Sat, 04 Jan. 2020, 02:00 UTC — Sun, 05 Jan. 2020, 02:00 UTC 

On-line

WhiteHat Grand Prix event.

Format: Jeopardy Jeopardy

Official URL: https://grandprix.whitehatvn.com/

This event's future weight is subject of public voting!

Future weight: 6.88 

Rating weight: 24.50 

Event organizers 

WhiteHat Grand Prix 06 is the 6th global cyber security competition organized by Vietnam.
The Qualification Round will start from 04 to 05 January, 2020.

Top 10 teams in the Qualification round will be invited to the Final Round in February 2020.
Total prize that a team can receive in the Final contains bounties from Private Bug Bounty program and the prize of Attack/Defense competition.

Support channels:
+ Slack: https://whitehatgrandprix06.slack.com, invite link: https://bit.ly/2FhPM9b
+ Facebook: https://www.facebook.com/whitehatvn
+ Twitter: Twitter.com/WhiteHatvn
+ Email: whitehat@bkav.com

Prizes

The prizes for winners in the Final Round are:
+ Private Bug Bounty: With each bug discovered, teams will earn bounties according to the levels of Critical, Important, Medium and Low severity.
+ Attack/Defense: Top 3 teams in the Attack/Defense will claim the following prizes:
- 1st Prize: 230 million dong (~ 10,000 USD)
- 2nd Prize: 45 million dong (~ 2,000 USD)
- 3rd Prize: 23 million dong (~ 1,000 USD)

Scoreboard

149 teams total

PlaceTeamCTF pointsRating points
1 perfect blue 5280.00049.000
2 More Smoked Leet Chicken 4820.00034.616
3 DiceGang 4780.00030.347
4 KingTigerPrawn 4400.00026.542
5 AceBear 3870.00022.857
6 BabyPhD 3650.00021.020
7 InfoSecIITR 3540.00019.926
8 JustToPlay 3390.00018.793
9 OpenToAll 3140.00017.292
10 ALLES! 3030.00016.510
11 FTMD 3020.00016.241
12 WreckTheLine 2790.00014.988
13 p4 2660.00014.227
14 The Flat Network Society 2600.00013.814
15 Aleph 2390.00012.723
16 MeePwn 2340.00012.389
17 PDKT 2270.00011.974
18 drunkencodered 2040.00010.827
19 pwnsuky 1980.00010.477
20 swagger 1730.0009.252
21 CTD Elite 1520.0008.220
22 FPTdaed 1440.0007.795
23 PTIThub 1420.0007.654
24 excusemewtf 1340.0007.239
25 FireShell 1330.0007.151
26 bootplug 1290.0006.928
27 Whitzard 1280.0006.847
28 C4T BuT S4D 1280.0006.814
29 WGMY 1260.0006.691
30 pwndevils 1220.0006.478
31 dcua 1150.0006.126
32 warlock_rootx 1080.0005.777
33 r5 1020.0005.475
34 0x90r00t 1000.0005.361
35 technic 970.0005.201
36 noar 930.0004.996
37 CyKOR 780.0004.281
38 ISITDTU 750.0004.125
39 Spotless 720.0003.969
40 GoN 700.0003.861
41 Sneife 700.0003.846
42 Bushwhackers 680.0003.739
43 fargate 580.0003.261
44 bruh 570.0003.202
45 Order of the Grey Fang 520.0002.957
46 0xCoCo 500.0002.853
47 zehrileLau(n)de 500.0002.841
48 d4rkc0de 500.0002.830
49 CTFF 500.0002.820
50 noraneco 500.0002.810
51 SYPER 480.0002.708
52 Defenit 420.0002.420
53 X1cT34m 420.0002.411
54 curpwd 400.0002.310
55 1337 KH 380.0002.209
56 Shonan 380.0002.201
57 kurisutina 330.0001.961
58 cxp 320.0001.907
59 MeatspaceMen 320.0001.900
60 K22TMTIT 300.0001.800
61 0x1 300.0001.794
62 NonSlas 300.0001.787
63 y0d31 300.0001.781
64 ckwx 300.0001.775
65 paulie 280.0001.676
66 '---MatriX-MantrA--- 220.0001.392
67 CREEP 210.0001.340
68 Corrupted Pwnis 210.0001.335
69 Noclue 210.0001.330
70 YOBA 210.0001.324
71 UnKnoWnCheaTs 200.0001.273
72 Sun*$hell 200.0001.268
74 SSW 200.0001.259
75 AbstractSyntaxTree 200.0001.255
76 aqt 200.0001.250
77 PwnaSonic 200.0001.246
78 badfirmware 200.0001.242
79 凌胖虎 200.0001.238
80 SSAT 200.0001.234
81 SealTeamOne 200.0001.230
82 nulllday 200.0001.227
83 TeamCC 200.0001.223
84 Heroes Cyber Security 200.0001.220
85 Gyul 200.0001.216
86 SecurytiFactorial 200.0001.213
87 101Points 200.0001.210
88 YoshikageKira 200.0001.206
89 NULLKrypt3rs 200.0001.203
90 Rogue Waves 200.0001.200
91 1337B01S 200.0001.197
92 MACsHACKs 200.0001.194
93 x0rc3r3rs 200.0001.191
94 MV9rwGOf08 200.0001.189
95 TahSec 200.0001.186
96 Nave1337 200.0001.183
97 bono 200.0001.181
98 Cybernatural 120.0000.807
99 r3kor 100.0000.711
100 VulgarPhrophets 100.0000.709
101 LinyTail 100.0000.707
102 PGT 100.0000.704
103 StarrySky 100.0000.702
104 fkillrra 100.0000.700
105 imssm99 100.0000.697
106 Invaders 100.0000.695
107 Bkav_AMC 100.0000.693
108 atx2600 100.0000.691
109 stankc 100.0000.689
110 Con cá 100.0000.687
111 TopWing 100.0000.685
112 c0c0nuts 100.0000.683
113 10k$$$AceBear$$$ 100.0000.681
114 davichi 100.0000.679
115 eL'teammate 100.0000.677
116 heyanlll 100.0000.675
117 Cu Chuoi 100.0000.673
118 NorthSea 100.0000.672
119 PinkDraconian 100.0000.670
120 noolo 100.0000.668
121 sixbananas 100.0000.666
122 s1g0ct4nt15 100.0000.665
123 handjammies 100.0000.663
124 py06705001 100.0000.662
125 T0X1C V4P0R 100.0000.660
126 TeRuTeNiNaTaS 100.0000.658
127 UnDefuse 100.0000.657
128 C0Br@ 100.0000.655
129 beerpwn 100.0000.654
130 Thong 100.0000.652
131 phe0nix 100.0000.651
132 CatsTossFluffs 100.0000.650
133 hunglxc 100.0000.648
134 ISPTIT 100.0000.647
135 v1ecErpkZJFF 100.0000.645
136 Horde 100.0000.644
137 Abs0lut3Pwn4g3 100.0000.643
138 NANI 100.0000.642
139 ByteBandits 100.0000.640
140 B.R.A.V.O 100.0000.639
141 122 100.0000.638
142 rmrfslash 100.0000.637
143 PASECA 100.0000.635
144 WRUBLE 100.0000.634
145 onotch 100.0000.633
146 lazy pirates 100.0000.632
147 Krosse Flagge 100.0000.631
148 justme 100.0000.630
149 283 100.0000.314
150 asfjklj 100.0000.314
k4at3034Dec. 9, 2019, 5:01 p.m.

can you please list our country Nepal in the CTF site. we don't get to choose Nepal as it is not listed. Another point why can't I choose my team name r00tn3p@! ?? my team name in CTFtime is r00tn3p@!??


bteamDec. 10, 2019, 3:35 a.m.

The Organizer have been updated the new schedule for the competition: the Qualification Round will start at January 04, 2020, choosing the top 10 teams for the Final Round in February 2020.


bteamDec. 10, 2019, 6:47 a.m.

@k4at3034 : Your country is listed as name of Federal Democratic Republic of Nepal. Please choose the right name.
About the register error: Please don't use special characters in your name such as @ or !, #, etc.


k4at3034Dec. 10, 2019, 6:17 p.m.

thank you but will it be counted in ctf time if i use different name??


k4at3034Dec. 10, 2019, 6:18 p.m.

diffrent team name to regster than that is in ctftime??


MRinterceptorDec. 11, 2019, 8:35 p.m.

The date is wrong on this page it starts 4/1/2020 not this Sunday


bteamDec. 12, 2019, 3:41 a.m.

@MRinterceptor: Yes, we already reschedule the competition. We are contacting CTFtime team to change it. The new date is from 04 to 05 January 2020.


bteamDec. 12, 2019, 8:55 a.m.

@k4at3034: we are adding the special characters when registering on our site. Pls send email to whitehat@bkav.com so that we can inform you later. Thanks!


iDreamTooMuchDec. 14, 2019, 7:18 p.m.

I can't access the challenge! I don't know where to go.


bteamDec. 16, 2019, 2:12 a.m.

@iDreamTooMuch: pls access the following link: https://grandprix.whitehatvn.com/


lionaneeshJan. 2, 2020, 12:52 p.m.

Hey admins. Can you please reset the token for d4rkc0de. We cant register our name, it says already taken.


bteamJan. 3, 2020, 2:23 a.m.

@lionaneesh: please email us at whitehat@bkav.com to get the support. Thanks !


yunapjunaJan. 3, 2020, 12:47 p.m.

Will the qualification round CTF also have some challenges for beginners, or is this CTF only for experienced hackers?


bteamJan. 4, 2020, 1:29 a.m.

@yunapjuna: there is some easy challenges, but I do not know whether you can you solve :) :)


frzstJan. 4, 2020, 2:33 a.m.

login error?


jereprettoJan. 4, 2020, 2:35 a.m.

An error occurred while updating the entries. See the inner exception for details.


mattaJan. 4, 2020, 2:46 a.m.

cannot login.... with the same reason.


bteamJan. 4, 2020, 3:37 a.m.

@all: we fixed it already, pls try again.


heyanlllJan. 4, 2020, 3:41 a.m.

cannot create a new team?


bteamJan. 4, 2020, 4:04 a.m.

@heyanlll: we are fixing


bteamJan. 4, 2020, 4:15 a.m.

@all: we already fixed new team creation.


abcdshJan. 4, 2020, 5:17 a.m.

Can't submit flag, says only number, alphabets and { , } allowed. Flag contained only those characters. After 3-4 retries it put up a google captcha there "ERROR for site owner:
Invalid domain for site key" . How hard is to test a website


bteamJan. 4, 2020, 5:22 a.m.

@abcdsh: please read the rule: 11.3. Unless stated otherwise, flag will be in form of “WhiteHat{SHA1(this_is_a_flag)}”.


k4at3034Jan. 4, 2020, 2:18 p.m.

i cant log in why?


sqrtrevJan. 4, 2020, 2:31 p.m.

Too many site down :(
And flag checker is alerting "[object Object]" (Chrome, IE 11)
:(


bteamJan. 4, 2020, 2:54 p.m.

@k4at3034: pls try again, we fixed already.


bteamJan. 4, 2020, 4:28 p.m.

@sqrtrev: we fixed that challenge.


yellowriver81Jan. 4, 2020, 5:50 p.m.

Site is down - gateway timeout error.


bteamJan. 4, 2020, 9:40 p.m.

@siyujiang81: the site is on now.


sebulbaJan. 5, 2020, 3:23 p.m.

I agree with comments above - never saw such a laggy CTF. site was permanently down. Weak servers? No money for DDoS protection?


theKidOfArcraniaJan. 5, 2020, 6:45 p.m.

Here's my longer review. This CTF has done some good things and some bad things that could improve next year:

- While overall, most of the challenges could use major improvement, I think the web challs were in my opinion least sucky. They were at least somewhat decent (tho I'm kinda useless in that category)
- I appreciate organizers for providing a clear and explicit schedule for challenge releases. While there is a lot that could improve overall, I sincerely think this was one of the good things that I rarely see these days
- I think reading the live update blog: https://grandprix.whitehatvn.com/news/-/view-content/202109/-upcoming-whitehat-grand-prix-06 . Would've loved to see it more prevalent/advertised tho. Otherwise, I appreciate orgs taking the time to keep this progress update.

Now for the less good things:
- The challenges could've benefited greatly from doing some internal testing and review BEFORE they get released, especially concerning the more guessy challenges (I'm giving a hard look at those "RE" and misc challenges). What this entails would be like having other members try to play/solve the challenge WITHOUT any prior knowledge, and see if it is "intuitive" enough to be able to figure out the steps. (Also a quick hint, getting teams to figure out which esoteric steg tool you used to encode some message is NOT a good challenge)
- The PWN challenges here felt very weak/easy/uncreative. Only real "creativeness" I could maybe find is introducing a sqli into a pwn, but even that was very boring and bland. You could've done a lot more stuff in a sqli thing.
- The site infrastructure is very unstable. I think there's nothing more to say here. Though maybe even ctfd is better than whatever is here (hint, ctfd is also trash). Maybe I could say, try doing some stress testing beforehand, and stuff? The 2h downtime was definitely a big hit to a 24hr competition

To close I'd like to echo the sentiments of someone's post on the slack: "peterjson: And If the organizer want to keep this contest for many years to atract more teams to come VN not because the prize but because of the cool of an CTF event, u need to find a suitable CTF team to host the game". I think the CTF could've been SO MUCH more if the organizers spend more time learning/playing from CTFs, (I've seen that the orgs definitely have a lot of CTF's in their name, but I guess I'd say try to actively learn more).


bteamJan. 6, 2020, 3:21 a.m.

@theKidOfArcrania: Thank for your review.


bteamJan. 6, 2020, 3:23 a.m.

@sebulba: We did not encounter any DDoS attack, we intentionally shut down the system because of an unexpected problem.


warlock_rootxJan. 12, 2020, 7:14 a.m.

@bteam No scoreboard ? Year start with No scoreboard CTF


bteamJan. 13, 2020, 9:55 a.m.

@warlock_rootx: The scoreboard was updated, yeah :D