Fri, 06 Oct. 2017, 14:00 UTC — Sun, 08 Oct. 2017, 14:00 UTC 

On-line

Kaspersky Industrial CTF Finals event.

Format: Jeopardy Jeopardy

Official URL: https://ctf.kaspersky.com/

This event's weight is subject of public voting!

Future weight: 19.46 

Rating weight: 19.46 

Event organizers 


The Quals will be held online and start from 6 of October (5.00 p.m. Moscow time) till 8 of October (5.00 p.m. Moscow time). The Finals will be held on 24 of October in Shanghai.
This year, the Qualifications will include the following types of tasks:
1. Web
2. Pwn
3. Crypto
4. Stegano/Forensics
5. Reverse
6. Fun

For the finals, we have prepared a stand with an Oil Refinery Factory connected to a Digital Substation. The top three teams will get a chance to hack it and get the prizes.

Prizes

Top 3 teams will be qualified to the Kaspersky Industrial CTF Finals during the GeekPwn1024 event in Shanghai, China

Scoreboard

227 teams total

PlaceTeamCTF pointsRating points
1 CyKOR 6950.00038.920
2 Eat, Sleep, Pwn, Repeat 6950.00029.190
3 TokyoWesterns 6050.00023.427
4 p4 5750.00020.965
5 LC↯BC 5650.00019.712
6 Filthy Thr33 5450.00018.503
7 Batman's Kitchen 4750.00016.080
8 SUSlo.PAS 4250.00014.333
9 ALLES! 4150.00013.782
10 Plaid Parliament of Pwning 4150.00013.566
11 SiBears 4100.00013.249
12 [Redacted] 3850.00012.402
13 Corrupted Reflection 3700.00011.857
14 [TechnoPandas] 3700.00011.750
15 Camelot 3700.00011.657
16 Antichat 3550.00011.156
17 KoreanGang 3500.00010.945
18 OH-IOwned 3450.00010.741
19 VoidHack 3150.0009.844
20 Azure Admirer Agency (AAA) 3000.0009.373
21 Tasteless 3000.0009.327
22 STT 3000.0009.285
23 Pwnium 2950.0009.106
24 Koibasta 2700.0008.371
25 BE4HOXVII 2700.0008.338
26 Tower-of-Hanoi 2700.0008.308
27 Chaitin 2600.0008.001
28 khack40 2550.0007.835
29 irGeeks 2550.0007.811
30 Snatch The Root 2550.0007.789
31 yoburek 2500.0007.628
32 Harekaze 2450.0007.468
33 JohnDoe 2450.0007.450
34 Shellphish 2100.0006.452
35 hack.ERS 2100.0006.436
36 74kbl47 2100.0006.421
37 YoungPwnawans 2050.0006.266
38 CodeRed 2000.0006.112
39 noraneco 1900.0005.819
40 PLEXeT 1850.0005.666
41 Invulnerable 1750.0005.375
42 PwnaSonic 1750.0005.363
43 Sudo_root 1750.0005.353
44 OstreKatozordy 1750.0005.342
45 Craft n' Capture 1650.0005.052
46 BHG 1600.0004.903
47 EpicTeam 1600.0004.894
48 ITCrowd 1600.0004.885
49 Limpopo 1600.0004.877
50 T1pst4r 1600.0004.869
51 zerosib 1600.0004.862
52 Hypertext Markup Protocol 1550.0004.714
53 SwissMadeSecurity 1550.0004.707
54 Honeypot 1550.0004.700
55 alex_k_polyakov 1500.0004.554
56 Kernel Sanders 1500.0004.548
57 DustDevils 1450.0004.401
58 $wag 1400.0004.256
59 0x617364 1400.0004.250
60 TechSec 1400.0004.244
61 TenDollar 1400.0004.239
62 ROIS 1400.0004.234
63 Nu1L 1400.0004.229
64 TeamRocketIst 1400.0004.224
65 badfirmware 1400.0004.219
66 randomstr 1400.0004.215
67 BreakPoint 1400.0004.210
68 0x34044 1400.0004.206
69 restless Schatzi's knights 1400.0004.202
70 Kółko Ekonomiczne Judasz 1400.0004.198
71 CatchFM 1400.0004.194
72 n0de 1400.0004.190
73 CH1ll 1350.0004.047
74 ThunderClap 1300.0003.903
75 Binary Devastation 1300.0003.899
76 opana 1300.0003.896
77 paperwhale 1250.0003.753
78 eunnie 1100.0003.329
79 CirclesOf$hell 1100.0003.326
80 zuko3d 1100.0003.323
81 jonathanj 1100.0003.320
82 ahaha 1100.0003.317
83 m1z0r3 1100.0003.314
84 vaseline valley 1100.0003.312
85 Team_STFU 1100.0003.309
86 kek 1100.0003.306
87 MTP.sky 1000.0003.024
88 Dr Testman 1000.0003.021
89 smoke leet everyday 950.0002.879
90 b1n4ry4rms 900.0002.736
91 TheGoonies 900.0002.734
92 SharLike 800.0002.452
93 Just Hit the Core 800.0002.449
94 kasia-tutej 800.0002.447
95 Ph03nix 800.0002.445
96 Hack'n roll 800.0002.443
97 potatocato 800.0002.441
98 scryptos 800.0002.439
99 mtf 800.0002.437
100 CremaIsBoring 800.0002.435
101 Top of the ROP 800.0002.433
102 Hash Slinging Hackers 800.0002.431
103 Pandemic 800.0002.429
104 Epic Leet Team 750.0002.287
105 Ethical Hackers Club 750.0002.285
106 k8tems 700.0002.144
107 team name 700.0002.142
108 SIGPWN 700.0002.140
109 DirtySocks 700.0002.139
110 bincat 600.0001.857
111 LeaveCat 600.0001.855
112 2O2L2H 600.0001.854
113 Crackchester 600.0001.852
114 n2r 600.0001.851
115 0Shi00Shi 600.0001.849
116 wha1s0s1r1us 600.0001.848
117 MhackGyver 600.0001.846
118 Securimag 600.0001.845
119 cyberwehr 600.0001.844
120 R4nd0ms 600.0001.842
121 just_Damn_it 600.0001.841
122 noTeamName 600.0001.840
123 T0X1C V4P0R 600.0001.838
124 Granny 600.0001.837
125 One Man Orchestra 600.0001.836
126 Thomas 600.0001.834
127 !stress 600.0001.833
128 Black Technology Royal 600.0001.832
129 YouAreDelayingTheProject 600.0001.831
130 一块红布 600.0001.830
131 N0V1C3 600.0001.829
132 Indie Trash Panda 600.0001.827
133 1up 600.0001.826
134 Inshall'hack 600.0001.825
135 HackingForSoju 600.0001.824
136 PackdeSys 600.0001.823
137 Bushwhackers 600.0001.822
138 SULOBAND 600.0001.821
139 DedSec 600.0001.820
140 farmingsimulator2015 600.0001.819
141 Phantom 600.0001.818
142 H4C 600.0001.817
143 Pwn Leak 600.0001.816
144 Fox-Hound 600.0001.815
145 dodododo 600.0001.814
146 Dragon Sector 500.0001.533
147 KansasCityShuffle 450.0001.392
148 HTCPCP:// 450.0001.391
149 CodeheadUK 450.0001.391
150 alexander 300.0000.970
151 LFY 300.0000.969
152 Dons Cosecant 300.0000.968
153 RGB 300.0000.967
154 asdf 300.0000.966
155 8bit 300.0000.966
156 P4dd1ng 300.0000.965
157 egy1337 300.0000.964
158 3y3 300.0000.963
159 HITSquad 300.0000.962
160 M57 300.0000.962
161 Exponential 300.0000.961
162 NIMDA 300.0000.960
163 One-Team 300.0000.959
164 MarazmTm 300.0000.959
165 vanhelsing 300.0000.958
166 UNN_Team 300.0000.957
167 I'm not Freddie Mercury 300.0000.957
168 HackXore 300.0000.956
169 Hawk Security Team 300.0000.955
170 revker 300.0000.954
171 #Thacket; 300.0000.954
172 dRem 300.0000.953
173 DoubleSigma 300.0000.952
174 TipTil 300.0000.952
175 GuidedHacking.com 300.0000.951
176 DC416 300.0000.951
177 igoryan 300.0000.950
178 yaPenetrators 300.0000.949
179 BIGBEAR_BK 300.0000.949
180 sec0d 300.0000.948
181 taurus 300.0000.948
182 GUECHAS 300.0000.947
183 HxD43v3R 300.0000.946
184 ISITDTU 300.0000.946
185 kaspersky4b 300.0000.945
186 Infinite loop 300.0000.945
187 wnv 300.0000.944
188 urchin 300.0000.944
189 SmartRobot 300.0000.943
190 mister spaghetti meatball 300.0000.942
191 DaltonBrothers 300.0000.942
192 guatitasec 300.0000.941
193 AceBear 300.0000.941
194 Netcat.us 300.0000.940
195 BITSkrieg 300.0000.940
196 pi3la 300.0000.939
197 kad 300.0000.939
198 0xFF 300.0000.938
199 o0o 300.0000.938
200 Bottomfraggers 300.0000.937
201 Bono_iPad 300.0000.937
202 beef1306 300.0000.936
203 CatFlag 300.0000.936
204 poutsateam 300.0000.935
205 mrx 300.0000.935
206 CultOfTheDeadCarrot 300.0000.934
207 NIS 300.0000.934
208 cr4x0rs 300.0000.934
209 DeliciousHorse 300.0000.933
210 0xBU 300.0000.933
211 sqvrc 300.0000.932
212 yNNhoJ 300.0000.932
213 hard 300.0000.931
214 okudo3 300.0000.931
215 OutOfRangeException 300.0000.931
216 fargus 300.0000.930
217 Sea Food 300.0000.930
218 MerElephant 300.0000.929
219 NORELATION 300.0000.929
220 hapsida 200.0000.648
221 dcua 200.0000.648
222 SIDAO 200.0000.648
223 fu.ch4l1z4rd 200.0000.647
224 cbs 200.0000.647
225 int 0x80 200.0000.646
226 p4l 150.0000.506
227 Rusc 150.0000.253
niklasb – Oct. 6, 2017, 9:22 p.m.

Tasks are broken/down, and there is no way to contact the orga except for email, to which of course they do not respond. This is not acceptable.


maro – Oct. 6, 2017, 11:32 p.m.

- No IRC,
- Tasks does not mention what we have to do or what have to submit
- Flag format is useless since all tasks does not follow the mentioned flag format, you have just to add KLCTF as prefix
- Many broken tasks
- Guessing
...


Ghaaf – Oct. 7, 2017, 12:33 a.m.

I have the same problem as maro WTF! Kaspersky and no support ! lol !!


niklasb – Oct. 8, 2017, 7:16 p.m.

Note for future: Don't run pwnables as uid 0, or you will have a bad time keeping all the files on the challenge server where they belong. Not to mention forking servers that didn't register SIGCHLD handlers, infinite loops with no alarm() etc.


Pharisaeus – Oct. 8, 2017, 8:44 p.m.

Some tasks had reasonable difficulty and were fun, but there were also A LOT of issues:

1. No flag format respected. Basically every task was "add KLCTF prefix to whatever you get". On top of that flag was sometimes KLCTFxxxxx and sometimes a normal KLCTF{xxxx}. This is very confusing
2. Some tasks required guessing/dirbuster/crystal ball. RE400(+PWN700) initial stage for example required to guess that in /backup/backup.tar we can find the task sources/binaries. Nothing indicated this at all. In fact by far the hardest part of this task was exactly this step...
3. Service shared between all the teams, especially in case you need to trigger some specific state / race condition -> RE400/PWN700
4. Some very strange scoring. Crypto 800 was a trivial homomorphic Paillier challenge. Once someone noticed this is Paillier then it was instantly obvious how to recover the flag. But interestingly enough it could be solved even faster as blackbox. 300p for repeating XOR over a png, with keysize the same as header also seems a bit excessive. Especially compared to some other significantly harder tasks for similar amount of points.

And on top of all of this there was basically no communication channel, no IRC, no telegram, no nothing. You could send an email and get no response :) This becomes even more problematic when some tasks are broken (and they were).


maro – Oct. 10, 2017, 12:07 a.m.

Why is the scoreboard in ctftime is different than the original scoreboard ?!
https://ctf.kaspersky.com/contests/1/scoreboard/


konata – Oct. 11, 2017, 10:58 a.m.

ctftime, please, update the scoreboard for this challenge!