Skip to content

HITB SECCONF CTF 2023. Developed with ❤️ by Hackerdom team and HITB.

License

Notifications You must be signed in to change notification settings

HITB-CyberWeek/hitbsecconf-ctf-2023

Repository files navigation

HITB SECCONF CTF 2023

HITB SECCONF CTF is an onsite + online international challenge in information security. Developed by Hackerdom team for HITB SECCONF in Phuket, Thailand. HITB SECCONF CTF 2023 was held on August 24–25th, 2023.

The contest is driven by almost classic rules for Attack-Defense CTF. Each team is given a set of vulnerable services. Organizers regularly fill services with private information — the flags. The goal of each team is to find vulnerabilities, fix them in their services and exploit them to get flags from other teams.

You can read the details on the official contest website: https://ctf.hackerdom.ru/hitb-ctf-phuket-2023/.

Official conference website: https://conference.hitb.org/hitbsecconf2023hkt/.

This Repository Contains

  • sources of all services in the folder services/
  • checkers for the checksystem in the folder checkers/
  • ... and configuration for it in cs/
  • exploits for all services in the folder sploits/
  • writeups with vulnerabilities and exploitation description for all services in folder writeups/

Also, we're happy to share with you some of our internal infrastructure magic:

All materials are licensed under the MIT License.

Final Scoreboard

Congratulations for 🇷🇺 C4T BuT S4D for the first place!

Second place: 🇮🇹 A.B.H.

Third place: 🇮🇹 pwnthem0le

Final scoreboard

Services

Service First Blood Team Lang / Framework Checker Sploit Writeup Author
docs SKSD Ruby, Python, PostgreSQL 🔗︎ 🔗︎ 🔗︎ and
funding C4T BuT S4D Ethereum, Node.js 🔗︎ 🔗︎ 🔗︎ andgein
godeeper SKSD Python 🔗︎ 🔗︎ 🔗︎ awengar
keys ECQ-B PHP 🔗︎ 🔗︎ 🔗︎ znick
lockstone C4T BuT S4D Javascript, GraphQL, Node.js 🔗︎ 🔗︎ 🔗︎ bay
notes You're all a bunch of fucking skids * PHP 🔗︎ 🔗︎ 🔗︎ hx0day
passmgr C4T BuT S4D Go, PostgreSQL 🔗︎ 🔗︎ 🔗︎ dimmo
places C4T BuT S4D Go, SQLite 🔗︎ 🔗︎ 🔗︎ dscheg
pure pwnthem0le Javascript, Node.js, Express.js 🔗︎ 🔗︎ 🔗︎ art
spaces You're all a bunch of fucking skids * C# .NET, websockets 🔗︎ 🔗︎ 🔗︎ dscheg
tokenourcer You're all a bunch of fucking skids * Python, nginx 🔗︎ 🔗︎ 🔗︎ werelaxe

* Service vulnerabilities were not used

Authors

This CTF is brought to you by these amazing guys:

If you have any question about services, platform or competition write us an email to [email protected] or [email protected].

© 2023 HackerDom