Sat, 04 Jan. 2020, 02:00 UTC — Sun, 05 Jan. 2020, 02:00 UTC 

On-line

WhiteHat Grand Prix event.

Format: Jeopardy Jeopardy

Official URL: https://grandprix.whitehatvn.com/

This event's future weight is subject of public voting!

Future weight: 6.96 

Rating weight: 6.96 

Event organizers 

WhiteHat Grand Prix 06 is the 6th global cyber security competition organized by Vietnam.
The Qualification Round will start from 04 to 05 January, 2020.

Top 10 teams in the Qualification round will be invited to the Final Round in February 2020.
Total prize that a team can receive in the Final contains bounties from Private Bug Bounty program and the prize of Attack/Defense competition.

Support channels:
+ Slack: https://whitehatgrandprix06.slack.com, invite link: https://bit.ly/2FhPM9b
+ Facebook: https://www.facebook.com/whitehatvn
+ Twitter: Twitter.com/WhiteHatvn
+ Email: whitehat@bkav.com

Prizes

The prizes for winners in the Final Round are:
+ Private Bug Bounty: With each bug discovered, teams will earn bounties according to the levels of Critical, Important, Medium and Low severity.
+ Attack/Defense: Top 3 teams in the Attack/Defense will claim the following prizes:
- 1st Prize: 230 million dong (~ 10,000 USD)
- 2nd Prize: 45 million dong (~ 2,000 USD)
- 3rd Prize: 23 million dong (~ 1,000 USD)

Scoreboard

149 teams total

PlaceTeamCTF pointsRating points
1 perfect blue 5280.00013.920
2 More Smoked Leet Chicken 4820.0009.834
3 DiceGang 4780.0008.621
4 KingTigerPrawn 4400.0007.540
5 AceBear 3870.0006.493
6 BabyPhD 3650.0005.971
7 InfoSecIITR 3540.0005.661
8 JustToPlay 3390.0005.339
9 OpenToAll 3140.0004.912
10 ALLES! 3030.0004.690
11 FTMD 3020.0004.614
12 WreckTheLine 2790.0004.258
13 p4 2660.0004.042
14 The Flat Network Society 2600.0003.924
15 Aleph 2390.0003.614
16 MeePwn 2340.0003.520
17 PDKT 2270.0003.402
18 drunkencodered 2040.0003.076
19 pwnsuky 1980.0002.976
20 swagger 1730.0002.628
21 CTD Elite 1520.0002.335
22 FPTdaed 1440.0002.215
23 PTIThub 1420.0002.174
24 excusemewtf 1340.0002.056
25 FireShell 1330.0002.032
26 bootplug 1290.0001.968
27 Whitzard 1280.0001.945
28 C4T BuT S4D 1280.0001.936
29 WGMY 1260.0001.901
30 pwndevils 1220.0001.840
31 dcua 1150.0001.740
32 warlock_rootx 1080.0001.641
33 r5 1020.0001.555
34 0x90r00t 1000.0001.523
35 technic 970.0001.477
36 noar 930.0001.419
37 CyKOR 780.0001.216
38 ISITDTU 750.0001.172
39 Spotless 720.0001.128
40 GoN 700.0001.097
41 Sneife 700.0001.092
42 Bushwhackers 680.0001.062
43 fargate 580.0000.926
44 bruh 570.0000.910
45 Order of the Grey Fang 520.0000.840
46 0xCoCo 500.0000.810
47 zehrileLau(n)de 500.0000.807
48 d4rkc0de 500.0000.804
49 CTFF 500.0000.801
50 noraneco 500.0000.798
51 SYPER 480.0000.769
52 Defenit 420.0000.687
53 X1cT34m 420.0000.685
54 curpwd 400.0000.656
55 1337 KH 380.0000.627
56 Shonan 380.0000.625
57 kurisutina 330.0000.557
58 cxp 320.0000.542
59 MeatspaceMen 320.0000.540
60 K22TMTIT 300.0000.511
61 0x1 300.0000.510
62 NonSlas 300.0000.508
63 y0d31 300.0000.506
64 ckwx 300.0000.504
65 paulie 280.0000.476
66 '---MatriX-MantrA--- 220.0000.395
67 CREEP 210.0000.381
68 Corrupted Pwnis 210.0000.379
69 Noclue 210.0000.378
70 YOBA 210.0000.376
71 UnKnoWnCheaTs 200.0000.362
72 Sun*$hell 200.0000.360
74 SSW 200.0000.358
75 AbstractSyntaxTree 200.0000.356
76 aqt 200.0000.355
77 PwnaSonic 200.0000.354
78 badfirmware 200.0000.353
79 凌胖虎 200.0000.352
80 SSAT 200.0000.351
81 SealTeamOne 200.0000.350
82 nulllday 200.0000.349
83 TeamCC 200.0000.347
84 Heroes Cyber Security 200.0000.346
85 Gyul 200.0000.346
86 SecurytiFactorial 200.0000.345
87 101Points 200.0000.344
88 YoshikageKira 200.0000.343
89 NULLKrypt3rs 200.0000.342
90 Rogue Waves 200.0000.341
91 1337B01S 200.0000.340
92 MACsHACKs 200.0000.339
93 x0rc3r3rs 200.0000.338
94 MV9rwGOf08 200.0000.338
95 TahSec 200.0000.337
96 Nave1337 200.0000.336
97 bono 200.0000.335
98 Cybernatural 120.0000.229
99 r3kor 100.0000.202
100 VulgarPhrophets 100.0000.201
101 LinyTail 100.0000.201
102 PGT 100.0000.200
103 StarrySky 100.0000.199
104 fkillrra 100.0000.199
105 imssm99 100.0000.198
106 Invaders 100.0000.197
107 Bkav_AMC 100.0000.197
108 atx2600 100.0000.196
109 stankc 100.0000.196
110 Con cá 100.0000.195
111 TopWing 100.0000.195
112 c0c0nuts 100.0000.194
113 10k$$$AceBear$$$ 100.0000.193
114 davichi 100.0000.193
115 eL'teammate 100.0000.192
116 heyanlll 100.0000.192
117 Cu Chuoi 100.0000.191
118 NorthSea 100.0000.191
119 PinkDraconian 100.0000.190
120 noolo 100.0000.190
121 sixbananas 100.0000.189
122 s1g0ct4nt15 100.0000.189
123 handjammies 100.0000.188
124 py06705001 100.0000.188
125 T0X1C V4P0R 100.0000.187
126 TeRuTeNiNaTaS 100.0000.187
127 UnDefuse 100.0000.187
128 C0Br@ 100.0000.186
129 beerpwn 100.0000.186
130 Thong 100.0000.185
131 phe0nix 100.0000.185
132 CatsTossFluffs 100.0000.185
133 hunglxc 100.0000.184
134 ISPTIT 100.0000.184
135 v1ecErpkZJFF 100.0000.183
136 Horde 100.0000.183
137 Abs0lut3Pwn4g3 100.0000.183
138 NANI 100.0000.182
139 ByteBandits 100.0000.182
140 B.R.A.V.O 100.0000.182
141 122 100.0000.181
142 rmrfslash 100.0000.181
143 PASECA 100.0000.180
144 WRUBLE 100.0000.180
145 onotch 100.0000.180
146 lazy pirates 100.0000.179
147 Krosse Flagge 100.0000.179
148 justme 100.0000.179
149 283 100.0000.089
150 asfjklj 100.0000.089
k4at3034Dec. 9, 2019, 5:01 p.m.

can you please list our country Nepal in the CTF site. we don't get to choose Nepal as it is not listed. Another point why can't I choose my team name r00tn3p@! ?? my team name in CTFtime is r00tn3p@!??


bteamDec. 10, 2019, 3:35 a.m.

The Organizer have been updated the new schedule for the competition: the Qualification Round will start at January 04, 2020, choosing the top 10 teams for the Final Round in February 2020.


bteamDec. 10, 2019, 6:47 a.m.

@k4at3034 : Your country is listed as name of Federal Democratic Republic of Nepal. Please choose the right name.
About the register error: Please don't use special characters in your name such as @ or !, #, etc.


k4at3034Dec. 10, 2019, 6:17 p.m.

thank you but will it be counted in ctf time if i use different name??


k4at3034Dec. 10, 2019, 6:18 p.m.

diffrent team name to regster than that is in ctftime??


MRinterceptorDec. 11, 2019, 8:35 p.m.

The date is wrong on this page it starts 4/1/2020 not this Sunday


bteamDec. 12, 2019, 3:41 a.m.

@MRinterceptor: Yes, we already reschedule the competition. We are contacting CTFtime team to change it. The new date is from 04 to 05 January 2020.


bteamDec. 12, 2019, 8:55 a.m.

@k4at3034: we are adding the special characters when registering on our site. Pls send email to whitehat@bkav.com so that we can inform you later. Thanks!


iDreamTooMuchDec. 14, 2019, 7:18 p.m.

I can't access the challenge! I don't know where to go.


bteamDec. 16, 2019, 2:12 a.m.

@iDreamTooMuch: pls access the following link: https://grandprix.whitehatvn.com/


lionaneeshJan. 2, 2020, 12:52 p.m.

Hey admins. Can you please reset the token for d4rkc0de. We cant register our name, it says already taken.


bteamJan. 3, 2020, 2:23 a.m.

@lionaneesh: please email us at whitehat@bkav.com to get the support. Thanks !


yunapjunaJan. 3, 2020, 12:47 p.m.

Will the qualification round CTF also have some challenges for beginners, or is this CTF only for experienced hackers?


bteamJan. 4, 2020, 1:29 a.m.

@yunapjuna: there is some easy challenges, but I do not know whether you can you solve :) :)


frzstJan. 4, 2020, 2:33 a.m.

login error?


jereprettoJan. 4, 2020, 2:35 a.m.

An error occurred while updating the entries. See the inner exception for details.


mattaJan. 4, 2020, 2:46 a.m.

cannot login.... with the same reason.


bteamJan. 4, 2020, 3:37 a.m.

@all: we fixed it already, pls try again.


heyanlllJan. 4, 2020, 3:41 a.m.

cannot create a new team?


bteamJan. 4, 2020, 4:04 a.m.

@heyanlll: we are fixing


bteamJan. 4, 2020, 4:15 a.m.

@all: we already fixed new team creation.


abcdshJan. 4, 2020, 5:17 a.m.

Can't submit flag, says only number, alphabets and { , } allowed. Flag contained only those characters. After 3-4 retries it put up a google captcha there "ERROR for site owner:
Invalid domain for site key" . How hard is to test a website


bteamJan. 4, 2020, 5:22 a.m.

@abcdsh: please read the rule: 11.3. Unless stated otherwise, flag will be in form of “WhiteHat{SHA1(this_is_a_flag)}”.


k4at3034Jan. 4, 2020, 2:18 p.m.

i cant log in why?


sqrtrevJan. 4, 2020, 2:31 p.m.

Too many site down :(
And flag checker is alerting "[object Object]" (Chrome, IE 11)
:(


bteamJan. 4, 2020, 2:54 p.m.

@k4at3034: pls try again, we fixed already.


bteamJan. 4, 2020, 4:28 p.m.

@sqrtrev: we fixed that challenge.


siyujiang81Jan. 4, 2020, 5:50 p.m.

Site is down - gateway timeout error.


bteamJan. 4, 2020, 9:40 p.m.

@siyujiang81: the site is on now.


sebulbaJan. 5, 2020, 3:23 p.m.

I agree with comments above - never saw such a laggy CTF. site was permanently down. Weak servers? No money for DDoS protection?


theKidOfArcraniaJan. 5, 2020, 6:45 p.m.

Here's my longer review. This CTF has done some good things and some bad things that could improve next year:

- While overall, most of the challenges could use major improvement, I think the web challs were in my opinion least sucky. They were at least somewhat decent (tho I'm kinda useless in that category)
- I appreciate organizers for providing a clear and explicit schedule for challenge releases. While there is a lot that could improve overall, I sincerely think this was one of the good things that I rarely see these days
- I think reading the live update blog: https://grandprix.whitehatvn.com/news/-/view-content/202109/-upcoming-whitehat-grand-prix-06 . Would've loved to see it more prevalent/advertised tho. Otherwise, I appreciate orgs taking the time to keep this progress update.

Now for the less good things:
- The challenges could've benefited greatly from doing some internal testing and review BEFORE they get released, especially concerning the more guessy challenges (I'm giving a hard look at those "RE" and misc challenges). What this entails would be like having other members try to play/solve the challenge WITHOUT any prior knowledge, and see if it is "intuitive" enough to be able to figure out the steps. (Also a quick hint, getting teams to figure out which esoteric steg tool you used to encode some message is NOT a good challenge)
- The PWN challenges here felt very weak/easy/uncreative. Only real "creativeness" I could maybe find is introducing a sqli into a pwn, but even that was very boring and bland. You could've done a lot more stuff in a sqli thing.
- The site infrastructure is very unstable. I think there's nothing more to say here. Though maybe even ctfd is better than whatever is here (hint, ctfd is also trash). Maybe I could say, try doing some stress testing beforehand, and stuff? The 2h downtime was definitely a big hit to a 24hr competition

To close I'd like to echo the sentiments of someone's post on the slack: "peterjson: And If the organizer want to keep this contest for many years to atract more teams to come VN not because the prize but because of the cool of an CTF event, u need to find a suitable CTF team to host the game". I think the CTF could've been SO MUCH more if the organizers spend more time learning/playing from CTFs, (I've seen that the orgs definitely have a lot of CTF's in their name, but I guess I'd say try to actively learn more).


bteamJan. 6, 2020, 3:21 a.m.

@theKidOfArcrania: Thank for your review.


bteamJan. 6, 2020, 3:23 a.m.

@sebulba: We did not encounter any DDoS attack, we intentionally shut down the system because of an unexpected problem.


warlock_rootxJan. 12, 2020, 7:14 a.m.

@bteam No scoreboard ? Year start with No scoreboard CTF


bteamJan. 13, 2020, 9:55 a.m.

@warlock_rootx: The scoreboard was updated, yeah :D