Category Archives: English

[EN]

We have been working hard for the past 8 years to represent Brazil and CTF-BR in the world of Capture the Flag competitions, and to place the country in a prominent position at a international level. We’ve achieved several results that make us very proud, both as players and as organizers of Pwn2Win CTF, which today is already one of the most renowned CTF competitions. Moreover, we contributed to the country by finding very serious flaws in the brazilian electronic voting machine, which allowed arbitrary code execution, as can be seen at https://urnaeletronica.info/.

Now, the time has come to realize an old dream. An important step for us to start transforming the CTF scenario into something similar to the e-sports scenario, where teams have sponsors and great support behind them. A step towards something that will help to further enhance our results and that will support us to fly higher and higher.

We are pleased to announce our first sponsor, a company that believed in the potential of our team and will be walking with us towards the top of the world, Bug Hunt.

Bug Hunt is a platform where security researchers find companies that are looking to improve the security of their systems even more, report failures and be financially rewarded for it. The platform already has several renowned professionals, including members of our team, and is adding public and private programs frequently.

We are really happy with this partnership, we are sure that it will be successful and will foster the brazilian information security scene!

Together towards the top! \o/

Bug Hunt – A Bug Bounty Platform

[PT-BR]

Temos trabalhado duro nos últimos 8 anos para representar o Brasil e o CTF-BR no mundo das competições Capture the Flag, e colocar o país em uma posição de destaque no cenário internacional. Conseguimos diversos resultados que nos deixam muito orgulhosos, tanto como players quanto como organizadores do Pwn2Win CTF, que hoje já é uma das mais renomadas competições da cena. Além disso, contribuímos com o país ao acharmos falhas gravíssimas na Urna Eletrônica, que possibilitavam a execução arbitrária de códigos, como pode ser visto em urnaeletronica.info.

Agora, chegou a hora de realizarmos um sonho antigo. Um passo importante para começarmos a transformar o cenário de CTF em algo semelhante ao cenário de e-Sports, onde os times contam com patrocinadores e um grande apoio por trás. Um passo em direção a algo que vai ajudar a potencializar ainda mais nossos resultados e que dará suporte para voarmos cada vez mais alto.

É com prazer que anunciamos nosso primeiro patrocinador, uma empresa que acreditou no potencial do time e estará caminhando conosco rumo ao topo do mundo, a Bug Hunt!

A Bug Hunt é uma Plataforma onde Pesquisadores de Segurança encontram Empresas que estão buscando melhorar cada vez mais a segurança dos seus sistemas, para reportar falhas e serem recompensados financeiramente por isso. A Plataforma já conta com diversos profissionais renomados, incluindo os membros do nosso time, e está adicionando programas públicos e privados com frequência.

Estamos realmente felizes com essa parceria, e temos certeza que será de sucesso e trará vários frutos para a cena brasileira de segurança da informação como um todo!

Juntos rumo ao topo! \o/

Bug Hunt – A Bug Bounty Platform

We are looking for sponsors for the fifth international edition of Pwn2Win CTF. Our event is currently one of the leading competitions on the scene, and we would like to give a worthy prize to our Top 3.

By sponsoring us, your company will earn visibility from the world’s top-notch hackers and, at the same time, help increase awareness in security education and research in a developing country.

About the event:

Pwn2Win is a thematic and multidisciplinary event organized by ELT, an interinstitutional security team from Brazil. It had its first edition in 2014 and became international in 2016. According to CTFTime, it is currently the best event hosted by a team from the Southern Hemisphere, rated >63 points. Throughout our editions, our format has been unique. We have pioneered many kinds of challenges, e.g. FPGA Reversing (2016), Quantum Circuit Reversing (2018), Adversarial Machine Learning (2017), besides many other hardcore challenges (e.g., Shift RegisterBathing and GroomingAttack Step 2016Calc, etc). Our CTFs are always challenging, with many advanced level tasks, but never dull, since we strive to offer a broad collection of challenges for every taste.

If you are interested, contact us via elt at ctf-br.org.

[EN]

Always seeking to improve the experience of the players during the Pwn2Win CTF and fulfilling their requests over the years, we are working on a modern web interface. It is going to replace the client that we used since 2017 with our exclusive NIZK Platform (https://arxiv.org/pdf/1708.05844.pdf). All the security and performance characteristics of the platform will be maintained, but now the usability will be similar to that of any other CTF. Just have a GitHub account to login and play. If you do not want to use your everyday account (even though we only need access to public repos), the process of creating one for using it at the event is as quick as registering at CTFd. In addition, our backend will be much more performant and will update the game status in realtime, due to the new technologies that we decided to use. The programmers who are helping us on this mission are Lorhan Sohaky and Éderson Szlachta. We are immensely grateful to them!

We are also migrating the competition rules to the game’s website (https://pwn2.win) and we have included a countdown for the event date on the main page (https://pwn2win.party). That way, it’s easy not to forget how many days are left until the event, in addition to enjoying the beautiful illustration of this year’s history in the background! 🙂

More news are coming. Always stay connected, following us:

https://twitter.com/pwn2win
https://twitter.com/eltctfbr
http://linkedin.com/company/eltctf

[PT-BR]

Buscando sempre melhorar a experiência dos jogadores durante o Pwn2Win CTF e atendendo a seus pedidos ao longo dos anos, estamos trabalhando em uma interface web moderna. Ela substituirá o cliente que começou a ser usado em 2017 com a nossa exclusiva NIZK Platform (https://arxiv.org/pdf/1708.05844.pdf). Todas as caraterísticas de segurança e performance da plataforma serão mantidas, mas agora a usabilidade será semelhante a de qualquer outro CTF. Basta ter uma conta no GitHub para logar e jogar. Caso não queira usar a sua conta do dia-a-dia (mesmo sabendo que precisamos apenas de acesso aos repos públicos), o processo de criar uma para usar no evento é tão rápido quanto cadastrar no CTFd. Além disso, nosso backend será bem mais performático e atualizará as informações em realtime, devido às novas tecnologias que decidimos utilizar. Os programadores que estão nos ajudando nessa missão são Lorhan Sohaky e Éderson Szlachta. Queremos registrar aqui o nosso muito obrigado a eles!

Também estamos migrando as regras da competição para o site do game (https://pwn2.win) e colocamos uma contagem regressiva para a data do evento na página principal (https://pwn2win.party). Dessa forma, fica fácil não esquecer quantos dias faltam para o evento, além de apreciar a linda ilustração da história deste ano ao fundo! 🙂

Mais novidades estão por vir. Fiquem sempre ligados, seguindo as nossas redes sociais:

https://twitter.com/pwn2win
https://twitter.com/eltctfbr
http://linkedin.com/company/eltctf

[EN]

On July 20 and 21, 2019, a qualifying phase of CTF CyBRICS (https://cybrics.net), a cyber-security competition of the BRICS countries (Brazil, Russia, India, China and South Africa) took place… This phase had 775 teams from dozens of countries. We won 12th overall place (https://cybrics.net/stats) and 1st place among the Brazilian teams, as well as one of the places to represent Brazil in the final phase of the competition.

The final round of CyBRICS will take place September 23-28 in St. Petersburg, Russia. We need to send 5 players and one Professor, also member of the team, so we are looking for sponsorship to help with the travel costs, estimated at R$ 40,000.00 (about 10,000.00 USD).

Interested in contributing to the growth of cyber security in BRICS countries (specially in Brazil), advertisement, and be in touch with potential future cyber security specialists on your company? Contact us for more information: elt at ctf-br.org.

[PT-BR]

Nos dias 20 e 21 de julho de 2019, ocorreu a fase qualificatória do CTF CyBRICS (https://cybrics.net), competição envolvendo times de segurança acadêmicos dos países do BRICS (Brasil, Rússia, Índia, China e África do Sul). Essa fase contou com 775 equipes de dezenas de países. Nós conquistamos o 12º lugar geral (https://cybrics.net/stats) e o 1º lugar dentre os times brasileiros, além de uma das vagas para representar o Brasil na fase final da competição.

A fase final do CyBRICS ocorrerá de 23 a 28 de setembro em São Petesburgo, Rússia. O time pretende enviar 5 membros estudantes e 1 Professor, também membro do time, mas necessita de patrocínio para ajudar nos custos da viagem, estimado em R$ 40.000,00.

Interessado em contribuir com o crescimento da área de cibersegurança nos países do BRICS (especialmente no Brasil), propaganda de sua marca a nível internacional e ficar em contato com potenciais futuros especialistas em infosec para sua empresa? Contate-nos via elt at ctf-br.org para informações sobre as cotas! Além disso, como contrapartida, se houver interesse da empresa, podemos fazer uma apresentação remota pós-evento para os colaboradores, falando dos desafios e técnicas utilizadas para a resolução dos mesmos, bem como um pequeno vídeo sobre como foi a final e apresentando o(s) patrocinador(es).

We are glad to announce Dragon Sector was the Pwn2Win CTF 2016 Attack Step Winner. Congratulations for keeping working on the challenge even after the main event was finished! This was a difficulty and multi-step challenge involving:

  1. Network traffic forensics Identifying a port knock to an IPv6 address in a pcap dump.
  2. Web exploitation Exploiting an upload script which allowed to insert a webshell into the server.
  3. Cryptography — Analyzing a crypto-related Python script to recover the private key which allowed to access the server via SSH as the clube user.
  4. Linux system administration skills — Once connected via SSH using the previously identified port knock, the competitor needed to analyze the /etc/lshell.conf file to find a way to run arbitrary executable files as the clube user.
  5. Kernel exploitation — Exploiting a stack overflow bug in a LKM implementing an I2C device driver in ARM architecture. The /dev/dieitalic0 device exposed by the LKM was only accessible to the clube user. The bound check failed when the I2C device was not physically connected to the server because of a wrong signed/unsigned conversion, requiring attention to the ARM instruction condition code suffixes. The kernel did not implement any ret2usr protection, but the bug was tricky to exploit because running the LKM inside a debugger was almost infeasible.

After gaining root in the server and recovering a Bitcoin private key contained inside the /root directory, the Dragon Sector team was able to transfer the special prize of 116.110 mBTC to their own Bitcoin address.

Attack Step BTC transaction

Below we have the cryptographic proof that Dragon Sector was the Attack Step Winner.

-----BEGIN BITCOIN SIGNED MESSAGE-----
Dragon Sector
-----BEGIN BITCOIN SIGNATURE-----
Version: Bitcoin-qt (1.0)
Address: 1F5Rkf6bg2XG7zKZ3cdNpQivkyLfcm3H3p
IHibYzkteTuu5PdbJO0gij2uajarNtY9tF8jIzXLW6GQeULmzIqAIvF1eOop1Q4QYNg82YXYYLcwcEkC8P2z9FE=
-----END BITCOIN SIGNATURE-----