Our project team took a part in СityF: The Standoff competitions at PHDays VI Information Security Conference.
PHDays key theme is ‘The Standoff’. This year we are replacing the usual CTF format and are instead bringing you a fully-fledged battle. We are using a realistic scenario in a specially designed setting that mimics a typical urban infrastructure. This time, the hackers will bring out the big guns in order to take down the city (CityF), while city defenders — security experts and the SOC — will be trying to counter their attacks.
Our Vulners city defenders team results on PHDays VI CTF competition:
- WTF for hacking hackers team
- excellence at banking for defending our CTF home
- zen sensei for keeping calm
- The Invulnerable – no comments
- Last man standing
Ivan is a representative of defending team. They got so bored with all situation that nothing was happening around them so they decided to hack into hackers computer. And he came to the scene without any mask on his face. And all hackers were looking at him. Who is this guy? So, Ivan, the glory is yours.
Hi everyone. Yeah, we get bored and while we’ve been bored we scanned /16 subnet. We found some neighboring defending teams, some banks. And starting from 10 and higher we have found out that there were some user machines. And some of them had lot of open ports and http servers as well. And in one of this http services there were file upload functionality. It was an Apache server with PHP on. And then we just uploaded web shell with which we just had a lot of fun.
And by the the way it’s not prohibited by the rules. Rules doesn’t say not a single word that defenders can’t break the hackers. Ivan, just tell me please what about computers of those guys, are they operational, can they do something on them?
While being good defense team and not those evil hackers, we of course let theirs computers intact and operational, but we would like to warn all of you, well, it’s a hackers conference, so if you do something Internet based, keep your ports closed and your web service also closed. Just basic security precautions. Well, if you hack somebody, it doesn’t lead that somebody can not hack you.
Advertising. We are Vulners Team and we represent Vulners Vulnerability Database.
So, they can break and they can fix!