Sat, 04 Jan. 2020, 02:00 UTC — Sun, 05 Jan. 2020, 02:00 UTC 

On-line

WhiteHat Grand Prix event.

Format: Jeopardy Jeopardy

Official URL: https://grandprix.whitehatvn.com/

This event's weight is subject of public voting!

Future weight: 6.28 

Rating weight: 6.28 

Event organizers 


WhiteHat Grand Prix 06 is the 6th global cyber security competition organized by Vietnam.
The Qualification Round will start from 04 to 05 January, 2020.

Top 10 teams in the Qualification round will be invited to the Final Round in February 2020.
Total prize that a team can receive in the Final contains bounties from Private Bug Bounty program and the prize of Attack/Defense competition.

Support channels:
+ Slack: https://whitehatgrandprix06.slack.com, invite link: https://bit.ly/2FhPM9b
+ Facebook: https://www.facebook.com/whitehatvn
+ Twitter: Twitter.com/WhiteHatvn
+ Email: whitehat@bkav.com

Prizes

The prizes for winners in the Final Round are:
+ Private Bug Bounty: With each bug discovered, teams will earn bounties according to the levels of Critical, Important, Medium and Low severity.
+ Attack/Defense: Top 3 teams in the Attack/Defense will claim the following prizes:
- 1st Prize: 230 million dong (~ 10,000 USD)
- 2nd Prize: 45 million dong (~ 2,000 USD)
- 3rd Prize: 23 million dong (~ 1,000 USD)

Scoreboard

149 teams total

PlaceTeamCTF pointsRating points
1 perfect blue 5280.00012.560
2 More Smoked Leet Chicken 4820.0008.873
3 DiceGang 4780.0007.779
4 KingTigerPrawn 4400.0006.803
5 AceBear 3870.0005.859
6 BabyPhD 3650.0005.388
7 InfoSecIITR 3540.0005.108
8 JustToPlay 3390.0004.817
9 OpenToAll 3140.0004.432
10 ALLES! 3030.0004.232
11 FTMD 3020.0004.163
12 WreckTheLine 2790.0003.842
13 p4 2660.0003.647
14 The Flat Network Society 2600.0003.541
15 Aleph 2390.0003.261
16 MeePwn 2340.0003.176
17 PDKT 2270.0003.069
18 drunkencodered 2040.0002.775
19 pwnsuky 1980.0002.686
20 swagger 1730.0002.372
21 CTD Elite 1520.0002.107
22 FPTdaed 1440.0001.998
23 PTIThub 1420.0001.962
24 excusemewtf 1340.0001.855
25 FireShell 1330.0001.833
26 bootplug 1290.0001.776
27 Whitzard 1280.0001.755
28 C4T BuT S4D 1280.0001.747
29 WGMY 1260.0001.715
30 pwndevils 1220.0001.660
31 dcua 1150.0001.570
32 warlock_rootx 1080.0001.481
33 r5 1020.0001.403
34 0x90r00t 1000.0001.374
35 technic 970.0001.333
36 noar 930.0001.281
37 CyKOR 780.0001.097
38 ISITDTU 750.0001.057
39 Spotless 720.0001.017
40 GoN 700.0000.990
41 Sneife 700.0000.986
42 Bushwhackers 680.0000.958
43 fargate 580.0000.836
44 bruh 570.0000.821
45 Order of the Grey Fang 520.0000.758
46 0xCoCo 500.0000.731
47 zehrileLau(n)de 500.0000.728
48 d4rkc0de 500.0000.726
49 CTFF 500.0000.723
50 noraneco 500.0000.720
51 SYPER 480.0000.694
52 Defenit 420.0000.620
53 X1cT34m 420.0000.618
54 curpwd 400.0000.592
55 1337 KH 380.0000.566
56 Shonan 380.0000.564
57 kurisutina 330.0000.503
58 cxp 320.0000.489
59 MeatspaceMen 320.0000.487
60 K22TMTIT 300.0000.461
61 0x1 300.0000.460
62 NonSlas 300.0000.458
63 y0d31 300.0000.457
64 ckwx 300.0000.455
65 paulie 280.0000.430
66 '---MatriX-MantrA--- 220.0000.357
67 CREEP 210.0000.344
68 Corrupted Pwnis 210.0000.342
69 Noclue 210.0000.341
70 YOBA 210.0000.339
71 UnKnoWnCheaTs 200.0000.326
72 Sun*$hell 200.0000.325
74 SSW 200.0000.323
75 AbstractSyntaxTree 200.0000.322
76 aqt 200.0000.321
77 PwnaSonic 200.0000.319
78 badfirmware 200.0000.318
79 凌胖虎 200.0000.317
80 SSAT 200.0000.316
81 SealTeamOne 200.0000.315
82 nulllday 200.0000.314
83 TeamCC 200.0000.314
84 Heroes Cyber Security 200.0000.313
85 Gyul 200.0000.312
86 SecurytiFactorial 200.0000.311
87 101Points 200.0000.310
88 YoshikageKira 200.0000.309
89 NULLKrypt3rs 200.0000.308
90 Rogue Waves 200.0000.308
91 1337B01S 200.0000.307
92 MACsHACKs 200.0000.306
93 x0rc3r3rs 200.0000.305
94 MV9rwGOf08 200.0000.305
95 TahSec 200.0000.304
96 Nave1337 200.0000.303
97 bono 200.0000.303
98 Cybernatural 120.0000.207
99 r3kor 100.0000.182
100 VulgarPhrophets 100.0000.182
101 LinyTail 100.0000.181
102 PGT 100.0000.181
103 StarrySky 100.0000.180
104 fkillrra 100.0000.179
105 imssm99 100.0000.179
106 Invaders 100.0000.178
107 Bkav_AMC 100.0000.178
108 atx2600 100.0000.177
109 stankc 100.0000.177
110 Con cá 100.0000.176
111 TopWing 100.0000.176
112 c0c0nuts 100.0000.175
113 10k$$$AceBear$$$ 100.0000.175
114 davichi 100.0000.174
115 eL'teammate 100.0000.174
116 heyanlll 100.0000.173
117 Cu Chuoi 100.0000.173
118 NorthSea 100.0000.172
119 PinkDraconian 100.0000.172
120 noolo 100.0000.171
121 sixbananas 100.0000.171
122 s1g0ct4nt15 100.0000.170
123 handjammies 100.0000.170
124 py06705001 100.0000.170
125 T0X1C V4P0R 100.0000.169
126 TeRuTeNiNaTaS 100.0000.169
127 Undefuse 100.0000.168
128 C0Br@ 100.0000.168
129 beerpwn 100.0000.168
130 Thong 100.0000.167
131 phe0nix 100.0000.167
132 CatsTossFluffs 100.0000.167
133 hunglxc 100.0000.166
134 ISPTIT 100.0000.166
135 v1ecErpkZJFF 100.0000.165
136 Horde 100.0000.165
137 Abs0lut3Pwn4g3 100.0000.165
138 NANI 100.0000.164
139 ByteBandits 100.0000.164
140 B.R.A.V.O 100.0000.164
141 122 100.0000.163
142 rmrfslash 100.0000.163
143 PASECA 100.0000.163
144 WRUBLE 100.0000.163
145 onotch 100.0000.162
146 lazy pirates 100.0000.162
147 Krosse Flagge 100.0000.162
148 justme 100.0000.161
149 283 100.0000.081
150 asfjklj 100.0000.080
k4at3034 – Dec. 9, 2019, 5:01 p.m.

can you please list our country Nepal in the CTF site. we don't get to choose Nepal as it is not listed. Another point why can't I choose my team name r00tn3p@! ?? my team name in CTFtime is r00tn3p@!??


bteam – Dec. 10, 2019, 3:35 a.m.

The Organizer have been updated the new schedule for the competition: the Qualification Round will start at January 04, 2020, choosing the top 10 teams for the Final Round in February 2020.


bteam – Dec. 10, 2019, 6:47 a.m.

@k4at3034 : Your country is listed as name of Federal Democratic Republic of Nepal. Please choose the right name.
About the register error: Please don't use special characters in your name such as @ or !, #, etc.


k4at3034 – Dec. 10, 2019, 6:17 p.m.

thank you but will it be counted in ctf time if i use different name??


k4at3034 – Dec. 10, 2019, 6:18 p.m.

diffrent team name to regster than that is in ctftime??


MRinterceptor – Dec. 11, 2019, 8:35 p.m.

The date is wrong on this page it starts 4/1/2020 not this Sunday


bteam – Dec. 12, 2019, 3:41 a.m.

@MRinterceptor: Yes, we already reschedule the competition. We are contacting CTFtime team to change it. The new date is from 04 to 05 January 2020.


bteam – Dec. 12, 2019, 8:55 a.m.

@k4at3034: we are adding the special characters when registering on our site. Pls send email to whitehat@bkav.com so that we can inform you later. Thanks!


iDreamTooMuch – Dec. 14, 2019, 7:18 p.m.

I can't access the challenge! I don't know where to go.


bteam – Dec. 16, 2019, 2:12 a.m.

@iDreamTooMuch: pls access the following link: https://grandprix.whitehatvn.com/


lionaneesh – Jan. 2, 2020, 12:52 p.m.

Hey admins. Can you please reset the token for d4rkc0de. We cant register our name, it says already taken.


bteam – Jan. 3, 2020, 2:23 a.m.

@lionaneesh: please email us at whitehat@bkav.com to get the support. Thanks !


yunapjuna – Jan. 3, 2020, 12:47 p.m.

Will the qualification round CTF also have some challenges for beginners, or is this CTF only for experienced hackers?


bteam – Jan. 4, 2020, 1:29 a.m.

@yunapjuna: there is some easy challenges, but I do not know whether you can you solve :) :)


frzst – Jan. 4, 2020, 2:33 a.m.

login error?


JerePuck – Jan. 4, 2020, 2:35 a.m.

An error occurred while updating the entries. See the inner exception for details.


matta – Jan. 4, 2020, 2:46 a.m.

cannot login.... with the same reason.


bteam – Jan. 4, 2020, 3:37 a.m.

@all: we fixed it already, pls try again.


heyanlll – Jan. 4, 2020, 3:41 a.m.

cannot create a new team?


bteam – Jan. 4, 2020, 4:04 a.m.

@heyanlll: we are fixing


bteam – Jan. 4, 2020, 4:15 a.m.

@all: we already fixed new team creation.


abcdsh – Jan. 4, 2020, 5:17 a.m.

Can't submit flag, says only number, alphabets and { , } allowed. Flag contained only those characters. After 3-4 retries it put up a google captcha there "ERROR for site owner:
Invalid domain for site key" . How hard is to test a website


bteam – Jan. 4, 2020, 5:22 a.m.

@abcdsh: please read the rule: 11.3. Unless stated otherwise, flag will be in form of “WhiteHat{SHA1(this_is_a_flag)}”.


k4at3034 – Jan. 4, 2020, 2:18 p.m.

i cant log in why?


sqrtrev – Jan. 4, 2020, 2:31 p.m.

Too many site down :(
And flag checker is alerting "[object Object]" (Chrome, IE 11)
:(


bteam – Jan. 4, 2020, 2:54 p.m.

@k4at3034: pls try again, we fixed already.


bteam – Jan. 4, 2020, 4:28 p.m.

@sqrtrev: we fixed that challenge.


siyujiang81 – Jan. 4, 2020, 5:50 p.m.

Site is down - gateway timeout error.


bteam – Jan. 4, 2020, 9:40 p.m.

@siyujiang81: the site is on now.


sebulba – Jan. 5, 2020, 3:23 p.m.

I agree with comments above - never saw such a laggy CTF. site was permanently down. Weak servers? No money for DDoS protection?


theKidOfArcrania – Jan. 5, 2020, 6:45 p.m.

Here's my longer review. This CTF has done some good things and some bad things that could improve next year:

- While overall, most of the challenges could use major improvement, I think the web challs were in my opinion least sucky. They were at least somewhat decent (tho I'm kinda useless in that category)
- I appreciate organizers for providing a clear and explicit schedule for challenge releases. While there is a lot that could improve overall, I sincerely think this was one of the good things that I rarely see these days
- I think reading the live update blog: https://grandprix.whitehatvn.com/news/-/view-content/202109/-upcoming-whitehat-grand-prix-06 . Would've loved to see it more prevalent/advertised tho. Otherwise, I appreciate orgs taking the time to keep this progress update.

Now for the less good things:
- The challenges could've benefited greatly from doing some internal testing and review BEFORE they get released, especially concerning the more guessy challenges (I'm giving a hard look at those "RE" and misc challenges). What this entails would be like having other members try to play/solve the challenge WITHOUT any prior knowledge, and see if it is "intuitive" enough to be able to figure out the steps. (Also a quick hint, getting teams to figure out which esoteric steg tool you used to encode some message is NOT a good challenge)
- The PWN challenges here felt very weak/easy/uncreative. Only real "creativeness" I could maybe find is introducing a sqli into a pwn, but even that was very boring and bland. You could've done a lot more stuff in a sqli thing.
- The site infrastructure is very unstable. I think there's nothing more to say here. Though maybe even ctfd is better than whatever is here (hint, ctfd is also trash). Maybe I could say, try doing some stress testing beforehand, and stuff? The 2h downtime was definitely a big hit to a 24hr competition

To close I'd like to echo the sentiments of someone's post on the slack: "peterjson: And If the organizer want to keep this contest for many years to atract more teams to come VN not because the prize but because of the cool of an CTF event, u need to find a suitable CTF team to host the game". I think the CTF could've been SO MUCH more if the organizers spend more time learning/playing from CTFs, (I've seen that the orgs definitely have a lot of CTF's in their name, but I guess I'd say try to actively learn more).


bteam – Jan. 6, 2020, 3:21 a.m.

@theKidOfArcrania: Thank for your review.


bteam – Jan. 6, 2020, 3:23 a.m.

@sebulba: We did not encounter any DDoS attack, we intentionally shut down the system because of an unexpected problem.


warlock_rootx – Jan. 12, 2020, 7:14 a.m.

@bteam No scoreboard ? Year start with No scoreboard CTF


bteam – Jan. 13, 2020, 9:55 a.m.

@warlock_rootx: The scoreboard was updated, yeah :D