Fri, 25 Aug. 2017, 14:00 UTC — Sun, 27 Aug. 2017, 14:00 UTC 

On-line

H4ckIT CTF event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.com.ua/

This event's weight is subject of public voting!

Future weight: 16.33 

Rating weight: 16.33 

Event organizers 


HackIT CTF is 48h Capture the Flag Jeopardy competition organised by international cybersecurity forum HackIT happening in Kharkov, Ukraine, on 23rd of September.

Format: online, jeopardy, team-based
Categories: Web, Misc, Joy, Crypto, PWN, Reverse, Forensics, Stego
Contact (E-mail): ctf@hackit-ukraine.com
Contact (Telegram): @hackitctf

Prizes

- Top 3 teams(up to 5 participants per team) will be invited to the Bug Hunting Marathon HackIT Cup (https://hackit.ua/hackit-cup/), full accommodation & flights reimbursement

- Free tickets for HackIT-2017 to the finalists (10 teams, up to 5 participants per team)

Scoreboard

333 teams total

PlaceTeamCTF pointsRating points
1 sec0d 3770.00032.660
2 dcua 3490.00023.282
3 ASIS 3410.00020.214
4 p4 3220.00018.030
5 ALLES! 3000.00016.261
6 InfoSect 2450.00013.334
7 bunlisugeo 2160.00011.689
8 Rule110 1870.00010.141
9 HackXore 1860.0009.871
10 WildWest 1850.0009.646
11 Shadow Servants 1700.0008.848
12 ShellWarp 1665.0008.573
13 Limpopo 1600.0008.187
14 Bushwhackers 1570.0007.967
15 khack40 1570.0007.889
16 FWHIBBIT 1560.0007.778
17 Epic Leet Team 1550.0007.675
18 Legion of Dumb 1550.0007.621
19 Samurai 1520.0007.443
20 1064CBread 1500.0007.314
21 0x90r00t 1400.0006.842
22 Hackinground 1360.0006.633
23 The Northern Coalition 1270.0006.211
24 he0Haexe 1250.0006.095
25 PKTeam 1120.0005.505
26 TeamRocketIst 1100.0005.393
27 Balsn 1070.0005.240
28 EgFr33ks 1060.0005.175
29 JohnDoe 1020.0004.981
30 InSecurity 1010.0004.919
31 TheGoonies 950.0004.642
32 SiBears 870.0004.279
33 Security First 830.0004.090
34 OpenToAll 820.0004.032
35 Beers4Flags 800.0003.932
36 UiO-CTF 800.0003.919
37 BabyPhD 800.0003.907
38 Harekaze 750.0003.678
39 googlesenduspixel 720.0003.537
40 1701 720.0003.527
41 LC 720.0003.517
42 Bono_iPad 700.0003.421
43 318br 700.0003.412
44 Hacknam Style 670.0003.273
45 kyb 670.0003.265
46 .elite 670.0003.257
47 guatitasec 670.0003.250
48 DirtySocks 650.0003.156
49 0xD13A 620.0003.019
50 ETPwnHome 620.0003.012
51 JBZ 610.0002.962
52 dfnd 570.0002.783
53 Netwerkers 560.0002.734
54 Eierlegende Wollmilchsau 550.0002.685
55 badfirmware 550.0002.679
56 HackingForSoju 500.0002.457
57 Netcat.us 500.0002.452
58 saarsec 470.0002.317
59 Pwnium 470.0002.313
60 Plaid Parliament of Pwning 470.0002.308
61 Batman's Kitchen 470.0002.304
62 League of Extraordinarily Backward Engineers 470.0002.299
63 DreamSec 460.0002.252
64 brucel33t 450.0002.204
65 LHC_[LondrinaHackerClub] 450.0002.200
66 Overwatch 450.0002.197
67 b0tch_sec 450.0002.193
68 Hypertext Markup Protocol 450.0002.189
69 pas0k 450.0002.186
70 ISITDTU 450.0002.182
71 NASA Rejects 450.0002.179
72 c@fi.sh 450.0002.176
73 numidians 420.0002.043
74 Cache_Crook 420.0002.040
75 Sudo_root 400.0001.950
76 ManceRadare2 400.0001.947
77 Boyd301 400.0001.945
78 n00bs 370.0001.812
79 xSTF 370.0001.809
80 gtpp 370.0001.807
81 Team Lost 370.0001.804
82 True0xA3 370.0001.802
83 slot0 350.0001.713
84 Vidar 350.0001.710
85 Aggressive Cake 350.0001.708
86 Thomas 350.0001.706
87 asd 350.0001.704
88 urchin 320.0001.572
89 b1n4ry4rms 320.0001.570
90 ZenHack 320.0001.568
91 warpzone 310.0001.522
92 Boilers_2017 310.0001.520
93 lol 300.0001.475
94 Гренки 300.0001.473
95 n0obz 300.0001.471
96 RandomLuckers 300.0001.470
97 Camelot 270.0001.338
98 gTessierCrashpool 270.0001.336
99 w4rum 270.0001.334
100 M57 270.0001.333
101 o0o 270.0001.331
102 Console Cowboys 270.0001.330
103 CTD Elite 270.0001.328
104 Snatch The Root 270.0001.327
105 b01lers 250.0001.238
106 Fox-Hound 250.0001.237
107 pseudorandom 250.0001.236
108 DC416 250.0001.234
109 RATF{Rage Against The Flag} 250.0001.233
110 K17 250.0001.231
111 Dubna48k 250.0001.230
112 Hackthissite 250.0001.229
113 acdwas 220.0001.097
114 Just Hit the Core 220.0001.096
115 BE4HOXVII 220.0001.095
116 dRem 220.0001.094
117 EB FE 220.0001.093
118 Honeypot 220.0001.091
119 ju_ 220.0001.090
120 PrzyczlapyOdGulgulatora 220.0001.089
121 noraneco 220.0001.088
122 Turla Tech Support 200.0001.000
123 Antichat 200.0000.999
124 Pandemic 200.0000.998
125 x0r19x91 200.0000.997
126 TechSec 200.0000.996
127 ImmortalPony 200.0000.995
128 raczman 200.0000.994
129 lelivic 200.0000.993
130 DaNangDragon 200.0000.992
131 ReptileSecretAgents 200.0000.991
132 TeamCC 200.0000.990
133 Epa 200.0000.989
134 8710*IQ 200.0000.988
135 MV9rwGOf08 170.0000.857
136 Neutrino_Cannon 170.0000.856
137 CSI 170.0000.856
138 Pain au chocolat 170.0000.855
139 xSTORMx 170.0000.854
140 Alcaline 170.0000.853
141 dc562 170.0000.852
142 bolgia4 170.0000.851
143 psut_test 170.0000.851
144 GDB runners 170.0000.850
145 Johnny 160.0000.806
146 pesiki 150.0000.762
147 M.O.K 150.0000.761
148 dodododo 150.0000.760
149 krkodile 150.0000.759
150 Terence 150.0000.759
151 sktters 150.0000.758
152 dima_sql 150.0000.757
153 n4rv4l0 150.0000.756
154 playerone 150.0000.756
155 Tr0janH0rs3 150.0000.755
156 AzureTeam 150.0000.754
157 kNN 150.0000.754
158 Espacio 120.0000.623
159 DZ_Shadows 120.0000.622
160 bibi 120.0000.622
161 QTH 120.0000.621
162 noteamactually 120.0000.621
163 horosora 120.0000.620
164 flyingpig 120.0000.619
165 bit_warriors 120.0000.619
166 R38007 120.0000.618
167 alert(1); 120.0000.618
168 Zionspike 120.0000.617
169 UglyFlowers 120.0000.616
170 da_pwnyes 110.0000.573
171 Samsung R&D PL 100.0000.529
172 YoungPwnawans 100.0000.528
173 BootCampNSA 100.0000.528
174 slenderestman 100.0000.527
175 alanlei 100.0000.526
176 PepoThinkers 100.0000.526
177 Dual 100.0000.525
178 Paskell 100.0000.525
179 Kernelsanders 100.0000.524
180 the e-LEMON-ators 100.0000.524
181 pwn.ro 100.0000.523
182 sighlent 100.0000.523
183 YouAreDelayingTheProject 100.0000.522
184 Cheddar Horsemen 100.0000.522
185 WaiVi5go 100.0000.521
186 farmingsimulator2015 100.0000.521
187 IBAS 100.0000.520
188 Bopoznpvt 100.0000.520
189 Neg9 100.0000.520
190 spam0day 100.0000.519
191 monadaUY 100.0000.519
192 Hackademia 100.0000.518
193 ACTU 100.0000.518
194 FireShell­ 100.0000.517
195 C007Runnings 100.0000.517
196 Etterpriz 100.0000.516
197 Cumbancha 100.0000.516
198 sw1ss 100.0000.516
199 ezwin 100.0000.515
200 wund3rw4ffl3_team 70.0000.385
201 OverDover 70.0000.384
202 PewPewCrew 70.0000.384
203 _PRIME_ 70.0000.384
204 Olio 60.0000.340
205 h0ax 60.0000.340
206 Pwn Leak 60.0000.339
207 0v3n_Sh3ll 50.0000.295
208 kid10 50.0000.295
209 Kole and Associates 50.0000.295
210 Ds3c 50.0000.294
211 l0neW0lf 50.0000.294
212 mau5 50.0000.294
213 shibusawa 50.0000.293
214 NoMansRoot 50.0000.293
215 CtfNT 50.0000.293
216 fantasticbeasts 50.0000.292
217 NaijaSecForce 50.0000.292
218 no_shell_no_food 50.0000.291
219 m3m0ry 50.0000.291
220 jodevsa 50.0000.291
221 2amResearch 50.0000.290
222 Allah 50.0000.290
223 [$om3T3@m] 30.0000.203
224 8bit 20.0000.160
225 Iam9r00t 20.0000.159
226 P_TE 20.0000.159
227 Team_STFU 20.0000.159
228 RootSheep 20.0000.158
229 ARGOS 20.0000.158
230 MetaMelange 20.0000.158
231 DrnglVrgs 20.0000.157
232 %00 20.0000.157
233 ustaa 20.0000.157
234 HACKING UKRAINE 20.0000.156
235 Nonsense_Exception 20.0000.156
236 javox 20.0000.156
237 cheYen 20.0000.156
238 JASB 20.0000.155
239 Team #00ff00 20.0000.155
240 NotFound 20.0000.155
241 New_bie 20.0000.154
242 Super Massive Black Full-Metal Bacon Panecakes with Apple Jam 20.0000.154
243 SHARK 20.0000.154
244 pavel 20.0000.154
245 Nullfluid 20.0000.153
246 w00t_r00t 20.0000.153
247 coder101 20.0000.153
248 The Elite Firm 20.0000.152
249 fsociety 20.0000.152
250 CRYPTO 20.0000.152
251 joizel 20.0000.152
252 Team Shield 20.0000.151
253 hack_and_beer 20.0000.151
254 SaBerTooths 20.0000.151
255 MK 20.0000.151
256 Dracarys 20.0000.150
257 NetS3c 20.0000.150
258 Ph03nix 20.0000.150
259 Shine 20.0000.150
260 jackdaw 20.0000.149
261 BinaDarmaCyberArmy01 20.0000.149
262 NIS 20.0000.149
263 ktecv2000 20.0000.149
264 CacheCrook 20.0000.148
265 osman 20.0000.148
266 Eva 20.0000.148
267 0xdeadc0de 20.0000.148
268 ulo 20.0000.148
269 PHCN 20.0000.147
270 Chaos Legion 20.0000.147
271 OwlSecurity 20.0000.147
272 Herauld Higgins 20.0000.147
273 zarzon 20.0000.146
274 4lert(1) 20.0000.146
275 AjbiSOFT 20.0000.146
276 d4rkc0de 20.0000.146
277 1up 20.0000.146
278 kireynT 20.0000.145
279 Fuck01 20.0000.145
280 44uN 20.0000.145
281 pwn4food 20.0000.145
282 blurbdust 20.0000.145
283 somebloke 20.0000.144
284 Rootkids 20.0000.144
285 TuX 20.0000.144
286 texh0k0t 20.0000.144
287 tr0jan 20.0000.144
288 SunplaceSolutions 20.0000.143
289 lefes 20.0000.143
290 CharliebWup 20.0000.143
291 sid 20.0000.143
292 _SA 20.0000.143
293 rawsec 20.0000.142
294 syn 20.0000.142
295 Mark89-l4m3r1no 20.0000.142
296 tacohacker 20.0000.142
297 CSARedTeam 20.0000.142
298 HDC 20.0000.141
299 OPT 20.0000.141
300 mmkk22 20.0000.141
301 gruf 20.0000.141
302 0x41717561 20.0000.141
303 hm01 20.0000.141
304 Onigiri 20.0000.140
305 2O2L2H 20.0000.140
306 TJ 20.0000.140
307 Dududuck 20.0000.140
308 BK201 20.0000.140
309 wangz 20.0000.139
310 OldXpeH 20.0000.139
311 Scrypter 20.0000.139
312 WM_HOOK 20.0000.139
313 T0X1C V4P0R 20.0000.139
314 DickBoy 20.0000.139
315 mmkk222 20.0000.138
316 EpicTeam1 20.0000.138
317 CyberOps 20.0000.138
318 Wizards of OS 20.0000.138
319 R311 20.0000.138
320 ? 20.0000.138
321 LoLa 20.0000.138
322 Dystopian Narwhals 20.0000.137
323 no(r)way 20.0000.137
324 Cracksec 20.0000.137
325 pwnhack 20.0000.137
326 jsutset 20.0000.137
327 krazy 20.0000.137
328 IAM 20.0000.136
329 MhackGyver 20.0000.136
330 mnciitbhu 20.0000.136
331 0xFF 20.0000.136
332 NaruseJun 20.0000.136
333 Cyber-Ninja 20.0000.068
solarwind – Sept. 1, 2017, 7:40 p.m.

Dear khack40, there were no significant submission server downtime between your previous and group of 4 submits as you claim in https://pastebin.com/mzvvEzB9 .

Your last submit before traded group of flags was at
802 [2017-08-26 20:55:43] khack40 Reverse250
traded group at
974 [2017-08-27 09:44:34] khack40 Foren100

There were flags at:

20:55 21:01 21:09 21:10 21:11 21:15 21:21 21:22 21:23 21:33 21:36 21:37 21:42 21:45 21:53 21:57 21:58 22:07 22:13 22:15 22:18 22:26 22:31 22:39 22:40 22:44 22:45 22:49 22:51 22:52 22:54 22:56 23:03 23:06 23:12 23:14 23:18 23:19 23:20 23:26 23:31 23:35 23:41 23:45 23:46 00:00 00:03 00:05 00:06 00:12 00:14 00:15 00:18 00:26 00:35 00:40 00:46 01:00 01:05 01:08 01:11 01:12 01:19 01:20 01:24 01:27 01:28 01:31 01:39 01:40 01:43 01:48 01:51 01:53 02:00 02:01 02:06 02:11 02:16 02:17 02:18 02:22 02:31 02:40 02:46 02:47 02:50 02:52 02:59 03:03 03:05 03:08 03:10 03:18 03:20 03:26 03:28 03:30 03:34 03:42 03:48 03:51 03:55 03:58 04:00 04:01 04:02 04:09 04:11 04:14 04:15 04:20 04:24 04:31 04:38 04:39 04:40 04:41 04:48 04:53 05:10 05:13 05:26 05:43 05:59 06:10 06:11 06:17 06:38 06:39 06:53 07:08 07:16 07:17 07:29 07:34 07:49 07:52 07:54 08:14 08:16 08:21 08:27 08:32 08:41 08:51 08:52 08:57 09:14 09:15 09:28 09:32 09:41 09:44

> So at the end, our explanation is way more *probable* (we definitly do not need to cheat to solve those challs and even if we would never have cheated in a such visible way), but it is also *verifiable* (just check about the downtime!)

Verification above, you are lying.


Pharisaeus – Sept. 1, 2017, 10:39 p.m.

@solarwind I'm not sure about this lack of server downtime. We constantly had problems with the scoreboard page loading, basically all the time you had to refresh it a couple of times in order to get in, so I can imagine someone giving up and stashing the flags for later, especially since they still had plenty of time to submit.

Also I know for a fact that at least two tasks had flag submission broken, according to orgs `Its laggs of cloudflare`, and it could be that all flags were affected by this issue (we had only two to submit at the time so I don't know). For sure we couldn't validate web 100 and some other task at `Aug 25, 2017, 9:32 PM CEST` and we managed to submit only about half an hour later. Maybe downtime was localized somehow due to cloudfare and only some teams experienced this?

Anyway, both @khack40 and @sec0d are teams with a long history of playing in CTFs and I can't imagine them cheating on some random noname CTF out of the blue. I also don't see why should it be necessary. There were ~4 of us playing (and by no means all the strongest ones), and yet we were still able to get pretty high.

There were also no really really hard tasks which could distinguish between a medium and a strong team (there were no statistics on number of solves for tasks so I can't be sure on this). There were some hard-guessy stuff like web200, or hard-broken ones like crypto300 but it was more about luck and not only skill so it's not a benchmark in this case. Unlike in some hardcore CTFs there was no crypto solvable only by Hellman and a couple of others, or pwn which only j00ru and a few other people could tackle etc. Basically any task could have been solved by a lot of teams, so I can totally imagine a "medium team" winning or at least getting to the top with enough manpower, dedication and a bit of luck.


solarwind – Sept. 4, 2017, 8:45 a.m.

There is no need of imagination, if there are facts. And facts here -- there are strong signs of cheating in submission timing, and team is caught on lying publicly about submission server downtime. In that period they are talking about other teams successfully verified flags, see above.
Explanation that Cloudflare failed for only 1 team for ~12 hours is not much better than they guessed 4 flags in 5 minutes.


leopoldine.lolcat – Sept. 4, 2017, 11:47 a.m.

@solarwind
Facts : Our members got trouble to submit flag.
Cheating issue closed.


solarwind – Sept. 5, 2017, 2:11 p.m.

Please stop lying, submission server was working fine in that period.
You were asking previously to check your claim that server was down -- you got verification.


leopoldine.lolcat – Sept. 5, 2017, 2:35 p.m.

Please stop whining.
You got fucked hard by @sec0d and @khack40 didn't share any flag.
Now, you have to accept that.


kara71 – Sept. 5, 2017, 9:45 p.m.

@solarwind you don't work in statistics, do you ?
You managed to find "significant" "proof" of cheating using 2 data points lul
(also why would khack40 cheat on a small CTF like this one ?)

Now please be sportsmanlike, it makes the game way less fun when you get cheating allegations coming from nowhere, from a team who's not even part of the organization but still managed to get the logs somehow...


solarwind – Sept. 5, 2017, 9:59 p.m.

Analysis above showed that you & sec0d cheated, it is funny to see how you are switching to insults from lengthy posts with fake excuses when got caught on lying.


leopoldine.lolcat – Sept. 6, 2017, 8:30 a.m.

@solarwind, you already got too much attention for your cheating allegation.
Your analysis above just prove that during 2017-08-26 20:55:43 to 2017-08-27 09:44:34 some teams validated flag.
It don't prove that platform got 100% uptime.
You got response from orgs.
You got response from sec0d.
And you got response from us.
I repeat one more time, during that 12 hours (we were sleeping first of all), then we found 4 flags and we got submission trouble.
Is it our internet connection ? Is it platform downtime ? Is it like the scoreboard page loading issue ? I don't know and I don't care.
Deal with that because you won't get another response.