crowdfense TIME TRAVELER challenge
Vsit the Crowdfense stand at HITB on August 24 and 25 to play!
Exciting prizes for the successful time travelers await!
This challenge will transport you back to the digital landscape of 2019, a time when the Google Pixel 3a, Samsung Galaxy S10, and iPhone X were at the cutting edge of technology. Though these devices might seem outdated now, they were the fortresses of data security in their time.
The goal of this CTF challenge is to demonstrate your exploitation skills of different devices. Remember, this challenge is not about damaging or disabling the device but to comprehend and exploit possible vulnerabilities to gain unauthorized access or escalate privileges.
Ensure you stick to the rules of ethical hacking throughout this task. This is an opportunity to understand the evolution of device security, examine the strongholds and weaknesses of the past, and use that knowledge to anticipate and fortify against future threats.
We will assign points for demonstration of remote code execution, sandbox escape and privilege escalation accordingly with complexity of the target.
Target | OS Version | Patch level | Kernel | Browser |
Google Pixel 3a | Android 9 | March 5, 2019 | 4.9.124, Feb 13, 2019 | 71.0.3578.99 |
Google Pixel 2 | Android 9 | March 5, 2019 | 4.4.155, Jan 11, 2019 | 66.0.3359.158 |
Google Pixel 2 XL | Android 8 | September 5, 2017 | 4.4.56, Aug 29, 2017 | 58.0.3029.125 |
Google Pixel 3 | Android 9 | November 5, 2018 | 4.9.96, Sep 7, 2018 | 66.0.3359.158 |
Apple iPhone X | iOS 13.7 | – | Safari | |
Samsung Galaxy S10 | Android 11 | February 1, 2021 | 4.4.113, Feb 8, 2021 | 83.0.4103.106 |
Samsung Galaxy S20 | Android 11 | December 1, 2020 | 4.19.87, Nov 21, 2020 | 75.0.3700.89 |
Netgear R6120 | 1.0.0.16 | – | – |
Hack Your Way to HITBSecConf2023 - Phuket!
Do you like online challenges and CTFs? Well here’s your chance to win a fully paid trip to HITBSecConf2023 – Phuket!
Be one of the first to complete any of the 3 challenges below that offer a range of attractive prizes from full access to HITBSecConf2023 – Phuket (a normal priced conf ticket is USD1199), all the way to an all expenses paid trip to come hack on the beaches of Phuket! Imagine 3 fun filled days spent chatting, and chilling with some of the coolest hackers and pwnstars on the planet!
You say you know kungf00? Show us!
Contest runs from 1st July – 21st July
CHAIN REACTION
The goal of this challenge is not only to test your ability to exploit these vulnerabilities but also your skills in chaining exploits. Chain two public exploits for Google Chrome and Windows 11.
Prizes for the best submissions:
- USD500 cash
ROOT RUSH
Your objective is to discover and exploit a kernel vulnerability on a provided custom-built Android image and escalate privileges.
Prizes for the best submissions:
- 1 x HITB2023HKT conference ticket
- 1 x hotel stay for 2 nights 3 days
SANDBOX BREAKER
Your task is to exploit Remote Code Execution and sandbox escape vulnerabilities in a provided version of Chrome, all via a single crafted webpage.
Prizes for the best submissions:
- 1 x HITB2023HKT conference ticket
- 1 x hotel stay for 2 nights 3 days
- 1 x economy flight ticket (terms and conditions apply)
REGISTRATION
The link to the VMs and downloadable images will be sent to you via email, so please do not fill in a fake email address 😉
EVALUATION CRITERIA
RELIABILITY
Exploit will be run 10 times. For each successful run:
7 points will be awarded per run (max 70 points)
TIME
If your submission is be made before July 7, 12 AM (UTC):
15 points will be awarded.
If your submission is received after July 15, 12 AM (UTC):
10 points will be awarded
REPORTING
Participants who will provide a detailed write up will receive points even if they did not finish the exploit.
