Fri, 25 Aug. 2017, 14:00 UTC — Sun, 27 Aug. 2017, 14:00 UTC 

On-line

H4ckIT CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.com.ua/

This event's weight is subject of public voting!

Future weight: 16.49 

Rating weight: 16.49 

Event organizers 


HackIT CTF is 48h Capture the Flag Jeopardy competition organised by international cybersecurity forum HackIT happening in Kharkov, Ukraine, on 23rd of September.

Format: online, jeopardy, team-based
Categories: Web, Misc, Joy, Crypto, PWN, Reverse, Forensics, Stego
Contact (E-mail): ctf@hackit-ukraine.com
Contact (Telegram): @hackitctf

Prizes

- Top 3 teams(up to 5 participants per team) will be invited to the Bug Hunting Marathon HackIT Cup (https://hackit.ua/hackit-cup/), full accommodation & flights reimbursement

- Free tickets for HackIT-2017 to the finalists (10 teams, up to 5 participants per team)

Scoreboard

333 teams total

PlaceTeamCTF pointsRating points
1 sec0d 3770.00032.980
2 dcua 3490.00023.510
3 ASIS 3410.00020.412
4 p4 3220.00018.207
5 ALLES! 3000.00016.420
6 InfoSect 2450.00013.465
7 bunlisugeo 2160.00011.804
8 Rule110 1870.00010.241
9 HackXore 1860.0009.968
10 WildWest 1850.0009.741
11 Shadow Servants 1700.0008.935
12 ShellWarp 1665.0008.657
13 Limpopo 1600.0008.267
14 Bushwhackers 1570.0008.045
15 khack40 1570.0007.967
16 FWHIBBIT 1560.0007.854
17 Epic Leet Team 1550.0007.750
18 Legion of Dumb 1550.0007.696
19 Samurai 1520.0007.516
20 1064CBread 1500.0007.386
21 0x90r00t 1400.0006.909
22 Hackinground 1360.0006.698
23 The Northern Coalition 1270.0006.272
24 he0Haexe 1250.0006.155
25 PKTeam 1120.0005.558
26 TeamRocketIst 1100.0005.446
27 Balsn 1070.0005.291
28 EgFr33ks 1060.0005.225
29 JohnDoe 1020.0005.030
30 InSecurity 1010.0004.967
31 TheGoonies 950.0004.687
32 SiBears 870.0004.321
33 Security First 830.0004.130
34 OpenToAll 820.0004.072
35 Beers4Flags 800.0003.970
36 UiO-CTF 800.0003.957
37 BabyPhD 800.0003.945
38 Harekaze 750.0003.714
39 googlesenduspixel 720.0003.572
40 1701 720.0003.562
41 LC 720.0003.551
42 Bono_iPad 700.0003.454
43 318br 700.0003.445
44 Hacknam Style 670.0003.305
45 kyb 670.0003.297
46 .elite 670.0003.289
47 guatitasec 670.0003.281
48 DirtySocks 650.0003.187
49 0xD13A 620.0003.048
50 ETPwnHome 620.0003.042
51 JBZ 610.0002.991
52 dfnd 570.0002.810
53 Netwerkers 560.0002.761
54 Eierlegende Wollmilchsau 550.0002.711
55 badfirmware 550.0002.706
56 HackingForSoju 500.0002.481
57 Netcat.us 500.0002.476
58 saarsec 470.0002.340
59 Pwnium 470.0002.335
60 Plaid Parliament of Pwning 470.0002.331
61 Batman's Kitchen 470.0002.326
62 League of Extraordinarily Backward Engineers 470.0002.322
63 DreamSec 460.0002.274
64 brucel33t 450.0002.226
65 LHC_[LondrinaHackerClub] 450.0002.222
66 Overwatch 450.0002.218
67 b0tch_sec 450.0002.214
68 Hypertext Markup Protocol 450.0002.211
69 pas0k 450.0002.207
70 ISITDTU 450.0002.204
71 NASA Rejects 450.0002.201
72 c@fi.sh 450.0002.197
73 numidians 420.0002.063
74 Cache_Crook 420.0002.060
75 Sudo_root 400.0001.969
76 ManceRadare2 400.0001.967
77 Boyd301 400.0001.964
78 n00bs 370.0001.830
79 xSTF 370.0001.827
80 gtpp 370.0001.825
81 Team Lost 370.0001.822
82 True0xA3 370.0001.819
83 slot0 350.0001.730
84 Vidar 350.0001.727
85 Aggressive Cake 350.0001.725
86 Thomas 350.0001.723
87 asd 350.0001.720
88 urchin 320.0001.587
89 b1n4ry4rms 320.0001.585
90 ZenHack 320.0001.583
91 warpzone 310.0001.537
92 Boilers_2017 310.0001.535
93 lol 300.0001.490
94 Гренки 300.0001.488
95 n0obz 300.0001.486
96 RandomLuckers 300.0001.484
97 Camelot 270.0001.351
98 gTessierCrashpool 270.0001.349
99 w4rum 270.0001.348
100 M57 270.0001.346
101 o0o 270.0001.344
102 Console Cowboys 270.0001.343
103 CTD Elite 270.0001.341
104 Snatch The Root 270.0001.340
105 b01lers 250.0001.251
106 Fox-Hound 250.0001.249
107 pseudorandom 250.0001.248
108 DC416 250.0001.246
109 RATF{Rage Against The Flag} 250.0001.245
110 K17 250.0001.243
111 Dubna48k 250.0001.242
112 Hackthissite 250.0001.241
113 acdwas 220.0001.108
114 Just Hit the Core 220.0001.107
115 BE4HOXVII 220.0001.106
116 dRem 220.0001.104
117 EB FE 220.0001.103
118 Honeypot 220.0001.102
119 ju_ 220.0001.101
120 PrzyczlapyOdGulgulatora 220.0001.100
121 noraneco 220.0001.099
122 Turla Tech Support 200.0001.010
123 Antichat 200.0001.009
124 Pandemic 200.0001.008
125 System 200.0001.007
126 TechSec 200.0001.006
127 ImmortalPony 200.0001.005
128 raczman 200.0001.004
129 lelivic 200.0001.003
130 DaNangDragon 200.0001.002
131 ReptileSecretAgents 200.0001.001
132 TeamCC 200.0001.000
133 Epa 200.0000.999
134 8710*IQ 200.0000.998
135 MV9rwGOf08 170.0000.866
136 Neutrino_Cannon 170.0000.865
137 CSI 170.0000.864
138 Pain au chocolat 170.0000.863
139 xSTORMx 170.0000.862
140 Alcaline 170.0000.861
141 dc562 170.0000.861
142 bolgia4 170.0000.860
143 psut_test 170.0000.859
144 GDB runners 170.0000.858
145 Johnny 160.0000.814
146 pesiki 150.0000.769
147 M.O.K 150.0000.768
148 dodododo 150.0000.768
149 krkodile 150.0000.767
150 Terence 150.0000.766
151 sktters 150.0000.765
152 dima_sql 150.0000.765
153 n4rv4l0 150.0000.764
154 playerone 150.0000.763
155 Tr0janH0rs3 150.0000.762
156 AzureTeam 150.0000.762
157 kNN 150.0000.761
158 Espacio 120.0000.629
159 DZ_Shadows 120.0000.629
160 bibi 120.0000.628
161 QTH 120.0000.627
162 noteamactually 120.0000.627
163 horosora 120.0000.626
164 flyingpig 120.0000.625
165 bit_warriors 120.0000.625
166 R38007 120.0000.624
167 alert(1); 120.0000.624
168 Zionspike 120.0000.623
169 UglyFlowers 120.0000.622
170 da_pwnyes 110.0000.578
171 Samsung R&D PL 100.0000.534
172 YoungPwnawans 100.0000.533
173 BootCampNSA 100.0000.533
174 slenderestman 100.0000.532
175 alanlei 100.0000.532
176 PepoThinkers 100.0000.531
177 Dual 100.0000.531
178 Paskell 100.0000.530
179 Kernelsanders 100.0000.530
180 the e-LEMON-ators 100.0000.529
181 pwn.ro 100.0000.529
182 sighlent 100.0000.528
183 YouAreDelayingTheProject 100.0000.528
184 Cheddar Horsemen 100.0000.527
185 WaiVi5go 100.0000.527
186 farmingsimulator2015 100.0000.526
187 IBAS 100.0000.526
188 Bopoznpvt 100.0000.525
189 Neg9 100.0000.525
190 spam0day 100.0000.524
191 monadaUY 100.0000.524
192 Hackademia 100.0000.523
193 ACTU 100.0000.523
194 FireShell­ 100.0000.522
195 C007Runnings 100.0000.522
196 Etterpriz 100.0000.522
197 Cumbancha 100.0000.521
198 sw1ss 100.0000.521
199 ezwin 100.0000.520
200 wund3rw4ffl3_team 70.0000.389
201 OverDover 70.0000.388
202 PewPewCrew 70.0000.388
203 _PRIME_ 70.0000.387
204 Olio 60.0000.343
205 h0ax 60.0000.343
206 Pwn Leak 60.0000.342
207 0v3n_Sh3ll 50.0000.298
208 kid10 50.0000.298
209 Kole and Associates 50.0000.298
210 Улаанбаатар 50.0000.297
211 l0neW0lf 50.0000.297
212 mau5 50.0000.296
213 shibusawa 50.0000.296
214 NoMansRoot 50.0000.296
215 CtfNT 50.0000.295
216 fantasticbeasts 50.0000.295
217 NaijaSecForce 50.0000.295
218 no_shell_no_food 50.0000.294
219 m3m0ry 50.0000.294
220 jodevsa 50.0000.294
221 2amResearch 50.0000.293
222 Allah 50.0000.293
223 [$om3T3@m] 30.0000.205
224 8bit 20.0000.161
225 Iam9r00t 20.0000.161
226 P_TE 20.0000.160
227 Team_STFU 20.0000.160
228 RootSheep 20.0000.160
229 ARGOS 20.0000.159
230 MetaMelange 20.0000.159
231 DrnglVrgs 20.0000.159
232 %00 20.0000.159
233 ustaa 20.0000.158
234 HACKING UKRAINE 20.0000.158
235 Nonsense_Exception 20.0000.158
236 javox 20.0000.157
237 cheYen 20.0000.157
238 JASB 20.0000.157
239 Team #00ff00 20.0000.156
240 NotFound 20.0000.156
241 New_bie 20.0000.156
242 Super Massive Black Full-Metal Bacon Panecakes with Apple Jam 20.0000.156
243 SHARK 20.0000.155
244 pavel 20.0000.155
245 Nullfluid 20.0000.155
246 w00t_r00t 20.0000.155
247 wr47h 20.0000.154
248 The Elite Firm 20.0000.154
249 fsociety 20.0000.154
250 CRYPTO 20.0000.153
251 joizel 20.0000.153
252 Team Shield 20.0000.153
253 hack_and_beer 20.0000.153
254 SaBerTooths 20.0000.152
255 MK 20.0000.152
256 Dracarys 20.0000.152
257 NetS3c 20.0000.152
258 Ph03nix 20.0000.151
259 Shine 20.0000.151
260 jackdaw 20.0000.151
261 BinaDarmaCyberArmy01 20.0000.151
262 NIS 20.0000.150
263 ktecv2000 20.0000.150
264 CacheCrook 20.0000.150
265 osman 20.0000.150
266 Eva 20.0000.149
267 0xdeadc0de 20.0000.149
268 ulo 20.0000.149
269 PHCN 20.0000.149
270 Chaos Legion 20.0000.149
271 OwlSecurity 20.0000.148
272 Herauld Higgins 20.0000.148
273 zarzon 20.0000.148
274 4lert(1) 20.0000.148
275 AjbiSOFT 20.0000.147
276 d4rkc0de 20.0000.147
277 1up 20.0000.147
278 kireynT 20.0000.147
279 Fuck01 20.0000.147
280 44uN 20.0000.146
281 pwn4food 20.0000.146
282 blurbdust 20.0000.146
283 somebloke 20.0000.146
284 Rootkids 20.0000.146
285 TuX 20.0000.145
286 texh0k0t 20.0000.145
287 tr0jan 20.0000.145
288 SunplaceSolutions 20.0000.145
289 lefes 20.0000.145
290 CharliebWup 20.0000.144
291 sid 20.0000.144
292 _SA 20.0000.144
293 rawsec 20.0000.144
294 syn 20.0000.144
295 Mark89-l4m3r1no 20.0000.143
296 tacohacker 20.0000.143
297 CSARedTeam 20.0000.143
298 HDC 20.0000.143
299 OPT 20.0000.143
300 mmkk22 20.0000.142
301 gruf 20.0000.142
302 0x41717561 20.0000.142
303 hm01 20.0000.142
304 Onigiri 20.0000.142
305 2O2L2H 20.0000.142
306 TJ 20.0000.141
307 Dududuck 20.0000.141
308 BK201 20.0000.141
309 wangz 20.0000.141
310 OldXpeH 20.0000.141
311 Scrypter 20.0000.141
312 WM_HOOK 20.0000.140
313 T0X1C V4P0R 20.0000.140
314 DickBoy 20.0000.140
315 mmkk222 20.0000.140
316 EpicTeam1 20.0000.140
317 CyberOps 20.0000.139
318 Wizards of OS 20.0000.139
319 R311 20.0000.139
320 ? 20.0000.139
321 LoLa 20.0000.139
322 Dystopian Narwhals 20.0000.139
323 no(r)way 20.0000.139
324 Cracksec 20.0000.138
325 pwnhack 20.0000.138
326 jsutset 20.0000.138
327 krazy 20.0000.138
328 IAM 20.0000.138
329 MhackGyver 20.0000.138
330 mnciitbhu 20.0000.137
331 0xFF 20.0000.137
332 NaruseJun 20.0000.137
333 Cyber-Ninja 20.0000.068
solarwind – Sept. 1, 2017, 7:40 p.m.

Dear khack40, there were no significant submission server downtime between your previous and group of 4 submits as you claim in https://pastebin.com/mzvvEzB9 .

Your last submit before traded group of flags was at
802 [2017-08-26 20:55:43] khack40 Reverse250
traded group at
974 [2017-08-27 09:44:34] khack40 Foren100

There were flags at:

20:55 21:01 21:09 21:10 21:11 21:15 21:21 21:22 21:23 21:33 21:36 21:37 21:42 21:45 21:53 21:57 21:58 22:07 22:13 22:15 22:18 22:26 22:31 22:39 22:40 22:44 22:45 22:49 22:51 22:52 22:54 22:56 23:03 23:06 23:12 23:14 23:18 23:19 23:20 23:26 23:31 23:35 23:41 23:45 23:46 00:00 00:03 00:05 00:06 00:12 00:14 00:15 00:18 00:26 00:35 00:40 00:46 01:00 01:05 01:08 01:11 01:12 01:19 01:20 01:24 01:27 01:28 01:31 01:39 01:40 01:43 01:48 01:51 01:53 02:00 02:01 02:06 02:11 02:16 02:17 02:18 02:22 02:31 02:40 02:46 02:47 02:50 02:52 02:59 03:03 03:05 03:08 03:10 03:18 03:20 03:26 03:28 03:30 03:34 03:42 03:48 03:51 03:55 03:58 04:00 04:01 04:02 04:09 04:11 04:14 04:15 04:20 04:24 04:31 04:38 04:39 04:40 04:41 04:48 04:53 05:10 05:13 05:26 05:43 05:59 06:10 06:11 06:17 06:38 06:39 06:53 07:08 07:16 07:17 07:29 07:34 07:49 07:52 07:54 08:14 08:16 08:21 08:27 08:32 08:41 08:51 08:52 08:57 09:14 09:15 09:28 09:32 09:41 09:44

> So at the end, our explanation is way more *probable* (we definitly do not need to cheat to solve those challs and even if we would never have cheated in a such visible way), but it is also *verifiable* (just check about the downtime!)

Verification above, you are lying.


Pharisaeus – Sept. 1, 2017, 10:39 p.m.

@solarwind I'm not sure about this lack of server downtime. We constantly had problems with the scoreboard page loading, basically all the time you had to refresh it a couple of times in order to get in, so I can imagine someone giving up and stashing the flags for later, especially since they still had plenty of time to submit.

Also I know for a fact that at least two tasks had flag submission broken, according to orgs `Its laggs of cloudflare`, and it could be that all flags were affected by this issue (we had only two to submit at the time so I don't know). For sure we couldn't validate web 100 and some other task at `Aug 25, 2017, 9:32 PM CEST` and we managed to submit only about half an hour later. Maybe downtime was localized somehow due to cloudfare and only some teams experienced this?

Anyway, both @khack40 and @sec0d are teams with a long history of playing in CTFs and I can't imagine them cheating on some random noname CTF out of the blue. I also don't see why should it be necessary. There were ~4 of us playing (and by no means all the strongest ones), and yet we were still able to get pretty high.

There were also no really really hard tasks which could distinguish between a medium and a strong team (there were no statistics on number of solves for tasks so I can't be sure on this). There were some hard-guessy stuff like web200, or hard-broken ones like crypto300 but it was more about luck and not only skill so it's not a benchmark in this case. Unlike in some hardcore CTFs there was no crypto solvable only by Hellman and a couple of others, or pwn which only j00ru and a few other people could tackle etc. Basically any task could have been solved by a lot of teams, so I can totally imagine a "medium team" winning or at least getting to the top with enough manpower, dedication and a bit of luck.


solarwind – Sept. 4, 2017, 8:45 a.m.

There is no need of imagination, if there are facts. And facts here -- there are strong signs of cheating in submission timing, and team is caught on lying publicly about submission server downtime. In that period they are talking about other teams successfully verified flags, see above.
Explanation that Cloudflare failed for only 1 team for ~12 hours is not much better than they guessed 4 flags in 5 minutes.


leopoldine.lolcat – Sept. 4, 2017, 11:47 a.m.

@solarwind
Facts : Our members got trouble to submit flag.
Cheating issue closed.


solarwind – Sept. 5, 2017, 2:11 p.m.

Please stop lying, submission server was working fine in that period.
You were asking previously to check your claim that server was down -- you got verification.


leopoldine.lolcat – Sept. 5, 2017, 2:35 p.m.

Please stop whining.
You got fucked hard by @sec0d and @khack40 didn't share any flag.
Now, you have to accept that.


kara71 – Sept. 5, 2017, 9:45 p.m.

@solarwind you don't work in statistics, do you ?
You managed to find "significant" "proof" of cheating using 2 data points lul
(also why would khack40 cheat on a small CTF like this one ?)

Now please be sportsmanlike, it makes the game way less fun when you get cheating allegations coming from nowhere, from a team who's not even part of the organization but still managed to get the logs somehow...


solarwind – Sept. 5, 2017, 9:59 p.m.

Analysis above showed that you & sec0d cheated, it is funny to see how you are switching to insults from lengthy posts with fake excuses when got caught on lying.


leopoldine.lolcat – Sept. 6, 2017, 8:30 a.m.

@solarwind, you already got too much attention for your cheating allegation.
Your analysis above just prove that during 2017-08-26 20:55:43 to 2017-08-27 09:44:34 some teams validated flag.
It don't prove that platform got 100% uptime.
You got response from orgs.
You got response from sec0d.
And you got response from us.
I repeat one more time, during that 12 hours (we were sleeping first of all), then we found 4 flags and we got submission trouble.
Is it our internet connection ? Is it platform downtime ? Is it like the scoreboard page loading issue ? I don't know and I don't care.
Deal with that because you won't get another response.