Sat, 26 March 2016, 20:00 UTC — Sun, 27 March 2016, 20:00 UTC 

On-line

Securinets CTF event.

Format: Jeopardy Jeopardy

Official URL: https://www.ctfsecurinets.com/app.php/login

This event's weight is subject of public voting!

Future weight: 15.04 

Rating weight: 15.04 

Event organizers 


CTF Securinets Quals 2016 is an on-line jeopardy style CTF organized by Securinets Club.
You can find more details on our website: www.ctfsecurinets.com
or www.securinets.com

Scoreboard

77 teams total

PlaceTeamCTF pointsRating points
1 Pwnium 5265.00030.080
2 SpectriX_BestCheaterz 5265.00022.560
3 DATATECH 5190.00019.839
4 ScienZiati 5040.00018.157
5 HackXore 5040.00017.405
6 th3jackers 4940.00016.618
7 ISITDTU 4940.00016.260
8 Batman's Kitchen 4915.00015.920
9 dcua 4590.00014.783
10 soft cotton 4149.00013.356
11 0wn3r5-bugMakers 3315.00010.837
12 Raccoons 2774.0009.178
13 The DHARMA Initiative 2665.0008.770
14 Sw1ssFr13nds 2624.0008.570
15 NowaySec 2499.0008.141
16 SecuriNets ISI 1 2449.0007.936
17 Snatch The Root 2374.0007.666
18 k18DTU 2274.0007.331
19 Bugs_Bunny 2199.0007.073
20 TapuTeam 2024.0006.534
21 Mammon Machine 1890.0006.115
22 noraneco 1874.0006.037
23 SecuriNets ISI 2 1674.0005.436
24 kaijo 1624.0005.266
25 Marsupilamis 1599.0005.169
26 UCCU 1425.0004.649
27 DFCI 1349.0004.411
28 ZGomBa 1074.0003.605
29 Fourchette Bombe 1024.0003.444
30 jinmo123 1024.0003.426
31 mathboy7 1024.0003.410
32 taurus 974.0003.252
33 sina 924.0003.095
34 Execut3 874.0002.939
35 KillMePLZ 799.0002.712
36 hAIXer 775.0002.632
37 LoneWolf 774.0002.617
38 thuong123abc 749.0002.535
39 DjigIT 724.0002.454
40 vanhelsing 724.0002.444
41 MV9rwGOf08 716.0002.412
42 kasper 649.0002.212
43 thebestd92 649.0002.204
44 11-Digit Prime Number 649.0002.196
45 Oleg 624.0002.117
46 n0pster 624.0002.109
47 gmilte 524.0001.817
48 NIS 449.0001.596
49 FSoc!3ty 424.0001.518
50 h4ckf0rf00dz 424.0001.512
51 Secureal 249.0001.006
52 iSome 224.0000.929
53 JoeGaje 224.0000.924
54 pwnplay 224.0000.918
55 IIT_WHM 149.0000.699
56 ENSIT-INFO 124.0000.623
57 IIT-Sec 124.0000.618
58 cafmin 124.0000.614
59 Splinter 99.0000.538
59 Ossec_Team 124.0000.609
60 Jeramy 124.0000.605
61 H3RM1T 124.0000.601
62 honc 124.0000.597
63 NeOLux-C1Ph3r 124.0000.593
64 zbaber united 124.0000.589
65 BlackSpace 124.0000.586
66 Ninja Turtle 100.0000.514
67 _tomcat_ 99.0000.507
68 xor00 99.0000.504
70 MrMugiwara 99.0000.498
71 ASIS 99.0000.495
72 hy00un 99.0000.492
73 astrodroids 99.0000.489
74 TheFuckUps 99.0000.486
75 SecuriTeam 99.0000.483
76 The Emperørs 99.0000.481
77 unicornsandrainbows 99.0000.239
havocmage – March 27, 2016, 1:14 p.m.

registration is broken for this student ctf.


m1dn8h4ck – March 27, 2016, 2:33 p.m.

Hello,

You have to check these two teams SpectriX and SpectriX_II

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/14 -b "PHPSESSID=0" | grep SpectriX
<div class="errSub">SpectriX has submitteda an invalid response at 11:33:55 at 27/03/2016</div>
<div class="errSub">SpectriX has submitteda an invalid response at 11:54:27 at 27/03/2016</div>
<div class="sucSub">SpectriX_II has submitteda a valid response at 13:07:44 at 27/03/2016</div>
<div class="sucSub">SpectriX has submitteda a valid response at 13:08:34 at 27/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/16 -b "PHPSESSID=0" | grep SpectriX
<div class="errSub">SpectriX has submitteda an invalid response at 05:42:35 at 27/03/2016</div>
<div class="errSub">SpectriX has submitteda an invalid response at 05:47:52 at 27/03/2016</div>
<div class="errSub">SpectriX has submitteda an invalid response at 11:34:28 at 27/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/28 -b "PHPSESSID=0" | grep SpectriX
<div class="sucSub">SpectriX has submitteda a valid response at 22:13:54 at 26/03/2016</div>
<div class="sucSub">SpectriX_II has submitteda a valid response at 22:52:24 at 26/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/10 -b "PHPSESSID=0" | grep SpectriX
<div class="sucSub">SpectriX_II has submitteda a valid response at 22:00:32 at 26/03/2016</div>
<div class="sucSub">SpectriX has submitteda a valid response at 22:33:12 at 26/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/11 -b "PHPSESSID=0" | grep SpectriX
<div class="sucSub">SpectriX_II has submitteda a valid response at 00:14:14 at 27/03/2016</div>
<div class="sucSub">SpectriX has submitteda a valid response at 03:34:17 at 27/03/2016</div>

....


H3LL0 – March 27, 2016, 2:36 p.m.

Spectrix cheaaaaaat level god


Occupe – March 27, 2016, 2:42 p.m.

i think that double account and submitting flag are prohibitted!!

admin check their submits plzzzzzz


Tr0jaN_Dz.eXe – March 27, 2016, 2:48 p.m.

Check submittion log , SpectriX Cheat !


MrMugiwara – March 27, 2016, 2:48 p.m.

Spectrix Stop Sharing Flag's With Others TEAM
+ Double Accounts WTF


MrMugiwara – March 27, 2016, 2:49 p.m.

So Fuck You a Lot :D


MrMugiwara – March 27, 2016, 3 p.m.

you want To qualify With All Your Familly as 2 Team hhhhhhh Fuck Your Level


MrMugiwara – March 27, 2016, 3:33 p.m.

Securinets you have locked My account Fucks All Of You
But Securinets gives Flags To Spectrix and you Think Nobody Know About This All Memmers In Ctf Know This Bull Sheat


havocmage – March 27, 2016, 3:44 p.m.

I guess I am now glad that the registration is broken...


Occupe – March 27, 2016, 6:03 p.m.

There vvas a bug if server...............players can see disabled challenge ===> played before admin publish challenge -.-'


Pwny – March 27, 2016, 7:08 p.m.

Really -_- ?? dafuq

SpectriX
SpectriX_II

the same score in the end hahahhah


ulimateshi – March 27, 2016, 7:13 p.m.

SpectriX and SpectriX 2 and DATATECH and S1
all is cheating teams
GGWP


_hamsterx_ – March 28, 2016, 1:25 a.m.

cheat ? wkwkw like gta pc "hesoyam" :V


Emperor – March 28, 2016, 12:01 p.m.

First of all, registration is finished before the CTF, it's useless to cry if you are not accepted after the start of the CTF.
With that we took the risk of leaving the open enrollment provided to activate their account. Each period registered accounts are activated.
Those who were violating the rules deserve to be banished (1 attempt to validate at least every 5 seconds). So if there is someone who has been banned is not because of us. In addition there is the IRC channel if you have a problem you could tell us. Banished every team we unblock his account.
The top five winning teams are provisional. We'll check the logs attempts and validation to check if there are teams that have cheated.
The team that receives flags will be disqualified in the final round if it is among the top teams.
About Spectrix, SpectriX_II, DATATECH, according to the names of registered participants, they are the best CTF participants in Tunisia. They did not need to share the flags. With that we will check if there are teams that have cheated.
Instead, we receive their questions on IRC like other teams and were never given a flag and never advantaged one team over another.
Congratulations everyone.
I hope you have fun during this CTF and you saw new tasks.


H3LL0 – March 28, 2016, 12:14 p.m.

What about this :) yes they are the best CTF participants cheated in Tunisia (y)
os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/14 -b "PHPSESSID=0" | grep SpectriX
<div class="errSub">SpectriX has submitteda an invalid response at 11:33:55 at 27/03/2016</div>
<div class="errSub">SpectriX has submitteda an invalid response at 11:54:27 at 27/03/2016</div>
<div class="sucSub">SpectriX_II has submitteda a valid response at 13:07:44 at 27/03/2016</div>
<div class="sucSub">SpectriX has submitteda a valid response at 13:08:34 at 27/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/16 -b "PHPSESSID=0" | grep SpectriX
<div class="errSub">SpectriX has submitteda an invalid response at 05:42:35 at 27/03/2016</div>
<div class="errSub">SpectriX has submitteda an invalid response at 05:47:52 at 27/03/2016</div>
<div class="errSub">SpectriX has submitteda an invalid response at 11:34:28 at 27/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/28 -b "PHPSESSID=0" | grep SpectriX
<div class="sucSub">SpectriX has submitteda a valid response at 22:13:54 at 26/03/2016</div>
<div class="sucSub">SpectriX_II has submitteda a valid response at 22:52:24 at 26/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/10 -b "PHPSESSID=0" | grep SpectriX
<div class="sucSub">SpectriX_II has submitteda a valid response at 22:00:32 at 26/03/2016</div>
<div class="sucSub">SpectriX has submitteda a valid response at 22:33:12 at 26/03/2016</div>

os:~ amine$ curl -ks https://ctfsecurinets.com/getTask/11 -b "PHPSESSID=0" | grep SpectriX
<div class="sucSub">SpectriX_II has submitteda a valid response at 00:14:14 at 27/03/2016</div>
<div class="sucSub">SpectriX has submitteda a valid response at 03:34:17 at 27/03/2016</div>


Emperor – March 28, 2016, 1:12 p.m.

I'm not defending them, I don't know why for the easy tasks like task14 (hideen1) they have submitted after one minute (if they do use firefox only for this task as mentionned in the hint they can sove it quickly). The same thing with task16 (hidden3) (scanning the records of hidden.ctfsecurinets.com) and the task28 (pwn0) the easiest pwn task.
But in the other difficult tasks they take more time like task 10 (more than 30 minutes) and 11 (3 hours 15 minutes).


nctupentest – March 28, 2016, 2:36 p.m.

zebi la?


nctupentest – March 28, 2016, 2:36 p.m.

@Empereur Paradis zebi la? ntoma 3attaya tmadelhom flags nik zabour mkom 3attaaayaaa


havocmage – March 29, 2016, 7:59 p.m.

Interesting case with this CTF as an example of how a bad CTF rating can be gamed. Shows an issue with the system.


h0twinter – March 29, 2016, 8:57 p.m.

@Matt I totally agree. I think the problem with this CTF's weighting is because of multiple CTFs happening at the same time, and not many top50 teams have participated in it. I think the polled weighting should also be weighted by the team's ranking on CTFTime last year. This way higher ranked team's poll get's weighted higher, which makes a lot more sense to me. I also think that organizers definitely should not get to vote for their own CTF and to punish these people from boosting the weighting rate of this CTF too high, ctftime admin should give them a weight of 0.


havocmage – March 29, 2016, 9:28 p.m.

I do find it amusing that when I looked at Empereur's profile just a couple of days ago, he/she wasn't a member of any team. But is now on a team that participated just enough to vote as a team. I doubt he/she could have voted otherwise. Another way to work the system. I have to wonder, considering all of the gaming ,if the CTF was planned to happen on a weekend with two major CTFs in order to avoid getting the better teams involved.


Pharisaeus – March 30, 2016, 10:21 a.m.

@h0twinter this is a terrible idea. Already there are some top teams voting with approach: "did we win? score to max!" and "did we lose? score to min!". If you give their votes higher weight then this will make it even harder for a different/new team to get to the top. This would work of people were honest and impartial with their votes, and they're not.


niklasb – March 31, 2016, 10:34 a.m.

I thought there was a cap at 1,5x the original weight? How did this get up to 16? I feel like the same happened for Insomni'Hack


solarwind – April 1, 2016, 6:13 a.m.

Current voting max seems 1.5x of last year, but not less than 25 for new CTFs. This sounds reasonable, because gives equal opportunity to old CTFs to improve and new one to get good weight. If you make less than 1.5x factor it will be hard for old CTFs with solid backgroud to get more rating (e.g. see InsomniHack CTF runs for 3 years and have solid foundation of high-quality tasks; organizing team is very good, check last year DefCon Finals if unsure; it is ridiculous to cap its weight on the same level as Pwn2Win). If you make low start limit for new CTFs, they will not be able take good score forever, regardless of quality of tasks (look for example of some latest chinese CTFs, they are very good -- if you limit them to e.g. 5.0 rating on first year, max what they can get in e.g. 4 years is ~25 regardless what they will do).

To give top teams more voice in votes than others is not good idea. Top teams will likely to put most of the efforts to best available CTF in case of time clash, and may not pay attention to the tasks of others so not have enough info to make concise decision. It is extremely hard to play in all CTFs in the same time, I know because my team and I done it on previous weekend -- we were focused on VogaCTF, but played in parallel on Pwn2Win, Securinet and Mates CTF (some non-rated vietnamese CTF, with decent pwnables). There is a risk however that some non-top teams will play in mean quality CTFs and then try to upvote their rating to max (what is happening now on Pwn2Win), but I think this is OK -- when they realise that they are top teams too, they will join others on more descent CTFs. Rights to vote give advantage to young teams and will involve more people to CTF community and discussion, I think this is very important. The possible risks of equal voting seems minimal, it will increase average rating weight of ctfs in worst case.

What can be improved in current system -- the minor improvement is that orgs and associated teams should be excluded from voting for their own CTF. If they want to respond to players -- there is comments here, without voting. The more global improvement -- there is seems need of some authority, maybe some "CTFtime decision board", to ban CTFs, regardless of votes. Its a shame what is happening on Securinets right now, there are obvious cheating, manipulation of voting system via team names squatting, orgs seems are in collusion with cheating teams, and the cheating teams have upvoted it to the sky. This CTF should be removed from CTFtime, and next year ctfs from the same org team banned. The other potential cases for CTFtime bans are unethical behaviour of orgs (public personal insults of players, political or national hatred, discrimination based on nationality, race, religion), low quality of tasks (hypothetical example is a group of people can make 20 CTFs with 1 task base64.b64decode("QnJlYWtJbntmbGFnfQ") and there will be alot of votes to make this ctf 25.0+ rating weight).