Sat, 04 Jan. 2020, 02:00 UTC — Sun, 05 Jan. 2020, 02:00 UTC 
On-line
A WhiteHat Grand Prix event.
Format: Jeopardy 
Official URL: https://grandprix.whitehatvn.com/
This event's future weight is subject of public voting!
Event organizers
WhiteHat Grand Prix 06 is the 6th global cyber security competition organized by Vietnam.
The Qualification Round will start from 04 to 05 January, 2020.
Top 10 teams in the Qualification round will be invited to the Final Round in February 2020.
Total prize that a team can receive in the Final contains bounties from Private Bug Bounty program and the prize of Attack/Defense competition.
Support channels:
+ Slack: https://whitehatgrandprix06.slack.com, invite link: https://bit.ly/2FhPM9b
+ Facebook: https://www.facebook.com/whitehatvn
+ Twitter: Twitter.com/WhiteHatvn
+ Email: [email protected]
The prizes for winners in the Final Round are:
+ Private Bug Bounty: With each bug discovered, teams will earn bounties according to the levels of Critical, Important, Medium and Low severity.
+ Attack/Defense: Top 3 teams in the Attack/Defense will claim the following prizes:
- 1st Prize: 230 million dong (~ 10,000 USD)
- 2nd Prize: 45 million dong (~ 2,000 USD)
- 3rd Prize: 23 million dong (~ 1,000 USD)
148 teams total
| Place | Team | CTF points | Rating points | |
|---|---|---|---|---|
| 1 | perfect blue | 5280.000 | 49.000 | |
| 2 | More Smoked Leet Chicken | 4820.000 | 34.616 | |
| 3 | DiceGang | 4780.000 | 30.347 | |
| 4 | KingTigerPrawn | 4400.000 | 26.542 | |
| 5 | AceBear | 3870.000 | 22.857 | |
| 6 | BabyPhD | 3650.000 | 21.020 | |
| 7 | InfoSecIITR | 3540.000 | 19.926 | |
| 8 | JustToPlay | 3390.000 | 18.793 | |
| 9 | OpenToAll | 3140.000 | 17.292 | |
| 10 | ALLES! | 3030.000 | 16.510 | |
| 11 | FTMD | 3020.000 | 16.241 | |
| 12 | WreckTheLine | 2790.000 | 14.988 | |
| 13 | p4 | 2660.000 | 14.227 | |
| 14 | The Flat Network Society | 2600.000 | 13.814 | |
| 15 | Aleph | 2390.000 | 12.723 | |
| 16 | MeePwn | 2340.000 | 12.389 | |
| 17 | PDKT | 2270.000 | 11.974 | |
| 18 | drunkencodered | 2040.000 | 10.827 | |
| 19 | pwnsuky | 1980.000 | 10.477 | |
| 20 | swagger | 1730.000 | 9.252 | |
| 21 | CTD Elite | 1520.000 | 8.220 | |
| 22 | FPTdaed | 1440.000 | 7.795 | |
| 23 | PTIThub | 1420.000 | 7.654 | |
| 24 | excusemewtf | 1340.000 | 7.239 | |
| 25 | FireShell | 1330.000 | 7.151 | |
| 26 | bootplug | 1290.000 | 6.928 | |
| 27 | Whitzard | 1280.000 | 6.847 | |
| 28 | C4T BuT S4D | 1280.000 | 6.814 | |
| 29 | WGMY | 1260.000 | 6.691 | |
| 30 | pwndevils | 1220.000 | 6.478 | |
| 31 | dcua | 1150.000 | 6.126 | |
| 32 | warlock_rootx | 1080.000 | 5.777 | |
| 33 | r5 | 1020.000 | 5.475 | |
| 34 | 0x90r00t | 1000.000 | 5.361 | |
| 35 | technic | 970.000 | 5.201 | |
| 36 | noar | 930.000 | 4.996 | |
| 37 | CyKOR | 780.000 | 4.281 | |
| 38 | ISITDTU | 750.000 | 4.125 | |
| 39 | Spotless | 720.000 | 3.969 | |
| 40 | GoN | 700.000 | 3.861 | |
| 41 | Sneife | 700.000 | 3.846 | |
| 42 | Bushwhackers | 680.000 | 3.739 | |
| 43 | fargate | 580.000 | 3.261 | |
| 44 | bruh | 570.000 | 3.202 | |
| 45 | Order of the Grey Fang | 520.000 | 2.957 | |
| 46 | 0xCoCo | 500.000 | 2.853 | |
| 48 | d4rkc0de | 500.000 | 2.830 | |
| 49 | CTFF | 500.000 | 2.820 | |
| 50 | noraneco | 500.000 | 2.810 | |
| 51 | SYPER | 480.000 | 2.708 | |
| 52 | Defenit | 420.000 | 2.420 | |
| 53 | X1cT34m | 420.000 | 2.411 | |
| 54 | curpwd | 400.000 | 2.310 | |
| 55 | Akasec | 380.000 | 2.209 | |
| 56 | Shonan | 380.000 | 2.201 | |
| 57 | kurisutina | 330.000 | 1.961 | |
| 58 | cxp | 320.000 | 1.907 | |
| 59 | MeatspaceMen | 320.000 | 1.900 | |
| 60 | K22TMTIT | 300.000 | 1.800 | |
| 61 | 0x1 | 300.000 | 1.794 | |
| 62 | NonSlas | 300.000 | 1.787 | |
| 63 | y0d31 | 300.000 | 1.781 | |
| 64 | ckwx | 300.000 | 1.775 | |
| 65 | paulie | 280.000 | 1.676 | |
| 66 | ---MatriX-MantrA--- | 220.000 | 1.392 | |
| 67 | CREEP | 210.000 | 1.340 | |
| 68 | Corrupted Pwnis | 210.000 | 1.335 | |
| 69 | Noclue | 210.000 | 1.330 | |
| 70 | YOBA | 210.000 | 1.324 | |
| 71 | UnKnoWnCheaTs | 200.000 | 1.273 | |
| 72 | Sun*$hell | 200.000 | 1.268 | |
| 74 | SSW | 200.000 | 1.259 | |
| 75 | AbstractSyntaxTree | 200.000 | 1.255 | |
| 76 | aqt | 200.000 | 1.250 | |
| 77 | PwnaSonic | 200.000 | 1.246 | |
| 78 | badfirmware | 200.000 | 1.242 | |
| 79 | 凌胖虎 | 200.000 | 1.238 | |
| 80 | SSAT | 200.000 | 1.234 | |
| 81 | SealTeamOne | 200.000 | 1.230 | |
| 82 | nulllday | 200.000 | 1.227 | |
| 83 | TeamCC | 200.000 | 1.223 | |
| 84 | HCS | 200.000 | 1.220 | |
| 85 | Gyul | 200.000 | 1.216 | |
| 86 | SecurytiFactorial | 200.000 | 1.213 | |
| 87 | 101Points | 200.000 | 1.210 | |
| 88 | YoshikageKira | 200.000 | 1.206 | |
| 89 | NULLKrypt3rs | 200.000 | 1.203 | |
| 90 | Rogue Waves | 200.000 | 1.200 | |
| 91 | 1337B01S | 200.000 | 1.197 | |
| 92 | MACsHACKs | 200.000 | 1.194 | |
| 93 | x0rc3r3rs | 200.000 | 1.191 | |
| 94 | MV9rwGOf08 | 200.000 | 1.189 | |
| 95 | TahSec | 200.000 | 1.186 | |
| 96 | Nave1337 | 200.000 | 1.183 | |
| 97 | bono | 200.000 | 1.181 | |
| 98 | Cybernatural | 120.000 | 0.807 | |
| 99 | r3kor | 100.000 | 0.711 | |
| 100 | VulgarPhrophets | 100.000 | 0.709 | |
| 101 | LinyTail | 100.000 | 0.707 | |
| 102 | PGT | 100.000 | 0.704 | |
| 103 | StarrySky | 100.000 | 0.702 | |
| 104 | fkillrra | 100.000 | 0.700 | |
| 105 | imssm99 | 100.000 | 0.697 | |
| 106 | Invaders | 100.000 | 0.695 | |
| 107 | Bkav_AMC | 100.000 | 0.693 | |
| 108 | atx2600 | 100.000 | 0.691 | |
| 109 | stankc | 100.000 | 0.689 | |
| 110 | Con cá | 100.000 | 0.687 | |
| 111 | TopWing | 100.000 | 0.685 | |
| 112 | c0c0nuts | 100.000 | 0.683 | |
| 113 | 10k$$$AceBear$$$ | 100.000 | 0.681 | |
| 114 | davichi | 100.000 | 0.679 | |
| 115 | eL'teammate | 100.000 | 0.677 | |
| 116 | heyanlll | 100.000 | 0.675 | |
| 117 | Cu Chuoi | 100.000 | 0.673 | |
| 118 | NorthSea | 100.000 | 0.672 | |
| 119 | PinkDraconian | 100.000 | 0.670 | |
| 120 | noolo | 100.000 | 0.668 | |
| 121 | sixbananas | 100.000 | 0.666 | |
| 122 | s1g0ct4nt15 | 100.000 | 0.665 | |
| 123 | handjammies | 100.000 | 0.663 | |
| 124 | py06705001 | 100.000 | 0.662 | |
| 125 | T0X1C V4P0R | 100.000 | 0.660 | |
| 126 | TeRuTeNiNaTaS | 100.000 | 0.658 | |
| 127 | UnDefuse | 100.000 | 0.657 | |
| 128 | C0Br@ | 100.000 | 0.655 | |
| 129 | beerpwn | 100.000 | 0.654 | |
| 130 | Thong | 100.000 | 0.652 | |
| 131 | phe0nix | 100.000 | 0.651 | |
| 132 | CatsTossFluffs | 100.000 | 0.650 | |
| 133 | hunglxc | 100.000 | 0.648 | |
| 134 | ISPTIT | 100.000 | 0.647 | |
| 135 | v1ecErpkZJFF | 100.000 | 0.645 | |
| 136 | Horde | 100.000 | 0.644 | |
| 137 | Abs0lut3Pwn4g3 | 100.000 | 0.643 | |
| 138 | NANI | 100.000 | 0.642 | |
| 139 | ByteBandits | 100.000 | 0.640 | |
| 140 | B.R.A.V.O | 100.000 | 0.639 | |
| 141 | 122 | 100.000 | 0.638 | |
| 142 | rmrfslash | 100.000 | 0.637 | |
| 143 | PASECA | 100.000 | 0.635 | |
| 144 | WRUBLE | 100.000 | 0.634 | |
| 145 | onotch | 100.000 | 0.633 | |
| 146 | lazy pirates | 100.000 | 0.632 | |
| 147 | Krosse Flagge | 100.000 | 0.631 | |
| 148 | justme | 100.000 | 0.315 | |
| 149 | 283 | 100.000 | 0.314 | |
| 150 | asfjklj | 100.000 | 0.314 | |
can you please list our country Nepal in the CTF site. we don't get to choose Nepal as it is not listed. Another point why can't I choose my team name r00tn3p@! ?? my team name in CTFtime is r00tn3p@!??
The Organizer have been updated the new schedule for the competition: the Qualification Round will start at January 04, 2020, choosing the top 10 teams for the Final Round in February 2020.
@k4at3034 : Your country is listed as name of Federal Democratic Republic of Nepal. Please choose the right name.
About the register error: Please don't use special characters in your name such as @ or !, #, etc.
thank you but will it be counted in ctf time if i use different name??
diffrent team name to regster than that is in ctftime??
The date is wrong on this page it starts 4/1/2020 not this Sunday
@MRinterceptor: Yes, we already reschedule the competition. We are contacting CTFtime team to change it. The new date is from 04 to 05 January 2020.
@k4at3034: we are adding the special characters when registering on our site. Pls send email to whitehat@bkav.com so that we can inform you later. Thanks!
I can't access the challenge! I don't know where to go.
@iDreamTooMuch: pls access the following link: https://grandprix.whitehatvn.com/
Hey admins. Can you please reset the token for d4rkc0de. We cant register our name, it says already taken.
@lionaneesh: please email us at whitehat@bkav.com to get the support. Thanks !
@yunapjuna: there is some easy challenges, but I do not know whether you can you solve :) :)
login error?
An error occurred while updating the entries. See the inner exception for details.
cannot login.... with the same reason.
@all: we fixed it already, pls try again.
cannot create a new team?
@heyanlll: we are fixing
@all: we already fixed new team creation.
Can't submit flag, says only number, alphabets and { , } allowed. Flag contained only those characters. After 3-4 retries it put up a google captcha there "ERROR for site owner:
Invalid domain for site key" . How hard is to test a website
@abcdsh: please read the rule: 11.3. Unless stated otherwise, flag will be in form of “WhiteHat{SHA1(this_is_a_flag)}”.
i cant log in why?
Too many site down :(
And flag checker is alerting "[object Object]" (Chrome, IE 11)
:(
@k4at3034: pls try again, we fixed already.
@sqrtrev: we fixed that challenge.
Site is down - gateway timeout error.
@siyujiang81: the site is on now.
I agree with comments above - never saw such a laggy CTF. site was permanently down. Weak servers? No money for DDoS protection?
Here's my longer review. This CTF has done some good things and some bad things that could improve next year:
- While overall, most of the challenges could use major improvement, I think the web challs were in my opinion least sucky. They were at least somewhat decent (tho I'm kinda useless in that category)
- I appreciate organizers for providing a clear and explicit schedule for challenge releases. While there is a lot that could improve overall, I sincerely think this was one of the good things that I rarely see these days
- I think reading the live update blog: https://grandprix.whitehatvn.com/news/-/view-content/202109/-upcoming-whitehat-grand-prix-06 . Would've loved to see it more prevalent/advertised tho. Otherwise, I appreciate orgs taking the time to keep this progress update.
Now for the less good things:
- The challenges could've benefited greatly from doing some internal testing and review BEFORE they get released, especially concerning the more guessy challenges (I'm giving a hard look at those "RE" and misc challenges). What this entails would be like having other members try to play/solve the challenge WITHOUT any prior knowledge, and see if it is "intuitive" enough to be able to figure out the steps. (Also a quick hint, getting teams to figure out which esoteric steg tool you used to encode some message is NOT a good challenge)
- The PWN challenges here felt very weak/easy/uncreative. Only real "creativeness" I could maybe find is introducing a sqli into a pwn, but even that was very boring and bland. You could've done a lot more stuff in a sqli thing.
- The site infrastructure is very unstable. I think there's nothing more to say here. Though maybe even ctfd is better than whatever is here (hint, ctfd is also trash). Maybe I could say, try doing some stress testing beforehand, and stuff? The 2h downtime was definitely a big hit to a 24hr competition
To close I'd like to echo the sentiments of someone's post on the slack: "peterjson: And If the organizer want to keep this contest for many years to atract more teams to come VN not because the prize but because of the cool of an CTF event, u need to find a suitable CTF team to host the game". I think the CTF could've been SO MUCH more if the organizers spend more time learning/playing from CTFs, (I've seen that the orgs definitely have a lot of CTF's in their name, but I guess I'd say try to actively learn more).
@theKidOfArcrania: Thank for your review.
@sebulba: We did not encounter any DDoS attack, we intentionally shut down the system because of an unexpected problem.
@bteam No scoreboard ? Year start with No scoreboard CTF
@warlock_rootx: The scoreboard was updated, yeah :D
