Fri, 25 Aug. 2017, 14:00 UTC — Sun, 27 Aug. 2017, 14:00 UTC 

On-line

H4ckIT CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.com.ua/

This event's future weight is subject of public voting!

Future weight: 16.88 

Rating weight: 16.88 

Event organizers 

HackIT CTF is 48h Capture the Flag Jeopardy competition organised by international cybersecurity forum HackIT happening in Kharkov, Ukraine, on 23rd of September.

Format: online, jeopardy, team-based
Categories: Web, Misc, Joy, Crypto, PWN, Reverse, Forensics, Stego
Contact (E-mail): ctf@hackit-ukraine.com
Contact (Telegram): @hackitctf

Prizes

- Top 3 teams(up to 5 participants per team) will be invited to the Bug Hunting Marathon HackIT Cup (https://hackit.ua/hackit-cup/), full accommodation & flights reimbursement

- Free tickets for HackIT-2017 to the finalists (10 teams, up to 5 participants per team)

Scoreboard

333 teams total

PlaceTeamCTF pointsRating points
1 sec0d 3770.00033.760
2 dcua 3490.00024.066
3 ASIS 3410.00020.895
4 p4 3220.00018.637
5 ALLES! 3000.00016.808
6 InfoSect 2450.00013.783
7 bunlisugeo 2160.00012.083
8 Rule110 1870.00010.483
9 HackXore 1860.00010.204
10 WildWest 1850.0009.971
11 Shadow Servants 1700.0009.146
12 ShellWarp 1665.0008.862
13 Limpopo 1600.0008.462
14 Bushwhackers 1570.0008.235
15 khack40 1570.0008.155
16 FWHIBBIT 1560.0008.040
17 Epic Leet Team 1550.0007.933
18 Legion of Dumb 1550.0007.878
19 Samurai 1520.0007.694
20 1064CBread 1500.0007.560
21 0x90r00t 1400.0007.072
22 Hackinground 1360.0006.857
23 The Northern Coalition 1270.0006.420
24 he0Haexe 1250.0006.300
25 PKTeam 1120.0005.690
26 TeamRocketIst 1100.0005.574
27 Balsn 1070.0005.416
28 EgFr33ks 1060.0005.349
29 JohnDoe 1020.0005.149
30 InSecurity 1010.0005.085
31 TheGoonies 950.0004.798
32 SiBears 870.0004.423
33 Security First 830.0004.228
34 OpenToAll 820.0004.168
35 Beers4Flags 800.0004.064
36 UiO-CTF 800.0004.051
37 BabyPhD 800.0004.038
38 Harekaze 750.0003.802
39 googlesenduspixel 720.0003.657
40 1701 720.0003.646
41 LC 720.0003.635
42 Bono_iPad 700.0003.536
43 318br 700.0003.527
44 Hacknam Style 670.0003.384
45 kyb 670.0003.375
46 .elite 670.0003.367
47 guatitasec 670.0003.359
48 DirtySocks 650.0003.262
49 0xD13A 620.0003.121
50 ETPwnHome 620.0003.114
51 JBZ 610.0003.062
52 dfnd 570.0002.877
53 Netwerkers 560.0002.826
54 Eierlegende Wollmilchsau 550.0002.775
55 badfirmware 550.0002.770
56 HackingForSoju 500.0002.540
57 Netcat.us 500.0002.535
58 saarsec 470.0002.395
59 Pwnium 470.0002.391
60 Plaid Parliament of Pwning 470.0002.386
61 Batman's Kitchen 470.0002.381
62 League of Extraordinarily Backward Engineers 470.0002.377
63 DreamSec 460.0002.328
64 brucel33t 450.0002.279
65 LHC_[LondrinaHackerClub] 450.0002.275
66 Overwatch 450.0002.271
67 b0tch_sec 450.0002.267
68 Hypertext Markup Protocol 450.0002.263
69 pas0k 450.0002.259
70 ISITDTU 450.0002.256
71 NASA Rejects 450.0002.253
72 justCatTheFish 450.0002.249
73 numidians 420.0002.112
74 Cache_Crook 420.0002.109
75 Sudo_root 400.0002.016
76 ManceRadare2 400.0002.013
77 Boyd301 400.0002.010
78 n00bs 370.0001.873
79 xSTF 370.0001.870
80 gtpp 370.0001.868
81 Team Lost 370.0001.865
82 True0xA3 370.0001.863
83 slot0 350.0001.770
84 Vidar 350.0001.768
85 Aggressive Cake 350.0001.766
86 Thomas 350.0001.763
87 asd 350.0001.761
88 urchin 320.0001.625
89 b1n4ry4rms 320.0001.622
90 ZenHack 320.0001.620
91 warpzone 310.0001.574
92 Boilers_2017 310.0001.571
93 lol 300.0001.525
94 Гренки 300.0001.523
95 n0obz 300.0001.521
96 RandomLuckers 300.0001.519
97 Camelot 270.0001.383
98 gTessierCrashpool 270.0001.381
99 w4rum 270.0001.379
100 M57 270.0001.378
101 o0o 270.0001.376
102 Console Cowboys 270.0001.374
103 CTD Elite 270.0001.373
104 Snatch The Root 270.0001.371
105 b01lers 250.0001.280
106 Fox-Hound 250.0001.279
107 pseudorandom 250.0001.277
108 DC416 250.0001.276
109 RATF{Rage Against The Flag} 250.0001.274
110 K17 250.0001.273
111 Dubna48k 250.0001.271
112 Hackthissite 250.0001.270
113 acdwas 220.0001.134
114 Just Hit the Core 220.0001.133
115 BE4HOXVII 220.0001.132
116 dRem 220.0001.131
117 EB FE 220.0001.129
118 Honeypot 220.0001.128
119 ju_ 220.0001.127
120 PrzyczlapyOdGulgulatora 220.0001.126
121 noraneco 220.0001.125
122 Turla Tech Support 200.0001.034
123 Antichat 200.0001.033
124 Pandemic 200.0001.032
125 b3y0nd_1nf1n1ty 200.0001.031
126 TechSec 200.0001.029
127 ImmortalPony 200.0001.028
128 raczman 200.0001.027
129 lelivic 200.0001.026
130 DaNangDragon 200.0001.025
131 ReptileSecretAgents 200.0001.024
132 TeamCC 200.0001.023
133 Epa 200.0001.022
134 PwnaSonic 200.0001.021
135 MV9rwGOf08 170.0000.886
136 Neutrino_Cannon 170.0000.885
137 CSI 170.0000.884
138 Pain au chocolat 170.0000.883
139 xSTORMx 170.0000.883
140 Alcaline 170.0000.882
141 DC562 170.0000.881
142 bolgia4 170.0000.880
143 psut_test 170.0000.879
144 BitWornHats 170.0000.878
145 yNNhoJ 160.0000.833
146 pesiki 150.0000.787
147 M.O.K 150.0000.786
148 dodododo 150.0000.786
149 krkodile 150.0000.785
150 Terence 150.0000.784
151 sktters 150.0000.783
152 dima_sql 150.0000.783
153 n4rv4l0 150.0000.782
154 playerone 150.0000.781
155 Tr0janH0rs3 150.0000.781
156 AzureTeam 150.0000.780
157 kNN 150.0000.779
158 Espacio 120.0000.644
159 DZ_Shadows 120.0000.643
160 bibi 120.0000.643
161 QTH 120.0000.642
162 noteamactually 120.0000.641
163 horosora 120.0000.641
164 flyingpig 120.0000.640
165 bit_warriors 120.0000.640
166 R38007 120.0000.639
167 alert(1); 120.0000.638
168 zionspike 120.0000.638
169 UglyFlowers 120.0000.637
170 da_pwnyes 110.0000.592
171 Samsung R&D PL 100.0000.546
172 YoungPwnawans 100.0000.546
173 BootCampNSA 100.0000.545
174 slenderestman 100.0000.545
175 alanlei 100.0000.544
176 PepoThinkers 100.0000.544
177 Dual 100.0000.543
178 Paskell 100.0000.543
179 Kernelsanders 100.0000.542
180 the e-LEMON-ators 100.0000.542
181 pwn.ro 100.0000.541
182 sighlent 100.0000.540
183 YouAreDelayingTheProject 100.0000.540
184 Cheddar Horsemen 100.0000.539
185 WaiVi5go 100.0000.539
186 farmingsimulator2015 100.0000.538
187 IBAS 100.0000.538
188 Bopoznpvt 100.0000.538
189 Neg9 100.0000.537
190 spam0day 100.0000.537
191 monadaUY 100.0000.536
192 Hackademia 100.0000.536
193 ACTU 100.0000.535
194 FireShell 100.0000.535
195 C007Runnings 100.0000.534
196 Etterpriz 100.0000.534
197 Cumbancha 100.0000.533
198 sw1ss 100.0000.533
199 ezwin 100.0000.533
200 kks 70.0000.398
201 OverDover 70.0000.397
202 PewPewCrew 70.0000.397
203 _PRIME_ 70.0000.397
204 Olio 60.0000.351
205 h0ax 60.0000.351
206 Pwn Leak 60.0000.351
207 0v3n_Sh3ll 50.0000.305
208 kid10 50.0000.305
209 Pwn October 50.0000.305
210 Улаанбаатар 50.0000.304
211 l0neW0lf 50.0000.304
212 mau5 50.0000.303
213 shibusawa 50.0000.303
214 No Man's Root 50.0000.303
215 CtfNT 50.0000.302
216 fantasticbeasts 50.0000.302
217 NaijaSecForce 50.0000.302
218 no_shell_no_food 50.0000.301
219 m3m0ry 50.0000.301
220 jodevsa 50.0000.301
221 2amResearch 50.0000.300
222 Allah 50.0000.300
223 [$om3T3@m] 30.0000.210
224 8bit 20.0000.165
225 Iam9r00t 20.0000.165
226 P_TE 20.0000.164
227 Team_STFU 20.0000.164
228 RootSheep 20.0000.164
229 ARGOS 20.0000.163
230 MetaMelange 20.0000.163
231 DrnglVrgs 20.0000.163
232 %00 20.0000.162
233 ustaa 20.0000.162
234 HACKING UKRAINE 20.0000.162
235 Nonsense_Exception 20.0000.161
236 javox 20.0000.161
237 cheYen 20.0000.161
238 JASB 20.0000.160
239 Team #00ff00 20.0000.160
240 NotFound 20.0000.160
241 New_bie 20.0000.160
242 Super Massive Black Full-Metal Bacon Panecakes with Apple Jam 20.0000.159
243 SHARK 20.0000.159
244 pavel 20.0000.159
245 Nullfluid 20.0000.158
246 w00t_r00t 20.0000.158
247 wr47h 20.0000.158
248 The Elite Firm 20.0000.158
249 fsociety 20.0000.157
250 CRYPTO 20.0000.157
251 joizel 20.0000.157
252 Team Shield 20.0000.157
253 hack_and_beer 20.0000.156
254 SaBerTooths 20.0000.156
255 MK 20.0000.156
256 Dracarys 20.0000.155
257 NetS3c 20.0000.155
258 Ph03nix 20.0000.155
259 Shine 20.0000.155
260 jackdaw 20.0000.154
261 BinaDarmaCyberArmy01 20.0000.154
262 NIS 20.0000.154
263 System87 20.0000.154
264 CacheCrook 20.0000.153
265 osman 20.0000.153
266 EVA 20.0000.153
267 0xdeadc0de 20.0000.153
268 ulo 20.0000.153
269 PHCN 20.0000.152
270 Chaos Legion 20.0000.152
271 OwlSecurity 20.0000.152
272 Herauld Higgins 20.0000.152
273 zarzon 20.0000.151
274 4lert(1) 20.0000.151
275 AjbiSOFT 20.0000.151
276 d4rkc0de 20.0000.151
277 1up 20.0000.150
278 kireynT 20.0000.150
279 Fuck01 20.0000.150
280 44uN 20.0000.150
281 pwn4food 20.0000.150
282 blurbdust 20.0000.149
283 somebloke 20.0000.149
284 Rootkids 20.0000.149
285 TuX 20.0000.149
286 texh0k0t 20.0000.149
287 tr0jan 20.0000.148
288 SunplaceSolutions 20.0000.148
289 lefes 20.0000.148
290 CharliebWup 20.0000.148
291 sid 20.0000.148
292 _SA 20.0000.147
293 rawsec 20.0000.147
294 syn 20.0000.147
295 Mark89-l4m3r1no 20.0000.147
296 tacohacker 20.0000.147
297 CSARedTeam 20.0000.146
298 HDC 20.0000.146
299 OPT 20.0000.146
300 mmkk22 20.0000.146
301 gruf 20.0000.146
302 0x41717561 20.0000.145
303 hm01 20.0000.145
304 Onigiri 20.0000.145
305 2O2L2H 20.0000.145
306 TJ 20.0000.145
307 Dududuck 20.0000.145
308 BK201 20.0000.144
309 wangz 20.0000.144
310 OldXpeH 20.0000.144
311 Scrypter 20.0000.144
312 WM_HOOK 20.0000.144
313 T0X1C V4P0R 20.0000.143
314 DickBoy 20.0000.143
315 mmkk222 20.0000.143
316 EpicTeam1 20.0000.143
317 CyberOps 20.0000.143
318 Wizards of OS 20.0000.143
319 R311 20.0000.142
320 ? 20.0000.142
321 LoLa 20.0000.142
322 Dystopian Narwhals 20.0000.142
323 no(r)way 20.0000.142
324 Crack_me 20.0000.142
325 pwnhack 20.0000.141
326 jsutset 20.0000.141
327 krazy 20.0000.141
328 IAM 20.0000.141
329 MhackGyver 20.0000.141
330 mnciitbhu 20.0000.141
331 0xFF 20.0000.141
332 NaruseJun 20.0000.140
333 Cyber-Ninja 20.0000.070
solarwindSept. 1, 2017, 7:40 p.m.

Dear khack40, there were no significant submission server downtime between your previous and group of 4 submits as you claim in https://pastebin.com/mzvvEzB9 .

Your last submit before traded group of flags was at
802 [2017-08-26 20:55:43] khack40 Reverse250
traded group at
974 [2017-08-27 09:44:34] khack40 Foren100

There were flags at:

20:55 21:01 21:09 21:10 21:11 21:15 21:21 21:22 21:23 21:33 21:36 21:37 21:42 21:45 21:53 21:57 21:58 22:07 22:13 22:15 22:18 22:26 22:31 22:39 22:40 22:44 22:45 22:49 22:51 22:52 22:54 22:56 23:03 23:06 23:12 23:14 23:18 23:19 23:20 23:26 23:31 23:35 23:41 23:45 23:46 00:00 00:03 00:05 00:06 00:12 00:14 00:15 00:18 00:26 00:35 00:40 00:46 01:00 01:05 01:08 01:11 01:12 01:19 01:20 01:24 01:27 01:28 01:31 01:39 01:40 01:43 01:48 01:51 01:53 02:00 02:01 02:06 02:11 02:16 02:17 02:18 02:22 02:31 02:40 02:46 02:47 02:50 02:52 02:59 03:03 03:05 03:08 03:10 03:18 03:20 03:26 03:28 03:30 03:34 03:42 03:48 03:51 03:55 03:58 04:00 04:01 04:02 04:09 04:11 04:14 04:15 04:20 04:24 04:31 04:38 04:39 04:40 04:41 04:48 04:53 05:10 05:13 05:26 05:43 05:59 06:10 06:11 06:17 06:38 06:39 06:53 07:08 07:16 07:17 07:29 07:34 07:49 07:52 07:54 08:14 08:16 08:21 08:27 08:32 08:41 08:51 08:52 08:57 09:14 09:15 09:28 09:32 09:41 09:44

> So at the end, our explanation is way more *probable* (we definitly do not need to cheat to solve those challs and even if we would never have cheated in a such visible way), but it is also *verifiable* (just check about the downtime!)

Verification above, you are lying.


PharisaeusSept. 1, 2017, 10:39 p.m.

@solarwind I'm not sure about this lack of server downtime. We constantly had problems with the scoreboard page loading, basically all the time you had to refresh it a couple of times in order to get in, so I can imagine someone giving up and stashing the flags for later, especially since they still had plenty of time to submit.

Also I know for a fact that at least two tasks had flag submission broken, according to orgs `Its laggs of cloudflare`, and it could be that all flags were affected by this issue (we had only two to submit at the time so I don't know). For sure we couldn't validate web 100 and some other task at `Aug 25, 2017, 9:32 PM CEST` and we managed to submit only about half an hour later. Maybe downtime was localized somehow due to cloudfare and only some teams experienced this?

Anyway, both @khack40 and @sec0d are teams with a long history of playing in CTFs and I can't imagine them cheating on some random noname CTF out of the blue. I also don't see why should it be necessary. There were ~4 of us playing (and by no means all the strongest ones), and yet we were still able to get pretty high.

There were also no really really hard tasks which could distinguish between a medium and a strong team (there were no statistics on number of solves for tasks so I can't be sure on this). There were some hard-guessy stuff like web200, or hard-broken ones like crypto300 but it was more about luck and not only skill so it's not a benchmark in this case. Unlike in some hardcore CTFs there was no crypto solvable only by Hellman and a couple of others, or pwn which only j00ru and a few other people could tackle etc. Basically any task could have been solved by a lot of teams, so I can totally imagine a "medium team" winning or at least getting to the top with enough manpower, dedication and a bit of luck.


solarwindSept. 4, 2017, 8:45 a.m.

There is no need of imagination, if there are facts. And facts here -- there are strong signs of cheating in submission timing, and team is caught on lying publicly about submission server downtime. In that period they are talking about other teams successfully verified flags, see above.
Explanation that Cloudflare failed for only 1 team for ~12 hours is not much better than they guessed 4 flags in 5 minutes.


leopoldinelolcatSept. 4, 2017, 11:47 a.m.

@solarwind
Facts : Our members got trouble to submit flag.
Cheating issue closed.


solarwindSept. 5, 2017, 2:11 p.m.

Please stop lying, submission server was working fine in that period.
You were asking previously to check your claim that server was down -- you got verification.


leopoldinelolcatSept. 5, 2017, 2:35 p.m.

Please stop whining.
You got fucked hard by @sec0d and @khack40 didn't share any flag.
Now, you have to accept that.


MathisHammelSept. 5, 2017, 9:45 p.m.

@solarwind you don't work in statistics, do you ?
You managed to find "significant" "proof" of cheating using 2 data points lul
(also why would khack40 cheat on a small CTF like this one ?)

Now please be sportsmanlike, it makes the game way less fun when you get cheating allegations coming from nowhere, from a team who's not even part of the organization but still managed to get the logs somehow...


solarwindSept. 5, 2017, 9:59 p.m.

Analysis above showed that you & sec0d cheated, it is funny to see how you are switching to insults from lengthy posts with fake excuses when got caught on lying.


leopoldinelolcatSept. 6, 2017, 8:30 a.m.

@solarwind, you already got too much attention for your cheating allegation.
Your analysis above just prove that during 2017-08-26 20:55:43 to 2017-08-27 09:44:34 some teams validated flag.
It don't prove that platform got 100% uptime.
You got response from orgs.
You got response from sec0d.
And you got response from us.
I repeat one more time, during that 12 hours (we were sleeping first of all), then we found 4 flags and we got submission trouble.
Is it our internet connection ? Is it platform downtime ? Is it like the scoreboard page loading issue ? I don't know and I don't care.
Deal with that because you won't get another response.