Fri, 25 Aug. 2017, 14:00 UTC — Sun, 27 Aug. 2017, 14:00 UTC 

On-line

H4ckIT CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.com.ua/

This event's weight is subject of public voting!

Future weight: 16.78 

Rating weight: 16.78 

Event organizers 


HackIT CTF is 48h Capture the Flag Jeopardy competition organised by international cybersecurity forum HackIT happening in Kharkov, Ukraine, on 23rd of September.

Format: online, jeopardy, team-based
Categories: Web, Misc, Joy, Crypto, PWN, Reverse, Forensics, Stego
Contact (E-mail): ctf@hackit-ukraine.com
Contact (Telegram): @hackitctf

Prizes

- Top 3 teams(up to 5 participants per team) will be invited to the Bug Hunting Marathon HackIT Cup (https://hackit.ua/hackit-cup/), full accommodation & flights reimbursement

- Free tickets for HackIT-2017 to the finalists (10 teams, up to 5 participants per team)

Scoreboard

333 teams total

PlaceTeamCTF pointsRating points
1 sec0d 3770.00033.560
2 dcua 3490.00023.924
3 ASIS 3410.00020.771
4 p4 3220.00018.527
5 ALLES! 3000.00016.709
6 InfoSect 2450.00013.701
7 bunlisugeo 2160.00012.011
8 Rule110 1870.00010.421
9 h2x 1860.00010.143
10 WildWest 1850.0009.912
11 Shadow Servants 1700.0009.092
12 ShellWarp 1665.0008.809
13 Limpopo 1600.0008.412
14 Bushwhackers 1570.0008.187
15 khack40 1570.0008.107
16 FWHIBBIT 1560.0007.992
17 Epic Leet Team 1550.0007.886
18 Legion of Dumb 1550.0007.831
19 Samurai 1520.0007.649
20 1064CBread 1500.0007.515
21 0x90r00t 1400.0007.030
22 Hackinground 1360.0006.816
23 The Northern Coalition 1270.0006.382
24 he0Haexe 1250.0006.263
25 PKTeam 1120.0005.656
26 TeamRocketIst 1100.0005.541
27 Balsn 1070.0005.384
28 EgFr33ks 1060.0005.317
29 JohnDoe 1020.0005.119
30 InSecurity 1010.0005.055
31 TheGoonies 950.0004.770
32 SiBears 870.0004.397
33 Security First 830.0004.203
34 OpenToAll 820.0004.143
35 Beers4Flags 800.0004.040
36 UiO-CTF 800.0004.027
37 BabyPhD 800.0004.014
38 Harekaze 750.0003.780
39 googlesenduspixel 720.0003.635
40 1701 720.0003.624
41 LC 720.0003.614
42 Bono_iPad 700.0003.515
43 318br 700.0003.506
44 Hacknam Style 670.0003.363
45 kyb 670.0003.355
46 .elite 670.0003.347
47 guatitasec 670.0003.339
48 DirtySocks 650.0003.243
49 0xD13A 620.0003.102
50 ETPwnHome 620.0003.095
51 JBZ 610.0003.044
52 dfnd 570.0002.860
53 Netwerkers 560.0002.809
54 Eierlegende Wollmilchsau 550.0002.759
55 badfirmware 550.0002.753
56 HackingForSoju 500.0002.525
57 Netcat.us 500.0002.520
58 saarsec 470.0002.381
59 Pwnium 470.0002.376
60 Plaid Parliament of Pwning 470.0002.372
61 Batman's Kitchen 470.0002.367
62 League of Extraordinarily Backward Engineers 470.0002.363
63 DreamSec 460.0002.314
64 brucel33t 450.0002.265
65 LHC_[LondrinaHackerClub] 450.0002.261
66 Overwatch 450.0002.257
67 b0tch_sec 450.0002.253
68 Hypertext Markup Protocol 450.0002.250
69 pas0k 450.0002.246
70 ISITDTU 450.0002.243
71 NASA Rejects 450.0002.239
72 c@fi.sh 450.0002.236
73 numidians 420.0002.099
74 Cache_Crook 420.0002.096
75 Sudo_root 400.0002.004
76 ManceRadare2 400.0002.001
77 Boyd301 400.0001.998
78 n00bs 370.0001.862
79 xSTF 370.0001.859
80 gtpp 370.0001.857
81 Team Lost 370.0001.854
82 True0xA3 370.0001.851
83 slot0 350.0001.760
84 Vidar 350.0001.758
85 Aggressive Cake 350.0001.755
86 Thomas 350.0001.753
87 asd 350.0001.751
88 urchin 320.0001.615
89 b1n4ry4rms 320.0001.613
90 ZenHack 320.0001.611
91 warpzone 310.0001.564
92 Boilers_2017 310.0001.562
93 lol 300.0001.516
94 Гренки 300.0001.514
95 n0obz 300.0001.512
96 RandomLuckers 300.0001.510
97 Camelot 270.0001.375
98 gTessierCrashpool 270.0001.373
99 w4rum 270.0001.371
100 M57 270.0001.370
101 o0o 270.0001.368
102 Console Cowboys 270.0001.366
103 CTD Elite 270.0001.365
104 Snatch The Root 270.0001.363
105 b01lers 250.0001.273
106 Fox-Hound 250.0001.271
107 pseudorandom 250.0001.270
108 DC416 250.0001.268
109 RATF{Rage Against The Flag} 250.0001.267
110 K17 250.0001.265
111 Dubna48k 250.0001.264
112 Hackthissite 250.0001.263
113 acdwas 220.0001.128
114 Just Hit the Core 220.0001.126
115 BE4HOXVII 220.0001.125
116 dRem 220.0001.124
117 EB FE 220.0001.123
118 Honeypot 220.0001.121
119 ju_ 220.0001.120
120 PrzyczlapyOdGulgulatora 220.0001.119
121 noraneco 220.0001.118
122 Turla Tech Support 200.0001.028
123 Antichat 200.0001.027
124 Pandemic 200.0001.026
125 System 200.0001.024
126 TechSec 200.0001.023
127 ImmortalPony 200.0001.022
128 raczman 200.0001.021
129 lelivic 200.0001.020
130 DaNangDragon 200.0001.019
131 ReptileSecretAgents 200.0001.018
132 TeamCC 200.0001.017
133 Epa 200.0001.016
134 8710*IQ 200.0001.015
135 MV9rwGOf08 170.0000.881
136 Neutrino_Cannon 170.0000.880
137 CSI 170.0000.879
138 Pain au chocolat 170.0000.878
139 xSTORMx 170.0000.877
140 Alcaline 170.0000.877
141 dc562 170.0000.876
142 bolgia4 170.0000.875
143 psut_test 170.0000.874
144 GDB runners 170.0000.873
145 Johnny 160.0000.828
146 pesiki 150.0000.783
147 M.O.K 150.0000.782
148 dodododo 150.0000.781
149 krkodile 150.0000.780
150 Terence 150.0000.780
151 sktters 150.0000.779
152 dima_sql 150.0000.778
153 n4rv4l0 150.0000.777
154 playerone 150.0000.777
155 Tr0janH0rs3 150.0000.776
156 AzureTeam 150.0000.775
157 kNN 150.0000.775
158 Espacio 120.0000.640
159 DZ_Shadows 120.0000.640
160 bibi 120.0000.639
161 QTH 120.0000.638
162 noteamactually 120.0000.638
163 horosora 120.0000.637
164 flyingpig 120.0000.636
165 bit_warriors 120.0000.636
166 R38007 120.0000.635
167 alert(1); 120.0000.635
168 Zionspike 120.0000.634
169 UglyFlowers 120.0000.633
170 da_pwnyes 110.0000.588
171 Samsung R&D PL 100.0000.543
172 YoungPwnawans 100.0000.543
173 BootCampNSA 100.0000.542
174 slenderestman 100.0000.542
175 alanlei 100.0000.541
176 PepoThinkers 100.0000.540
177 Dual 100.0000.540
178 Paskell 100.0000.539
179 Kernelsanders 100.0000.539
180 the e-LEMON-ators 100.0000.538
181 pwn.ro 100.0000.538
182 sighlent 100.0000.537
183 YouAreDelayingTheProject 100.0000.537
184 Cheddar Horsemen 100.0000.536
185 WaiVi5go 100.0000.536
186 farmingsimulator2015 100.0000.535
187 IBAS 100.0000.535
188 Bopoznpvt 100.0000.534
189 Neg9 100.0000.534
190 spam0day 100.0000.533
191 monadaUY 100.0000.533
192 Hackademia 100.0000.532
193 ACTU 100.0000.532
194 FireShell­ 100.0000.532
195 C007Runnings 100.0000.531
196 Etterpriz 100.0000.531
197 Cumbancha 100.0000.530
198 sw1ss 100.0000.530
199 ezwin 100.0000.529
200 wund3rw4ffl3_team 70.0000.395
201 OverDover 70.0000.395
202 PewPewCrew 70.0000.395
203 _PRIME_ 70.0000.394
204 Olio 60.0000.349
205 h0ax 60.0000.349
206 Pwn Leak 60.0000.349
207 0v3n_Sh3ll 50.0000.304
208 kid10 50.0000.303
209 Kole and Associates 50.0000.303
210 Улаанбаатар 50.0000.302
211 l0neW0lf 50.0000.302
212 mau5 50.0000.302
213 shibusawa 50.0000.301
214 NoMansRoot 50.0000.301
215 CtfNT 50.0000.301
216 fantasticbeasts 50.0000.300
217 NaijaSecForce 50.0000.300
218 no_shell_no_food 50.0000.300
219 m3m0ry 50.0000.299
220 jodevsa 50.0000.299
221 2amResearch 50.0000.298
222 Allah 50.0000.298
223 [$om3T3@m] 30.0000.209
224 8bit 20.0000.164
225 Iam9r00t 20.0000.164
226 P_TE 20.0000.163
227 Team_STFU 20.0000.163
228 RootSheep 20.0000.163
229 ARGOS 20.0000.162
230 MetaMelange 20.0000.162
231 DrnglVrgs 20.0000.162
232 %00 20.0000.161
233 ustaa 20.0000.161
234 HACKING UKRAINE 20.0000.161
235 Nonsense_Exception 20.0000.160
236 javox 20.0000.160
237 cheYen 20.0000.160
238 JASB 20.0000.160
239 Team #00ff00 20.0000.159
240 NotFound 20.0000.159
241 New_bie 20.0000.159
242 Super Massive Black Full-Metal Bacon Panecakes with Apple Jam 20.0000.158
243 SHARK 20.0000.158
244 pavel 20.0000.158
245 Nullfluid 20.0000.158
246 w00t_r00t 20.0000.157
247 wr47h 20.0000.157
248 The Elite Firm 20.0000.157
249 fsociety 20.0000.156
250 CRYPTO 20.0000.156
251 joizel 20.0000.156
252 Team Shield 20.0000.156
253 hack_and_beer 20.0000.155
254 SaBerTooths 20.0000.155
255 MK 20.0000.155
256 Dracarys 20.0000.155
257 NetS3c 20.0000.154
258 Ph03nix 20.0000.154
259 Shine 20.0000.154
260 jackdaw 20.0000.154
261 BinaDarmaCyberArmy01 20.0000.153
262 NIS 20.0000.153
263 ktecv2000 20.0000.153
264 CacheCrook 20.0000.153
265 osman 20.0000.152
266 Eva 20.0000.152
267 0xdeadc0de 20.0000.152
268 ulo 20.0000.152
269 PHCN 20.0000.151
270 Chaos Legion 20.0000.151
271 OwlSecurity 20.0000.151
272 Herauld Higgins 20.0000.151
273 zarzon 20.0000.150
274 4lert(1) 20.0000.150
275 AjbiSOFT 20.0000.150
276 d4rkc0de 20.0000.150
277 1up 20.0000.150
278 kireynT 20.0000.149
279 Fuck01 20.0000.149
280 44uN 20.0000.149
281 pwn4food 20.0000.149
282 blurbdust 20.0000.149
283 somebloke 20.0000.148
284 Rootkids 20.0000.148
285 TuX 20.0000.148
286 texh0k0t 20.0000.148
287 tr0jan 20.0000.147
288 SunplaceSolutions 20.0000.147
289 lefes 20.0000.147
290 CharliebWup 20.0000.147
291 sid 20.0000.147
292 _SA 20.0000.146
293 rawsec 20.0000.146
294 syn 20.0000.146
295 Mark89-l4m3r1no 20.0000.146
296 tacohacker 20.0000.146
297 CSARedTeam 20.0000.146
298 HDC 20.0000.145
299 OPT 20.0000.145
300 mmkk22 20.0000.145
301 gruf 20.0000.145
302 0x41717561 20.0000.145
303 hm01 20.0000.144
304 Onigiri 20.0000.144
305 2O2L2H 20.0000.144
306 TJ 20.0000.144
307 Dududuck 20.0000.144
308 BK201 20.0000.143
309 wangz 20.0000.143
310 OldXpeH 20.0000.143
311 Scrypter 20.0000.143
312 WM_HOOK 20.0000.143
313 T0X1C V4P0R 20.0000.143
314 DickBoy 20.0000.142
315 mmkk222 20.0000.142
316 EpicTeam1 20.0000.142
317 CyberOps 20.0000.142
318 Wizards of OS 20.0000.142
319 R311 20.0000.142
320 ? 20.0000.141
321 LoLa 20.0000.141
322 Dystopian Narwhals 20.0000.141
323 no(r)way 20.0000.141
324 Cracksec 20.0000.141
325 pwnhack 20.0000.141
326 jsutset 20.0000.140
327 krazy 20.0000.140
328 IAM 20.0000.140
329 MhackGyver 20.0000.140
330 mnciitbhu 20.0000.140
331 0xFF 20.0000.140
332 NaruseJun 20.0000.140
333 Cyber-Ninja 20.0000.070
solarwind – Sept. 1, 2017, 7:40 p.m.

Dear khack40, there were no significant submission server downtime between your previous and group of 4 submits as you claim in https://pastebin.com/mzvvEzB9 .

Your last submit before traded group of flags was at
802 [2017-08-26 20:55:43] khack40 Reverse250
traded group at
974 [2017-08-27 09:44:34] khack40 Foren100

There were flags at:

20:55 21:01 21:09 21:10 21:11 21:15 21:21 21:22 21:23 21:33 21:36 21:37 21:42 21:45 21:53 21:57 21:58 22:07 22:13 22:15 22:18 22:26 22:31 22:39 22:40 22:44 22:45 22:49 22:51 22:52 22:54 22:56 23:03 23:06 23:12 23:14 23:18 23:19 23:20 23:26 23:31 23:35 23:41 23:45 23:46 00:00 00:03 00:05 00:06 00:12 00:14 00:15 00:18 00:26 00:35 00:40 00:46 01:00 01:05 01:08 01:11 01:12 01:19 01:20 01:24 01:27 01:28 01:31 01:39 01:40 01:43 01:48 01:51 01:53 02:00 02:01 02:06 02:11 02:16 02:17 02:18 02:22 02:31 02:40 02:46 02:47 02:50 02:52 02:59 03:03 03:05 03:08 03:10 03:18 03:20 03:26 03:28 03:30 03:34 03:42 03:48 03:51 03:55 03:58 04:00 04:01 04:02 04:09 04:11 04:14 04:15 04:20 04:24 04:31 04:38 04:39 04:40 04:41 04:48 04:53 05:10 05:13 05:26 05:43 05:59 06:10 06:11 06:17 06:38 06:39 06:53 07:08 07:16 07:17 07:29 07:34 07:49 07:52 07:54 08:14 08:16 08:21 08:27 08:32 08:41 08:51 08:52 08:57 09:14 09:15 09:28 09:32 09:41 09:44

> So at the end, our explanation is way more *probable* (we definitly do not need to cheat to solve those challs and even if we would never have cheated in a such visible way), but it is also *verifiable* (just check about the downtime!)

Verification above, you are lying.


Pharisaeus – Sept. 1, 2017, 10:39 p.m.

@solarwind I'm not sure about this lack of server downtime. We constantly had problems with the scoreboard page loading, basically all the time you had to refresh it a couple of times in order to get in, so I can imagine someone giving up and stashing the flags for later, especially since they still had plenty of time to submit.

Also I know for a fact that at least two tasks had flag submission broken, according to orgs `Its laggs of cloudflare`, and it could be that all flags were affected by this issue (we had only two to submit at the time so I don't know). For sure we couldn't validate web 100 and some other task at `Aug 25, 2017, 9:32 PM CEST` and we managed to submit only about half an hour later. Maybe downtime was localized somehow due to cloudfare and only some teams experienced this?

Anyway, both @khack40 and @sec0d are teams with a long history of playing in CTFs and I can't imagine them cheating on some random noname CTF out of the blue. I also don't see why should it be necessary. There were ~4 of us playing (and by no means all the strongest ones), and yet we were still able to get pretty high.

There were also no really really hard tasks which could distinguish between a medium and a strong team (there were no statistics on number of solves for tasks so I can't be sure on this). There were some hard-guessy stuff like web200, or hard-broken ones like crypto300 but it was more about luck and not only skill so it's not a benchmark in this case. Unlike in some hardcore CTFs there was no crypto solvable only by Hellman and a couple of others, or pwn which only j00ru and a few other people could tackle etc. Basically any task could have been solved by a lot of teams, so I can totally imagine a "medium team" winning or at least getting to the top with enough manpower, dedication and a bit of luck.


solarwind – Sept. 4, 2017, 8:45 a.m.

There is no need of imagination, if there are facts. And facts here -- there are strong signs of cheating in submission timing, and team is caught on lying publicly about submission server downtime. In that period they are talking about other teams successfully verified flags, see above.
Explanation that Cloudflare failed for only 1 team for ~12 hours is not much better than they guessed 4 flags in 5 minutes.


leopoldine.lolcat – Sept. 4, 2017, 11:47 a.m.

@solarwind
Facts : Our members got trouble to submit flag.
Cheating issue closed.


solarwind – Sept. 5, 2017, 2:11 p.m.

Please stop lying, submission server was working fine in that period.
You were asking previously to check your claim that server was down -- you got verification.


leopoldine.lolcat – Sept. 5, 2017, 2:35 p.m.

Please stop whining.
You got fucked hard by @sec0d and @khack40 didn't share any flag.
Now, you have to accept that.


kara71 – Sept. 5, 2017, 9:45 p.m.

@solarwind you don't work in statistics, do you ?
You managed to find "significant" "proof" of cheating using 2 data points lul
(also why would khack40 cheat on a small CTF like this one ?)

Now please be sportsmanlike, it makes the game way less fun when you get cheating allegations coming from nowhere, from a team who's not even part of the organization but still managed to get the logs somehow...


solarwind – Sept. 5, 2017, 9:59 p.m.

Analysis above showed that you & sec0d cheated, it is funny to see how you are switching to insults from lengthy posts with fake excuses when got caught on lying.


leopoldine.lolcat – Sept. 6, 2017, 8:30 a.m.

@solarwind, you already got too much attention for your cheating allegation.
Your analysis above just prove that during 2017-08-26 20:55:43 to 2017-08-27 09:44:34 some teams validated flag.
It don't prove that platform got 100% uptime.
You got response from orgs.
You got response from sec0d.
And you got response from us.
I repeat one more time, during that 12 hours (we were sleeping first of all), then we found 4 flags and we got submission trouble.
Is it our internet connection ? Is it platform downtime ? Is it like the scoreboard page loading issue ? I don't know and I don't care.
Deal with that because you won't get another response.