crowdfense TIME TRAVELER challenge

Vsit the Crowdfense stand at HITB on August 24 and 25 to play!
Exciting prizes for the successful time travelers await!

This challenge will transport you back to the digital landscape of 2019, a time when the Google Pixel 3a, Samsung Galaxy S10, and iPhone X were at the cutting edge of technology. Though these devices might seem outdated now, they were the fortresses of data security in their time.

The goal of this CTF challenge is to demonstrate your exploitation skills of different devices. Remember, this challenge is not about damaging or disabling the device but to comprehend and exploit possible vulnerabilities to gain unauthorized access or escalate privileges.

Ensure you stick to the rules of ethical hacking throughout this task. This is an opportunity to understand the evolution of device security, examine the strongholds and weaknesses of the past, and use that knowledge to anticipate and fortify against future threats.

We will assign points for demonstration of remote code execution, sandbox escape and privilege escalation accordingly with complexity of the target.

Target

OS Version

Patch level

Kernel

Browser

Google Pixel 3a

Android 9

March 5, 2019

4.9.124, Feb 13, 2019

71.0.3578.99

Google Pixel 2 

Android 9

March 5, 2019

4.4.155, Jan 11, 2019

66.0.3359.158

Google Pixel 2 XL

Android 8

September 5, 2017

4.4.56, Aug 29, 2017

58.0.3029.125

Google Pixel 3

Android 9

November 5, 2018

4.9.96, Sep 7, 2018

66.0.3359.158

Apple iPhone X

iOS 13.7

 

Safari

Samsung Galaxy S10

Android 11

February 1, 2021

4.4.113, Feb 8, 2021

83.0.4103.106

Samsung Galaxy S20

Android 11

December 1, 2020

4.19.87, Nov 21, 2020

75.0.3700.89

Netgear R6120

1.0.0.16

 

 

Hack Your Way to HITBSecConf2023 - Phuket!

Do you like online challenges and CTFs? Well here’s your chance to win a fully paid trip to HITBSecConf2023 – Phuket!

Be one of the first to complete any of the 3 challenges below that offer a range of attractive prizes from full access to HITBSecConf2023 – Phuket (a normal priced conf ticket is USD1199), all the way to an all expenses paid trip to come hack on the beaches of Phuket! Imagine 3 fun filled days spent chatting, and chilling with some of the coolest hackers and pwnstars on the planet!

You say you know kungf00? Show us!

Contest runs from 1st July – 21st July

CHAIN REACTION

The goal of this challenge is not only to test your ability to exploit these vulnerabilities but also your skills in chaining exploits. Chain two public exploits for Google Chrome and Windows 11. 

Prizes for the best submissions:

  • USD500 cash

ROOT RUSH

Your objective is to discover and exploit a kernel vulnerability on a provided custom-built Android image and escalate privileges. 

Prizes for the best submissions:

  • 1 x HITB2023HKT conference ticket
  • 1 x hotel stay for 2 nights 3 days

SANDBOX BREAKER

Your task is to exploit Remote Code Execution and sandbox escape vulnerabilities in a provided version of Chrome, all via a single crafted webpage.

Prizes for the best submissions:

  • 1 x HITB2023HKT conference ticket
  • 1 x hotel stay for 2 nights 3 days
  • 1 x economy flight ticket (terms and conditions apply)

REGISTRATION

The link to the VMs and downloadable images will be sent to you via email, so please do not fill in a fake email address 😉

EVALUATION CRITERIA

RELIABILITY

Exploit will be run 10 times. For each successful run:

7 points will be awarded per run  (max 70 points)

 

TIME

If your submission is be made before July 7, 12 AM (UTC):

15 points will be awarded.

If your submission is received after July 15, 12 AM (UTC):

10 points will be awarded

REPORTING

Participants who will provide a detailed write up will receive points even if they did not finish the exploit.

A maximum of 15 points will be awarded