Sat, 04 Jan. 2020, 02:00 UTC — Sun, 05 Jan. 2020, 02:00 UTC 

On-line

WhiteHat Grand Prix event.

Format: Jeopardy Jeopardy

Official URL: https://grandprix.whitehatvn.com/

This event's future weight is subject of public voting!

Future weight: 6.88 

Rating weight: 6.88 

Event organizers 

WhiteHat Grand Prix 06 is the 6th global cyber security competition organized by Vietnam.
The Qualification Round will start from 04 to 05 January, 2020.

Top 10 teams in the Qualification round will be invited to the Final Round in February 2020.
Total prize that a team can receive in the Final contains bounties from Private Bug Bounty program and the prize of Attack/Defense competition.

Support channels:
+ Slack: https://whitehatgrandprix06.slack.com, invite link: https://bit.ly/2FhPM9b
+ Facebook: https://www.facebook.com/whitehatvn
+ Twitter: Twitter.com/WhiteHatvn
+ Email: whitehat@bkav.com

Prizes

The prizes for winners in the Final Round are:
+ Private Bug Bounty: With each bug discovered, teams will earn bounties according to the levels of Critical, Important, Medium and Low severity.
+ Attack/Defense: Top 3 teams in the Attack/Defense will claim the following prizes:
- 1st Prize: 230 million dong (~ 10,000 USD)
- 2nd Prize: 45 million dong (~ 2,000 USD)
- 3rd Prize: 23 million dong (~ 1,000 USD)

Scoreboard

149 teams total

PlaceTeamCTF pointsRating points
1 perfect blue 5280.00013.760
2 More Smoked Leet Chicken 4820.0009.721
3 DiceGang 4780.0008.522
4 KingTigerPrawn 4400.0007.453
5 AceBear 3870.0006.419
6 BabyPhD 3650.0005.903
7 InfoSecIITR 3540.0005.596
8 JustToPlay 3390.0005.277
9 OpenToAll 3140.0004.856
10 ALLES! 3030.0004.636
11 FTMD 3020.0004.561
12 WreckTheLine 2790.0004.209
13 p4 2660.0003.995
14 The Flat Network Society 2600.0003.879
15 Aleph 2390.0003.573
16 MeePwn 2340.0003.479
17 PDKT 2270.0003.363
18 drunkencodered 2040.0003.040
19 pwnsuky 1980.0002.942
20 swagger 1730.0002.598
21 CTD Elite 1520.0002.308
22 FPTdaed 1440.0002.189
23 PTIThub 1420.0002.149
24 excusemewtf 1340.0002.033
25 FireShell 1330.0002.008
26 bootplug 1290.0001.946
27 Whitzard 1280.0001.923
28 C4T BuT S4D 1280.0001.914
29 WGMY 1260.0001.879
30 pwndevils 1220.0001.819
31 dcua 1150.0001.720
32 warlock_rootx 1080.0001.622
33 r5 1020.0001.538
34 0x90r00t 1000.0001.505
35 technic 970.0001.461
36 noar 930.0001.403
37 CyKOR 780.0001.202
38 ISITDTU 750.0001.158
39 Spotless 720.0001.115
40 GoN 700.0001.084
41 Sneife 700.0001.080
42 Bushwhackers 680.0001.050
43 fargate 580.0000.916
44 bruh 570.0000.899
45 Order of the Grey Fang 520.0000.830
46 0xCoCo 500.0000.801
47 zehrileLau(n)de 500.0000.798
48 d4rkc0de 500.0000.795
49 CTFF 500.0000.792
50 noraneco 500.0000.789
51 SYPER 480.0000.760
52 Defenit 420.0000.680
53 X1cT34m 420.0000.677
54 curpwd 400.0000.649
55 1337 KH 380.0000.620
56 Shonan 380.0000.618
57 kurisutina 330.0000.551
58 cxp 320.0000.536
59 MeatspaceMen 320.0000.534
60 K22TMTIT 300.0000.506
61 0x1 300.0000.504
62 NonSlas 300.0000.502
63 y0d31 300.0000.500
64 ckwx 300.0000.498
65 paulie 280.0000.471
66 '---MatriX-MantrA--- 220.0000.391
67 CREEP 210.0000.376
68 Corrupted Pwnis 210.0000.375
69 Noclue 210.0000.373
70 YOBA 210.0000.372
71 UnKnoWnCheaTs 200.0000.358
72 Sun*$hell 200.0000.356
74 SSW 200.0000.354
75 AbstractSyntaxTree 200.0000.352
76 aqt 200.0000.351
77 PwnaSonic 200.0000.350
78 badfirmware 200.0000.349
79 凌胖虎 200.0000.348
80 SSAT 200.0000.347
81 SealTeamOne 200.0000.346
82 nulllday 200.0000.345
83 TeamCC 200.0000.343
84 Heroes Cyber Security 200.0000.343
85 Gyul 200.0000.342
86 SecurytiFactorial 200.0000.341
87 101Points 200.0000.340
88 YoshikageKira 200.0000.339
89 NULLKrypt3rs 200.0000.338
90 Rogue Waves 200.0000.337
91 1337B01S 200.0000.336
92 MACsHACKs 200.0000.335
93 x0rc3r3rs 200.0000.335
94 MV9rwGOf08 200.0000.334
95 TahSec 200.0000.333
96 Nave1337 200.0000.332
97 bono 200.0000.332
98 Cybernatural 120.0000.227
99 r3kor 100.0000.200
100 VulgarPhrophets 100.0000.199
101 LinyTail 100.0000.198
102 PGT 100.0000.198
103 StarrySky 100.0000.197
104 fkillrra 100.0000.196
105 imssm99 100.0000.196
106 Invaders 100.0000.195
107 Bkav_AMC 100.0000.195
108 atx2600 100.0000.194
109 stankc 100.0000.193
110 Con cá 100.0000.193
111 TopWing 100.0000.192
112 c0c0nuts 100.0000.192
113 10k$$$AceBear$$$ 100.0000.191
114 davichi 100.0000.191
115 eL'teammate 100.0000.190
116 heyanlll 100.0000.190
117 Cu Chuoi 100.0000.189
118 NorthSea 100.0000.189
119 PinkDraconian 100.0000.188
120 noolo 100.0000.188
121 sixbananas 100.0000.187
122 s1g0ct4nt15 100.0000.187
123 handjammies 100.0000.186
124 py06705001 100.0000.186
125 T0X1C V4P0R 100.0000.185
126 TeRuTeNiNaTaS 100.0000.185
127 UnDefuse 100.0000.184
128 C0Br@ 100.0000.184
129 beerpwn 100.0000.184
130 Thong 100.0000.183
131 phe0nix 100.0000.183
132 CatsTossFluffs 100.0000.182
133 hunglxc 100.0000.182
134 ISPTIT 100.0000.182
135 v1ecErpkZJFF 100.0000.181
136 Horde 100.0000.181
137 Abs0lut3Pwn4g3 100.0000.181
138 NANI 100.0000.180
139 ByteBandits 100.0000.180
140 B.R.A.V.O 100.0000.179
141 122 100.0000.179
142 rmrfslash 100.0000.179
143 PASECA 100.0000.178
144 WRUBLE 100.0000.178
145 onotch 100.0000.178
146 lazy pirates 100.0000.177
147 Krosse Flagge 100.0000.177
148 justme 100.0000.177
149 283 100.0000.088
150 asfjklj 100.0000.088
k4at3034Dec. 9, 2019, 5:01 p.m.

can you please list our country Nepal in the CTF site. we don't get to choose Nepal as it is not listed. Another point why can't I choose my team name r00tn3p@! ?? my team name in CTFtime is r00tn3p@!??


bteamDec. 10, 2019, 3:35 a.m.

The Organizer have been updated the new schedule for the competition: the Qualification Round will start at January 04, 2020, choosing the top 10 teams for the Final Round in February 2020.


bteamDec. 10, 2019, 6:47 a.m.

@k4at3034 : Your country is listed as name of Federal Democratic Republic of Nepal. Please choose the right name.
About the register error: Please don't use special characters in your name such as @ or !, #, etc.


k4at3034Dec. 10, 2019, 6:17 p.m.

thank you but will it be counted in ctf time if i use different name??


k4at3034Dec. 10, 2019, 6:18 p.m.

diffrent team name to regster than that is in ctftime??


MRinterceptorDec. 11, 2019, 8:35 p.m.

The date is wrong on this page it starts 4/1/2020 not this Sunday


bteamDec. 12, 2019, 3:41 a.m.

@MRinterceptor: Yes, we already reschedule the competition. We are contacting CTFtime team to change it. The new date is from 04 to 05 January 2020.


bteamDec. 12, 2019, 8:55 a.m.

@k4at3034: we are adding the special characters when registering on our site. Pls send email to whitehat@bkav.com so that we can inform you later. Thanks!


iDreamTooMuchDec. 14, 2019, 7:18 p.m.

I can't access the challenge! I don't know where to go.


bteamDec. 16, 2019, 2:12 a.m.

@iDreamTooMuch: pls access the following link: https://grandprix.whitehatvn.com/


lionaneeshJan. 2, 2020, 12:52 p.m.

Hey admins. Can you please reset the token for d4rkc0de. We cant register our name, it says already taken.


bteamJan. 3, 2020, 2:23 a.m.

@lionaneesh: please email us at whitehat@bkav.com to get the support. Thanks !


yunapjunaJan. 3, 2020, 12:47 p.m.

Will the qualification round CTF also have some challenges for beginners, or is this CTF only for experienced hackers?


bteamJan. 4, 2020, 1:29 a.m.

@yunapjuna: there is some easy challenges, but I do not know whether you can you solve :) :)


frzstJan. 4, 2020, 2:33 a.m.

login error?


jereprettoJan. 4, 2020, 2:35 a.m.

An error occurred while updating the entries. See the inner exception for details.


mattaJan. 4, 2020, 2:46 a.m.

cannot login.... with the same reason.


bteamJan. 4, 2020, 3:37 a.m.

@all: we fixed it already, pls try again.


heyanlllJan. 4, 2020, 3:41 a.m.

cannot create a new team?


bteamJan. 4, 2020, 4:04 a.m.

@heyanlll: we are fixing


bteamJan. 4, 2020, 4:15 a.m.

@all: we already fixed new team creation.


abcdshJan. 4, 2020, 5:17 a.m.

Can't submit flag, says only number, alphabets and { , } allowed. Flag contained only those characters. After 3-4 retries it put up a google captcha there "ERROR for site owner:
Invalid domain for site key" . How hard is to test a website


bteamJan. 4, 2020, 5:22 a.m.

@abcdsh: please read the rule: 11.3. Unless stated otherwise, flag will be in form of “WhiteHat{SHA1(this_is_a_flag)}”.


k4at3034Jan. 4, 2020, 2:18 p.m.

i cant log in why?


sqrtrevJan. 4, 2020, 2:31 p.m.

Too many site down :(
And flag checker is alerting "[object Object]" (Chrome, IE 11)
:(


bteamJan. 4, 2020, 2:54 p.m.

@k4at3034: pls try again, we fixed already.


bteamJan. 4, 2020, 4:28 p.m.

@sqrtrev: we fixed that challenge.


yellowriver81Jan. 4, 2020, 5:50 p.m.

Site is down - gateway timeout error.


bteamJan. 4, 2020, 9:40 p.m.

@siyujiang81: the site is on now.


sebulbaJan. 5, 2020, 3:23 p.m.

I agree with comments above - never saw such a laggy CTF. site was permanently down. Weak servers? No money for DDoS protection?


theKidOfArcraniaJan. 5, 2020, 6:45 p.m.

Here's my longer review. This CTF has done some good things and some bad things that could improve next year:

- While overall, most of the challenges could use major improvement, I think the web challs were in my opinion least sucky. They were at least somewhat decent (tho I'm kinda useless in that category)
- I appreciate organizers for providing a clear and explicit schedule for challenge releases. While there is a lot that could improve overall, I sincerely think this was one of the good things that I rarely see these days
- I think reading the live update blog: https://grandprix.whitehatvn.com/news/-/view-content/202109/-upcoming-whitehat-grand-prix-06 . Would've loved to see it more prevalent/advertised tho. Otherwise, I appreciate orgs taking the time to keep this progress update.

Now for the less good things:
- The challenges could've benefited greatly from doing some internal testing and review BEFORE they get released, especially concerning the more guessy challenges (I'm giving a hard look at those "RE" and misc challenges). What this entails would be like having other members try to play/solve the challenge WITHOUT any prior knowledge, and see if it is "intuitive" enough to be able to figure out the steps. (Also a quick hint, getting teams to figure out which esoteric steg tool you used to encode some message is NOT a good challenge)
- The PWN challenges here felt very weak/easy/uncreative. Only real "creativeness" I could maybe find is introducing a sqli into a pwn, but even that was very boring and bland. You could've done a lot more stuff in a sqli thing.
- The site infrastructure is very unstable. I think there's nothing more to say here. Though maybe even ctfd is better than whatever is here (hint, ctfd is also trash). Maybe I could say, try doing some stress testing beforehand, and stuff? The 2h downtime was definitely a big hit to a 24hr competition

To close I'd like to echo the sentiments of someone's post on the slack: "peterjson: And If the organizer want to keep this contest for many years to atract more teams to come VN not because the prize but because of the cool of an CTF event, u need to find a suitable CTF team to host the game". I think the CTF could've been SO MUCH more if the organizers spend more time learning/playing from CTFs, (I've seen that the orgs definitely have a lot of CTF's in their name, but I guess I'd say try to actively learn more).


bteamJan. 6, 2020, 3:21 a.m.

@theKidOfArcrania: Thank for your review.


bteamJan. 6, 2020, 3:23 a.m.

@sebulba: We did not encounter any DDoS attack, we intentionally shut down the system because of an unexpected problem.


warlock_rootxJan. 12, 2020, 7:14 a.m.

@bteam No scoreboard ? Year start with No scoreboard CTF


bteamJan. 13, 2020, 9:55 a.m.

@warlock_rootx: The scoreboard was updated, yeah :D