HITB SECCONF CTF is an onsite + online international challenge in information security. Developed by Hackerdom team for HITB SECCONF in Singapore. HITB SECCONF CTF 2022 was held on August 25th–26th, 2022.
The contest is driven by almost classic rules for Attack-Defense CTF. Each team is given a set of vulnerable services. Organizers regularly fill services with private information — the flags. The goal of each team is to find vulnerabilities, fix them in their services and exploit them to get flags from other teams.
This year we have had some innovations:
- New scoring system (we use it for the second time, first one was at HITB PRO CTF 2021)
- New flag format:
TEAM042_PNFP4DKBOV6BTYL9YFGBQ9006582ADCX - Non-playable teams
- Reverse proxies with per-team limits for services
- DNS names for all services (e.g.
example.team42.ctf.hitb.org)
You can read the details on the official contest website: https://ctf.hackerdom.ru/hitb-ctf-singapore-2022/.
Official conference website: https://conference.hitb.org/hitbsecconf2022sin/.
- source of all services in folder services/
- checkers for checksystem in folder checkers/
- ... and config for it in cs/.
- exploits for all services in folder sploits/
- writeups with vulnerabilities and exploitation description for all services in folder writeups/
Also, we share with you some of our internal infrastructure magic:
- CI/CD for Digital Ocean's images services' packing and proxies deploying. See vuln_images/ and .github/workflows/.
- our CTF Cloud and VPN Infrastructure in ctf-cloud/.
All materials are licensed under MIT License.
Congratulations for 🇷🇺 Bushwhackers, hacked all services, for the first place!
Second place: 🇷🇺 C4T BuT S4D
Third place: 🇩🇪 saarsec
| SERVICE | TEAM |
|---|---|
| linkextractor | Bushwhackers |
| obscurity | C4T BuT S4D |
| kv | C4T BuT S4D |
| smallword | C4T BuT S4D |
| n0tes | Bushwhackers |
| sh | Bushwhackers |
| crs | Bushwhackers |
| wallet | Bushwhackers |
| mypack | RedRocket |
| issuecker | C4T BuT S4D |
This CTF is brought to you by these amazing guys:
- Alexander Bersenev aka
bay, the author of the serviceobscurity, also our Cloud and VPN master - Andrey Gein aka
andgein, our teamleader, DevOps and support for teams - Andrey Khozov aka
and, the author of the servicesh, also our checksystem master - Artem Deikov aka
hx0day, the author of the servicewallet - Artem Zinenko aka
art, the author of the servicen0tes - Artur Khanov aka
awengar, the author of the servicemypack - Daniil Sharko aka
werelaxe, the author of the serviceissuecker - Dmitry Simonov aka
dimmo, the author of the servicecrs - Dmitry Titarenko aka
dscheg, the author of the servicesmallword - Konstantin Plotnikov aka
kost, the author of the servicelinkextractor - Nikolay Zhuravlev aka
znick, the author of the servicekv
If you have any question about services, platform or competition write us an email to [email protected] or [email protected].
© 2022 HackerDom
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent