Sat, 04 Jan. 2020, 02:00 UTC — Sun, 05 Jan. 2020, 02:00 UTC 

On-line

WhiteHat Grand Prix event.

Format: Jeopardy Jeopardy

Official URL: https://grandprix.whitehatvn.com/

This event's weight is subject of public voting!

Future weight: 5.32 

Rating weight: 5.32 

Event organizers 


WhiteHat Grand Prix 06 is the 6th global cyber security competition organized by Vietnam.
The Qualification Round will start from 04 to 05 January, 2020.

Top 10 teams in the Qualification round will be invited to the Final Round in February 2020.
Total prize that a team can receive in the Final contains bounties from Private Bug Bounty program and the prize of Attack/Defense competition.

Support channels:
+ Slack: https://whitehatgrandprix06.slack.com, invite link: https://bit.ly/2FhPM9b
+ Facebook: https://www.facebook.com/whitehatvn
+ Twitter: Twitter.com/WhiteHatvn
+ Email: whitehat@bkav.com

Prizes

The prizes for winners in the Final Round are:
+ Private Bug Bounty: With each bug discovered, teams will earn bounties according to the levels of Critical, Important, Medium and Low severity.
+ Attack/Defense: Top 3 teams in the Attack/Defense will claim the following prizes:
- 1st Prize: 230 million dong (~ 10,000 USD)
- 2nd Prize: 45 million dong (~ 2,000 USD)
- 3rd Prize: 23 million dong (~ 1,000 USD)

Scoreboard

149 teams total

PlaceTeamCTF pointsRating points
1 perfect blue 5280.00010.640
2 More Smoked Leet Chicken 4820.0007.517
3 DiceGang 4780.0006.590
4 KingTigerPrawn 4400.0005.763
5 AceBear 3870.0004.963
6 BabyPhD 3650.0004.564
7 InfoSecIITR 3540.0004.327
8 JustToPlay 3390.0004.081
9 OpenToAll 3140.0003.755
10 ALLES! 3030.0003.585
11 FTMD 3020.0003.527
12 WreckTheLine 2790.0003.254
13 p4 2660.0003.089
14 The Flat Network Society 2600.0003.000
15 Aleph 2390.0002.763
16 MeePwn 2340.0002.690
17 PDKT 2270.0002.600
18 drunkencodered 2040.0002.351
19 pwnsuky 1980.0002.275
20 swagger 1730.0002.009
21 CTD Elite 1520.0001.785
22 FPTdaed 1440.0001.693
23 PTIThub 1420.0001.662
24 excusemewtf 1340.0001.572
25 FireShell 1330.0001.553
26 bootplug 1290.0001.504
27 Whitzard 1280.0001.487
28 C4T BuT S4D 1280.0001.480
29 WGMY 1260.0001.453
30 pwndevils 1220.0001.407
31 dcua 1150.0001.330
32 warlock_rootx 1080.0001.254
33 r5 1020.0001.189
34 0x90r00t 1000.0001.164
35 technic 970.0001.129
36 noar 930.0001.085
37 CyKOR 780.0000.930
38 ISITDTU 750.0000.896
39 Spotless 720.0000.862
40 GoN 700.0000.838
41 Sneife 700.0000.835
42 Bushwhackers 680.0000.812
43 fargate 580.0000.708
44 bruh 570.0000.695
45 Order of the Grey Fang 520.0000.642
46 0xCoCo 500.0000.619
47 zehrileLau(n)de 500.0000.617
48 d4rkc0de 500.0000.615
49 CTFF 500.0000.612
50 noraneco 500.0000.610
51 SYPER 480.0000.588
52 Defenit 420.0000.525
53 X1cT34m 420.0000.524
54 curpwd 400.0000.502
55 1337 KH 380.0000.480
56 Shonan 380.0000.478
57 kurisutina 330.0000.426
58 cxp 320.0000.414
59 MeatspaceMen 320.0000.413
60 K22TMTIT 300.0000.391
61 0x1 300.0000.389
62 NonSlas 300.0000.388
63 y0d31 300.0000.387
64 ckwx 300.0000.385
65 paulie 280.0000.364
66 '---MatriX-MantrA--- 220.0000.302
67 CREEP 210.0000.291
68 Corrupted Pwnis 210.0000.290
69 Noclue 210.0000.289
70 YOBA 210.0000.288
71 UnKnoWnCheaTs 200.0000.276
72 Sun*$hell 200.0000.275
74 SSW 200.0000.273
75 AbstractSyntaxTree 200.0000.272
76 aqt 200.0000.272
77 PwnaSonic 200.0000.271
78 badfirmware 200.0000.270
79 凌胖虎 200.0000.269
80 SSAT 200.0000.268
81 SealTeamOne 200.0000.267
82 nulllday 200.0000.266
83 TeamCC 200.0000.266
84 Heroes Cyber Security 200.0000.265
85 Gyul 200.0000.264
86 SecurytiFactorial 200.0000.263
87 101Points 200.0000.263
88 YoshikageKira 200.0000.262
89 NULLKrypt3rs 200.0000.261
90 Rogue Waves 200.0000.261
91 1337B01S 200.0000.260
92 MACsHACKs 200.0000.259
93 x0rc3r3rs 200.0000.259
94 MV9rwGOf08 200.0000.258
95 TahSec 200.0000.258
96 Nave1337 200.0000.257
97 bono 200.0000.256
98 Cybernatural 120.0000.175
99 r3kor 100.0000.154
100 VulgarPhrophets 100.0000.154
101 LinyTail 100.0000.153
102 PGT 100.0000.153
103 StarrySky 100.0000.152
104 fkillrra 100.0000.152
105 imssm99 100.0000.151
106 Invaders 100.0000.151
107 Bkav_AMC 100.0000.150
108 atx2600 100.0000.150
109 stankc 100.0000.150
110 Con cá 100.0000.149
111 TopWing 100.0000.149
112 c0c0nuts 100.0000.148
113 10k$$$AceBear$$$ 100.0000.148
114 davichi 100.0000.147
115 eL'teammate 100.0000.147
116 heyanlll 100.0000.147
117 Cu Chuoi 100.0000.146
118 NorthSea 100.0000.146
119 PinkDraconian 100.0000.145
120 noolo 100.0000.145
121 sixbananas 100.0000.145
122 s1g0ct4nt15 100.0000.144
123 handjammies 100.0000.144
124 py06705001 100.0000.144
125 T0X1C V4P0R 100.0000.143
126 TeRuTeNiNaTaS 100.0000.143
127 Undefuse 100.0000.143
128 C0Br@ 100.0000.142
129 beerpwn 100.0000.142
130 Thong 100.0000.142
131 phe0nix 100.0000.141
132 CatsTossFluffs 100.0000.141
133 hunglxc 100.0000.141
134 ISPTIT 100.0000.140
135 v1ecErpkZJFF 100.0000.140
136 Horde 100.0000.140
137 Abs0lut3Pwn4g3 100.0000.140
138 NANI 100.0000.139
139 ByteBandits 100.0000.139
140 B.R.A.V.O 100.0000.139
141 122 100.0000.138
142 rmrfslash 100.0000.138
143 PASECA 100.0000.138
144 WRUBLE 100.0000.138
145 onotch 100.0000.137
146 lazy pirates 100.0000.137
147 Krosse Flagge 100.0000.137
148 justme 100.0000.137
149 283 100.0000.068
150 asfjklj 100.0000.068
k4at3034 – Dec. 9, 2019, 5:01 p.m.

can you please list our country Nepal in the CTF site. we don't get to choose Nepal as it is not listed. Another point why can't I choose my team name r00tn3p@! ?? my team name in CTFtime is r00tn3p@!??


bteam – Dec. 10, 2019, 3:35 a.m.

The Organizer have been updated the new schedule for the competition: the Qualification Round will start at January 04, 2020, choosing the top 10 teams for the Final Round in February 2020.


bteam – Dec. 10, 2019, 6:47 a.m.

@k4at3034 : Your country is listed as name of Federal Democratic Republic of Nepal. Please choose the right name.
About the register error: Please don't use special characters in your name such as @ or !, #, etc.


k4at3034 – Dec. 10, 2019, 6:17 p.m.

thank you but will it be counted in ctf time if i use different name??


k4at3034 – Dec. 10, 2019, 6:18 p.m.

diffrent team name to regster than that is in ctftime??


MRinterceptor – Dec. 11, 2019, 8:35 p.m.

The date is wrong on this page it starts 4/1/2020 not this Sunday


bteam – Dec. 12, 2019, 3:41 a.m.

@MRinterceptor: Yes, we already reschedule the competition. We are contacting CTFtime team to change it. The new date is from 04 to 05 January 2020.


bteam – Dec. 12, 2019, 8:55 a.m.

@k4at3034: we are adding the special characters when registering on our site. Pls send email to whitehat@bkav.com so that we can inform you later. Thanks!


iDreamTooMuch – Dec. 14, 2019, 7:18 p.m.

I can't access the challenge! I don't know where to go.


bteam – Dec. 16, 2019, 2:12 a.m.

@iDreamTooMuch: pls access the following link: https://grandprix.whitehatvn.com/


lionaneesh – Jan. 2, 2020, 12:52 p.m.

Hey admins. Can you please reset the token for d4rkc0de. We cant register our name, it says already taken.


bteam – Jan. 3, 2020, 2:23 a.m.

@lionaneesh: please email us at whitehat@bkav.com to get the support. Thanks !


yunapjuna – Jan. 3, 2020, 12:47 p.m.

Will the qualification round CTF also have some challenges for beginners, or is this CTF only for experienced hackers?


bteam – Jan. 4, 2020, 1:29 a.m.

@yunapjuna: there is some easy challenges, but I do not know whether you can you solve :) :)


frzst – Jan. 4, 2020, 2:33 a.m.

login error?


JerePuck – Jan. 4, 2020, 2:35 a.m.

An error occurred while updating the entries. See the inner exception for details.


matta – Jan. 4, 2020, 2:46 a.m.

cannot login.... with the same reason.


bteam – Jan. 4, 2020, 3:37 a.m.

@all: we fixed it already, pls try again.


heyanlll – Jan. 4, 2020, 3:41 a.m.

cannot create a new team?


bteam – Jan. 4, 2020, 4:04 a.m.

@heyanlll: we are fixing


bteam – Jan. 4, 2020, 4:15 a.m.

@all: we already fixed new team creation.


abcdsh – Jan. 4, 2020, 5:17 a.m.

Can't submit flag, says only number, alphabets and { , } allowed. Flag contained only those characters. After 3-4 retries it put up a google captcha there "ERROR for site owner:
Invalid domain for site key" . How hard is to test a website


bteam – Jan. 4, 2020, 5:22 a.m.

@abcdsh: please read the rule: 11.3. Unless stated otherwise, flag will be in form of “WhiteHat{SHA1(this_is_a_flag)}”.


k4at3034 – Jan. 4, 2020, 2:18 p.m.

i cant log in why?


sqrtrev – Jan. 4, 2020, 2:31 p.m.

Too many site down :(
And flag checker is alerting "[object Object]" (Chrome, IE 11)
:(


bteam – Jan. 4, 2020, 2:54 p.m.

@k4at3034: pls try again, we fixed already.


bteam – Jan. 4, 2020, 4:28 p.m.

@sqrtrev: we fixed that challenge.


siyujiang81 – Jan. 4, 2020, 5:50 p.m.

Site is down - gateway timeout error.


bteam – Jan. 4, 2020, 9:40 p.m.

@siyujiang81: the site is on now.


sebulba – Jan. 5, 2020, 3:23 p.m.

I agree with comments above - never saw such a laggy CTF. site was permanently down. Weak servers? No money for DDoS protection?


theKidOfArcrania – Jan. 5, 2020, 6:45 p.m.

Here's my longer review. This CTF has done some good things and some bad things that could improve next year:

- While overall, most of the challenges could use major improvement, I think the web challs were in my opinion least sucky. They were at least somewhat decent (tho I'm kinda useless in that category)
- I appreciate organizers for providing a clear and explicit schedule for challenge releases. While there is a lot that could improve overall, I sincerely think this was one of the good things that I rarely see these days
- I think reading the live update blog: https://grandprix.whitehatvn.com/news/-/view-content/202109/-upcoming-whitehat-grand-prix-06 . Would've loved to see it more prevalent/advertised tho. Otherwise, I appreciate orgs taking the time to keep this progress update.

Now for the less good things:
- The challenges could've benefited greatly from doing some internal testing and review BEFORE they get released, especially concerning the more guessy challenges (I'm giving a hard look at those "RE" and misc challenges). What this entails would be like having other members try to play/solve the challenge WITHOUT any prior knowledge, and see if it is "intuitive" enough to be able to figure out the steps. (Also a quick hint, getting teams to figure out which esoteric steg tool you used to encode some message is NOT a good challenge)
- The PWN challenges here felt very weak/easy/uncreative. Only real "creativeness" I could maybe find is introducing a sqli into a pwn, but even that was very boring and bland. You could've done a lot more stuff in a sqli thing.
- The site infrastructure is very unstable. I think there's nothing more to say here. Though maybe even ctfd is better than whatever is here (hint, ctfd is also trash). Maybe I could say, try doing some stress testing beforehand, and stuff? The 2h downtime was definitely a big hit to a 24hr competition

To close I'd like to echo the sentiments of someone's post on the slack: "peterjson: And If the organizer want to keep this contest for many years to atract more teams to come VN not because the prize but because of the cool of an CTF event, u need to find a suitable CTF team to host the game". I think the CTF could've been SO MUCH more if the organizers spend more time learning/playing from CTFs, (I've seen that the orgs definitely have a lot of CTF's in their name, but I guess I'd say try to actively learn more).


bteam – Jan. 6, 2020, 3:21 a.m.

@theKidOfArcrania: Thank for your review.


bteam – Jan. 6, 2020, 3:23 a.m.

@sebulba: We did not encounter any DDoS attack, we intentionally shut down the system because of an unexpected problem.


warlock_rootx – Jan. 12, 2020, 7:14 a.m.

@bteam No scoreboard ? Year start with No scoreboard CTF


bteam – Jan. 13, 2020, 9:55 a.m.

@warlock_rootx: The scoreboard was updated, yeah :D