Introduction

On August the 5th, 2017 SHA2017 hosted a junior CTF (Capture The Flag) hacking competition. CTF.zone and the Eindbazen team took care of the organization of the junior CTF competition. This document contains the overall results of the junior CTF as well as description of the involved challenges.

CTF Summary

CTF stands for Capture the Flag, a game consisting of security and hacking related challenges where teams or individual players have to “capture flags” to score points. Flags can generally be captured by solving challenges or by hacking systems. The goals of playing CTFs are extending knowledge, training people, using and practicing skills and improving team work. CTFs can further be hosted for recruitment purposes and skill testing. Irrespectively of the purpose a good CTF should mostly be fun to play. CTFs are always held in controlled environments where the CTF organizer has full control and permission over the involved systems and challenges. The exercises in a CTF are never illegal or disrupting.

The SHA2017 CTF type was Jeopardy style, this type of CTF consist of multiple separate challenges which need to be solved to score points. The style is based on the old TV show Jeopardy because of the similar setup. The challenges in a Jeopardy style CTF are divided in specific categories and difficulty levels. In Jeopardy CTFs people can have the option to focus on the type of challenges they have experience or knowledge in, by choosing which category they try to solve a challenge in. This combined with the multiple difficulty levels makes the Jeopardy style CTFs suitable for players with different backgrounds and skills.

Sponsors

We would like to thank our sponsors who made this CTF possible. Without them it wouldn't be possible to create the CTF.

Teams

A total of 1008 teams played the junior CTF. There were 96 teams playing from the SHA2017 campsite. From all the teams 707 teams managed to solve at least one challenge. A total of 1626 unique IP-addresses connected to the scoreboard.

There were a total of 13355 flag submissions. The total of solved challenges is 10609, which means there were 2746 failed submissions.

There were 216 teams who managed to solve all challenges. The first team doing this was "vxrl" making them the winner of the junior CTF.

Country Statistics

The junior CTF was played by teams from all over the world. The top 15 best scoring countries can be seen in this overview:

# Country Teams Points
1 United States 102 2776
2 Germany 61 1919
3 Netherlands 76 1904
4 Russian Federation 49 1388
5 India 92 1022
6 France 35 940
7 Japan 28 908
8 Romania 28 886
9 Korea, Republic of 39 759
10 United Kingdom 27 741
11 Poland 20 653
12 China 24 555
13 Belgium 19 500
14 Afghanistan 31 457
15 Taiwan 14 446

Challenges

The categories used during the CTF were binary, crypto, forensics, misc, network, pwnable and web, the categories contained different levels of difficulty being scored as 1, 2, 3 and 4 points. All challenges in each category are described below.

Binary

1 - Find The Flag
Description There is a flag hidden in this binary. Can you find it?
Solves 570 out of the 1008 teams solved this challenge
3 - Hidden Message
Description This file contains a hidden message. Can you reverse engineer it and find it?
Solves 429 out of the 1008 teams solved this challenge
4 - Jump Around
Description Jump up, jump up and get down!
Solves 331 out of the 1008 teams solved this challenge
4 - Flip A Coin
Description We can not seem to win this game that we found, can you?
Solves 285 out of the 1008 teams solved this challenge

Crypto

1 - All about the Base
Description We found this encoded message. Can you decode it?
Code:
V2VsbCBkb25lLAoKdGhpcyBmaWxlIGlzIGVuY3J5cHRlZCB3aXRoIEJhc2U2NC4gT2Z0ZW4gdXNl ZCBpbiBDVEYncyB0byBkaXNwbGF5IGJpbmFyeSBkYXRhIGluIGEgbW9yZSBmcmllbmRseSB3YXku IAoKVGhlIGZsYWcgZm9yIHRoaXMgY2hhbGxlbmdlIGlzIGZsYWd7YjNlOWMzZWVlNjA5YmFjNDZm YWQ0NDM5Y2YzMjFmZTV9Cg==
Solves 600 out of the 1008 teams solved this challenge
1 - Rotation
Description Seems someone rotated the alphabet, can you get the original message back?
Code:
Ykksy eua ckxk ghrk zu mkz znk zkdz hgiq. Znk lrgm oy lrgm{30j3g1gg0ijg9l08ijlg52668hi6854g}
Solves 551 out of the 1008 teams solved this challenge
2 - Exclusive or ...
Description We found this strange text, can you get the original from it?
Solves 384 out of the 1008 teams solved this challenge
2 - Substitute Teacher
Description Hello, my name is Mr. Smith, I will be your substitute teacher for today. I only have one assignment for you today, if you solve it you may go home. Now be silence and solve it, so I can Netflix and chill!
Code:
osvi cpm dprzsob ulsd hddsboeiou. iocpg gpaj njii usei. rihzi uli vrhdd tsulpau ehfsob h dpaow, s'e so uli eswwri pn h oit iqsdpwi pn pjhobi sd uli oit mrhvf po oiunrsy. npj gpaj innpjud s lhzi h nrhb npj gpa: nrhb{h230h7i624hnhv36291v5n31nh818w6n}
Solves 470 out of the 1008 teams solved this challenge
3 - Transposition
Description We intercepted this secret message. We believe it is using a transposition cipher. Can you decipher it?
Code:
Citgoe6b0 oohern636 nni.tg1e2 gssThe58e rschii366 aohess3ae tlafcf3dc uvllhl24f lilaaa730 aneglg506 tgnfl{33}
Solves 398 out of the 1008 teams solved this challenge

Forensics

3 - Deleted File
Description I accidently deleted a file from my system. Can you get it back for me?
Solves 394 out of the 1008 teams solved this challenge

Misc

1 - Zipfile One
Description We received this zip file, but is asking for a password. All we know is that the password exists of 5 numbers, can you crack this password to get the hidden information?
Solves 475 out of the 1008 teams solved this challenge
2 - Zipfile Two
Description We received another zip file, which also requires a password. All we know is that the password is an existing English word with a length of 6 and all lowercase. Can you crack this password?
Solves 437 out of the 1008 teams solved this challenge
3 - Reverse
Description We found this file on a server on the other side of the world, it looks weird, can you "reverse" it?
Solves 259 out of the 1008 teams solved this challenge

Network

1 - Download
Description We have a network capture of someone downloading something from the internet. Can you find what it is?
Solves 505 out of the 1008 teams solved this challenge
2 - Wanna Buy A Flag?
Description Analyse this Network capture to get the flag.
Solves 494 out of the 1008 teams solved this challenge
3 - Weird Website
Description We captured some traffic while visiting this website. Can you get some information from it?
Solves 452 out of the 1008 teams solved this challenge
4 - Captured Mail
Description We intercepted this mail message. Can you open the attachment?
Solves 467 out of the 1008 teams solved this challenge

Pwnable

4 - small
Description This program consists of only 4 words, and still they've made a mistake. Read the flag from /home/small/flag
Code:
nc small.stillhackinganyway.nl 1337
Solves 372 out of the 1008 teams solved this challenge

Web

1 - In Your Head
Description Sometimes you have just to listen to your head.
Solves 618 out of the 1008 teams solved this challenge
2 - Broken Image
Description Seems we have a broken image on our website.
Solves 584 out of the 1008 teams solved this challenge
2 - Old School
Description We found this Old School Website.
Solves 533 out of the 1008 teams solved this challenge
3 - Location
Description Like in real estate, the web is all about location, location and location.
Solves 514 out of the 1008 teams solved this challenge
4 - Ping
Description We created a simple ping service.
Solves 487 out of the 1008 teams solved this challenge

Final Scoreboard

Scoreboard

The final scoreboard of the competition can be seen below, showing the results of the top 25 teams and the amount of points each team scored.

# Team Country Points
1 vxrl Hong Kong 56
2 HackingForSoju Sweden 56
3 Agari Korea, Republic of 56
4 EVA Russian Federation 56
5 HackThisSite Multiple countries 56
6 glua.team United States 56
7 alles Germany 56
8 PHCN Germany 56
9 GoSSIP China 56
10 BlackTR Hong Kong 56
11 Harekaze Japan 56
12 Hackademia United States 56
13 sha2017 France 56
14 TeamRocketIst Portugal 56
15 dfnd United States 56
16 asd Afghanistan 56
17 sloppyslatternslyzr Germany 56
18 noraneco Japan 56
19 mewmew-squad Reunion 56
20 topkek Germany 56
21 133713pwnies Netherlands 56
22 cybercybercyberandcyber Germany 56
23 bi0s India 56
24 Dorivex Brazil 56
25 PseudoRandom Israel 56