors. Use a captcha like google's that people can actually read, and maybe provide a refresh option to skip the current captcha if it's not readable?


01001000entaiFeb. 26, 2016, 7:02 a.m.

@Shan Prashanth
I'm SSCTF Adminitrator,Before the end of the game time, you are Has been SSCTF website can be registered, If you have any problem, please concact ctf@seclover.com,thx :)


01001000entaiFeb. 26, 2016, 7:29 a.m.

@AnarKy
about language problem It has been unable to change,I'm so sorry,
about captcha problem ,We changed captcha font and font size,now recognizable should be no problem
If you have any problem, please concact ctf@seclover.com,thx :)


FmaFeb. 27, 2016, 12:34 a.m.

If you will open a CTF to everybody then please do so with support for English (proper full support not mixing both). Also I don't think non-Chinese speaking people can use Tentent QQ for support or putting challenges on a Chinese website such as weibo is good. Not fun at all..


niklasbFeb. 27, 2016, 12:46 a.m.

Files not downloadable from here (Germany), getting network errors. Please decrease rating for this contest, it's not really internationally accessible.


WhiteLightningFeb. 27, 2016, 1:06 a.m.

Do I am only person which has problem with registering? I'm finishing with: Register Faile, Invite Code Or Email Error!


Urk3LFeb. 27, 2016, 1:11 a.m.

Same error, again and again... "Register Faile,The Team Name Is Already In Use Or Input Email Is Error!"


Delete-meFeb. 27, 2016, 1:12 a.m.

Maybe next time when you guys decide to create a CTF

1.) Translate the english better can't understand half of it

2.) Registration shouldn't take 10+ minutes I can't even register because it is saying team already created ?? How .....

3.) the layout is a bit confusing.


ravidhrFeb. 27, 2016, 2:13 a.m.

i dont understand chinese, please use english


ulimateshiFeb. 27, 2016, 3:20 a.m.

CTF for the Chinese team :)))


01001000entaiFeb. 27, 2016, 3:55 a.m.

@Steve Urk3L You can try again,if the user's infomation or teamname are same the other team,Please use the different,Good Luck!


hantoFeb. 27, 2016, 5:46 a.m.

I'm not an admin but if you want to chat about this ctf please join #ssctf on freenode, thanks!


DacatFeb. 27, 2016, 7:40 a.m.

Can't get the Welcome flag unless you're a Weibo member? Oh dear.


leopoldinelolcatFeb. 27, 2016, 11:32 a.m.

@Kris Hunt
And I can't register to weibo because my country is not in the list for the SMS check XD
Dat ... CTF ... !
Dont waste your time everybody, boycott that CTF.


cr019283Feb. 27, 2016, 1:50 p.m.

I can't even download challenges. First it shows me two hours to download 0.5MB and 5 min later in interrupts. Is it only for Chinese teams? It's quite poorly organized and unfriendly for non-Chinese.


n0n3m4Feb. 27, 2016, 5:03 p.m.

Quite disappointed with this CTF.


havocmageFeb. 27, 2016, 5:07 p.m.

invitation code stopped work.


forenzicatorFeb. 27, 2016, 10:11 p.m.

I cannot register. I am getting error messages. This CTF is not internationally friendly.


LaysFeb. 28, 2016, 2:16 p.m.

worst CTF ever.


PwnyFeb. 28, 2016, 5:39 p.m.

Really worst :3


l33tb4nanaFeb. 28, 2016, 6:39 p.m.

ugly ctf :S :S :S :S


MrMugiwaraFeb. 28, 2016, 6:44 p.m.

Fuck a lot your language


DropzeroFeb. 28, 2016, 6:59 p.m.

omg...


saintmehFeb. 28, 2016, 8:42 p.m.

I decided to go ahead and spend an hour of contest time expressing my opinion of this CTF
Good:
*Not the worst CTF ever. I question the motive behind comments to the contrary. I seem to remember a recent Iranian CTF that entirely lacked English or a functioning login.
*There were some good challenges. I liked the XSS and the python challenges. I actually used existing tools I had written for real life engagements on them.
*The site's user interface was the most beautiful and informative of 2016. I like the graphs and how you individually separated team member points. The layout would be obvious if the translation was much better. Pagification might be better at 25 or 50(instead of 10 teams per page). Other than that, great job.
*The challenges were alright. I felt that some were even very practical.
*You had unified flag formats. You seemed to keep cheating to a minimum(judging by the team results).
Bad:
*The language was confusing, but not impossible. I only speak English and I could barely understand the site.
*some challenges didn't seem to handle the inevitable brute forcing skiddy. I would suggest black listing IPs that hammer your server.
*Your translation was... much worse than I would expect from the average skilled citizen of your nation; it is as bad as some of the clumsiest people on this comments section.
*Registration was horrible. I had trouble with registration and password recovery. I still can't change my country, but I suppose that's not a big problem. It's correct on CTFtime
*A CDN might have helped other members to participate. They should know how to use VPNs, but they shouldn't have to use them if everyone else doesn't. I doubled my normal ranking and I didn't do it through hard work and determination.

Personal Conclusion:
Your challenge, over all, was not a waste of time. I had fun and it was challenging. Hacking isn't meant to be easy. It was moderated fairly and communications were maintained through the notices. It's obvious that a good deal of work was put into the interface and the challenges(for the most part) were okay. It seems like you may benefit from having someone internationalize it for you. I feel like I did better in this CTF mostly because other's(Germany for one) weren't given a fair chance. I was only able to spend 5 hours on this CTF and I managed top 10%. I normally place top 20% by myself with 15 hours of work or 10% with 35+hours of work. You could also get rid of some of the challenges(Weibo). I agree with half of the comments, but people on here can be unfairly harsh. This would be 4 stars if it was entirely internationally friendly and it didn't have the Weibo challenge. There is serious room for improvement, but I feel that it would be comparatively easy to fix. Overall, it was okay. :)


smlightFeb. 29, 2016, 12:17 a.m.

the layout is unreasonable...


kopi-cFeb. 29, 2016, 1:47 a.m.

My detailed feedback is as follows. First, I can say I only looked at Misc10, Crypto100, Crypto200, Web100. After that, I gave up on the event. So I might have missed some good other content. My overall impression was that this CTF required a lot of guessing in general.
- The website was barely usable. I had problems reaching it at times (not unusual for CTFs I guess). The dual language setting was confusing, and the English translation was not well done. Of course you can guess what the core functionality is, but that should not be required. I don't see multiple user accounts per team as necessary. I was not able to change my account's country to something else than China, and I was not able to change the profile pic. There was no usable error message.
- The graphs of team points looked fancy, but splines are really not appropriate for this (academic nitpocking). In addition, only the top teams were listed (or I missed how to display more teams)
- Misc10 was apparently only solveable by Chinese, so the organizers gave the flag to everyone in the end. It was only 10 points, so that hardly mattered much.
- I started with Crypto 100, which looked like a solid basic crypto challenge. Python code for a byte-wise symmetric substitution/rotation algorithm was provided, together with something that might have been the plaintext, and something that might be the ciphertext (called "out"), and something that seemed to be ciphertext of the flag. In the end, this challenge was decent, the only problem was that it was unclear that a) key would have to be printable characters, and b) the plaintext provided was truncated.
- In Crypto 200, it was easy to get to almost solving the challenge (which was unrelated to cryptography and involved scripting and unzip'ing a lot of files). I did not manage to solve the challenge, because I did not find unprintable characters in the comments of one of the 5k .zip files! I would count this as stego challenge at best, and more likely as guessing.
- Web100 apparently required to trick some regex-based blacklisting of file extensions in a POST-handling server-side script. The actual content of upload did not matter. In the end, this looked a lot like guessing to me as well (trick was to use double spaces in file extension?)

The technical difficulty of the challenges seemed to be higher than, for example, HackIM --- which is good. There were severe problems with English in the challenges and on the website, which left you wondering whether you were possibly missing easy things all the time. But on top of that, there was so much guessing required in the challenges that even if you knew what you were doing technically, you (at least I) could not finish it quickly. Together with infrastructure-related problems for an international audience, my overall conclusion is probably to not participate again in 2017.


amonFeb. 29, 2016, 6:32 a.m.

1/2

I actually thought the CTF was pretty good apart from a couple of hiccups. Here's my breakdown:

Caveats:

1. I live in Singapore so I might have had a slight advantage in terms of connectivity.
2. I cannot read Chinese. I actually relied a lot on Google Translate so despite being from a country that does include Chinese as one of the official languages, I do not have an advantage on that front.

Background:

My team has solved:
1. Web 200 (Can You Hit Me?)
2. Re 100
3. Crypto/Pwn 100 (HeHeDa)
4. Crypto/Pwn 200 (Chain Rule)
5. Crypto/Pwn 300 (Nonogram)
6. Crypto/Pwn 400 (Pwn1)
7. Misc 10 (Welcome) <-- A member of my team signed up for Weibo (they send to Singapore mobile numbers) and actually got it before they released the flag
8. Misc 300 (Hungry Game)

Positive:

1. Most of the challenges were very technically difficult
2. The challenges were also very intellectually interesting. I learnt a lot about QR codes and Nonograms from 'Crypto 300'. Pwn1 has a very interesting premise.
3. The organisers did respond to issues very quickly. For example, it became pretty apparent early on that International players (including me) had problems with joining in the QQ chat group. The IRC channel on Freenode that was setup was very well moderated with pretty quick response times and good admin rotations.
4. Flag formats were strictly adhered to.
5. The 'guessing' comments might be not entirely deserved. Yes, there are challenges like Web 1 that requires a lot of assumptions about the underlying technology, but in contrast to a previous poster, Crypto 200 wasn't guessing at all. The challenge included very transparent clues as you progress. You weren't supposed to look for a comment within a single file in a zip, but comments for all the files within the zip. Now, I do agree that this was categorised badly though. The choice of placing it in Crypto/Pwn might have been why people were not expecting it to be a stego challenge.

Negative:

1. The infrastructure did get very slow once the competition progressed. The wav file from Puzzle was a pain to download.
2. The translated English wasn't exactly very understandable. Still a lot better than HackIM's English though.
3. Some challenges in the Crypto/Pwn category might have been misclassfied. Nonogram and Chain Rule might have been better classified as MISC.
4. The web challenges would probably be better if there was an info leak vector to obtain the source code or simply provide it as part of the challenge to reduce having to make assumptions about exactly what the vulnerability is. Web 1 is a good example of something that should be simple but didn't get many solutions because it is not easy to reason about it.
5. I did not experience problems with Registration or the site but it seems like there are too many people who experienced it to ignore this point. Perhaps it has load issues?.


amonFeb. 29, 2016, 6:33 a.m.

2/2

My conclusions:

The CTF is far from perfect but I feel that it is still a valuable to play. I'm definitely looking forward to the solutions for everything because the challenges are interesting. I do hope the organisers make their next CTF more international friendly and provision for heavier loads. My rating for the CTF in the current state is 3.5 but I also concur that it's easily a 4-4.5 if it was a little smoother to play and reduced the need for assumptions.


PharisaeusFeb. 29, 2016, 8:25 a.m.

Far from the worst (HackIM set the bar really high) but also not particularly good. One problem was unintelligible language and poor task description which required stegano-like stills to figure out what the authors had in mind. Confusing categories for the tasks made it even more difficult. Some tasks required psychic abilities...
For example decoding single Nonogram task gives you "b2403b96?8924408|->:id|salt:5" and you have to figure out that "id" is the command you need to send to the server to get next task and that this hash is in fact a substring of md5 hash of a single letter of the flag concatenated with the salt value. And as much as the task itself was fine (solving nonogram, decoding qrcode, bruting md5 hash) the biggest challenge was to guess what were you even supposed to do and how to communicate with the server. I know admins were trying to salvage this by posting multiple hints, but it only proves that no-one has actually tested the task before the CTF.
There were also other tasks which required a lot of guessing (like Web) before you could proceed with some actual technical work. I understand that finding the attack vector is often part of the task, but it's nice if you can somehow figure it out / predict based on some info-leak rather than just have a lucky guess. I'm not mentioning some RE tasks pretty much unsolvable for people without (surely legal) latest IDA, because this is a very common thing.


n0n3m4Feb. 29, 2016, 1:50 p.m.

Overall, rating weight should be set to 0 or 5, I think.


PharisaeusFeb. 29, 2016, 2:36 p.m.

Let's not exaggerate with 0, even BreakIn got 5 points ;)


DamonssonFeb. 29, 2016, 3:29 p.m.

Rating 5 is maximum imo. Web category was a joke

web200 == recon200. And sendemail with payload.
Web100? Check ip, and if chineese send flag?
Web400 no comment, and this challange name FlagMAN. MAN - like Man in the middle, which exist for OAuth.
Web300 partially totally guessing for url_encode needed, might weel was rot-25
Only Web500 was normally


Number4Feb. 29, 2016, 8:39 p.m.

What was Web100 ?


niklasbFeb. 29, 2016, 9:27 p.m.

Web100 was http://www.wooyun.org/bugs/wooyun-2015-0125982. My 2cents:

Web100, 300 and 400 were completely blind and guessing only. I believe web300 or 400 randomly url_decoded your Github username in order to create an injection point. For web100 you had to "inject" a PHP file by bypassing a filename filter, but it would store the file as .jpg. Later admins in IRC told us that it is just a "simulation" and you simply get the flag if you bypass the filter (of course without giving out a formal notice about this on the website). The bug itself was apparently described on a famous Chinese security bug website: http://www.wooyun.org/bugs/wooyun-2015-0125982 If you don't know the bug, it's pretty much guessing only and random tampering with HTTP headers.

Crypto200 had nothing to do with crypto. Crypto100 was almost good, except they truncated the plaintext for some reason, just so it would still involve at least *some* guessing I suppose. It still ended up being kind of fun.

Misc100 was stego in a PDF document, apparently you just had to Google for PDF stego and try some of the tools until you find the right one. Misc300 was kind of fun.

I didn't end up looking into RE and pwn in detail, but I think those were OK, although people in IRC tell me that there was a *lot* of guessing involved as well.

Admins in IRC gave out significant hints in public, without adding them to the website. E.g. they mentioned that web300/400 is a MongoDB injection.


mpgn_x64March 1, 2016, 8:55 a.m.

"Rating weight: 20.00" the joke...


Z33R0March 1, 2016, 1:45 p.m.

As a Chinese, I just cant stop laughing here. Their English is ..... OK lets say it could be defined as English, perhaps Ssnglish is more appropriate. i have no reason to comment a negative word for it. After all SSCTF is the first CTF game in China for the whole world(as far as i know). i really enjoy it, though it's full of "Chinese Culture". I love misc 300 which is a really interesting game and i learned a lot from it. Frankly i was in QQ group i know because of the limited number of staff they had worked for the whole 48 hours, they dooo their best. I suppose we should give them applause and support instead of that worst or worst ever. ps : I'm not sure whether you can get my points, actually i think Chinese if much easier than your English. have a good one :)


PharisaeusMarch 1, 2016, 2:41 p.m.

@Z33R0 it's nothing personal against China, but people expected something more for a CTF that was scored 20. Just look at tasks from Insomnia teaser (https://ctftime.org/event/258/tasks/) which was also scored 20, or for example from last year's DefCamp Quals (https://ctftime.org/event/239/tasks/) which was worth 10. It's not hard to notice that the quality here was not the same. It would be different if the initial score was 0 or 5, then people would have different expectations.


AngelboyMarch 1, 2016, 3:59 p.m.

It's so terriable. Waste time.....


mpgn_x64March 1, 2016, 8:48 p.m.

@Pharisaeus Exactly ! you say it


h0twinterMarch 2, 2016, 2:08 a.m.

@Pharisaeus Even Break in and HackIM received 5 weighting points....this one is definitely better than any of them...Although I do admit 20 is an overkill. As for network issues...I don't know what to say about it, since it's most likely the GFW's fault and yeah I agreed the translation was really bad. Frankly, I don't know why they decided to release it to the world, since it is a part of XCTF event, I think there are some rules they have to stick with being a part of the huge event? Having played lot of Chinese CTFs...I would say this one is a normal Chinese CTF...


DropzeroMarch 2, 2016, 2:39 a.m.

niubility...


Z33R0March 2, 2016, 6:23 a.m.

@Pharisaeus Whatever I do believe they will do better next time:)


n0n3m4March 7, 2016, 10:24 a.m.

The rating weight poll disappeared despite the votes given there.
Keep up the good job, ctftime admins.


Sign in to comment.