Challenge 2022

They stole my 0-day

Open to everyone | Individual challenge | 5 steps

Compete against the best security experts in this multistep individual challenge, requiring diverse skills such as reverse-engineering, web, pwning and cryptography.

Place yourself among the best and attempt to win free conference tickets by saving the world from an imminent cyber threat.

Statement

Your mission, should you choose to accept it

Investigate an incomprehensible theft of a 0-day vulnerability found by one of your colleagues

What a surprise when your colleague discovered that his brand new zero-click turing complete iMessage RCE had been seen in-the-wild. Given the complexity of the exploit, chances are pretty low that the bug has also been discovered by another team. When you ask your teammate if he thinks he could have been compromised, he tells you about this weird CTF he played a few months ago. The organization seemed very shady and the tasks were easy … too easy. In order to shed some light on this, your friend provided you an archive containing all the challenges he solved during the contest. Will you manage to find the backdoor?

Identify and track the attackers

Once the theft is proven, justice must be served. Gather all the information you can on the attackers and attempt to obtain an initial foothold on their infrastructure. They must have a way to communicate with the victim's machines. Let's just hope they don't use another Go remote access tool …

Pwn them and get back what is yours (plus some fresh 0-days)

In the event that you manage to access their core infrastructure, you may face virtualization layers. Your Hyper-V skills might be useful for once. The ultimate goal is to put the hand on all the stolen 0-days. Any attacker worthy of the name would not store such a treasure unencrypted, so make sure to bring all your cryptographic skills along. Good luck!

Prizes

Win awesome rewards

Solving this challenge among the first places will grant you the following prizes. In order to help those who do not have a company that could provide for expenses, conference tickets will be offered to the first students to solve.

Global ranking

1st place: One ticket for the conference

2nd place: One ticket for the conference

3rd place: One ticket for the conference

Student ranking

1st place: One ticket for the conference and an hotel room near the conference

2nd place: One ticket for the conference

3rd place: One ticket for the conference

Rules & information

How to play?

Rules

  • This challenge is meant to be played alone so please respect it. It is also forbidden to share flags between players.
  • Students will have to prove their belonging to a school/university in order to be eligible for the prizes.
  • A short technical writeup will be required, from both students and professionals, before the end of the challenge.
  • The challenge runs from the 13/07 to the 13/09, make sure to send your writeup in time at challenge@hexacon.fr.
  • Hexacon's Discord server will be the preferred media for communications related with the challenge, including technical issues and potential hints.
  • If you encounter any problem, please ping @challenge on Discord or contact us by email at challenge@hexacon.fr.

Flags submission

  • A step of the challenge can be considered solved when a flag following this format is found: HXN{[0-9a-f]{32}}. Be careful, a few fake flags may be lurking...
  • Flags have to be submitted by sending a private message to our bot HexaBot#0421, hosted on our Discord server.
  • Submitting a flag on Discord will grant you a specific role on the server, as well as access to a text channel where you will be able to interact with other participants and challenge authors.
  • Please note that this is your Discord nickname that will appear on the leaderboard. Feel free to change it if you wish.
  • If you do not want to use Discord, send your flags and nickname by email at challenge@hexacon.fr. However, you will not be able to benefit from all the fancy stuff we have prepared on Discord.

Everything clear, I want to play now

  • Join our Discord server and pass the sanity check by issuing this private message to HexaBot#0421: "$submit HXN{b2b5238384aa1cd4a30dd71bbf9d121a}".
  • Congratz, now you can download the challenge files by clicking the button below.
  • GL & HF! :)

Ranking 1

Professional leaderboard

Ranking 2

Student leaderboard

Write-ups 2022

Discover the winners' solutions

We're sharing the write-ups made by contestants for the first edition of this challenge. These are generously shared by the authors so feel free to thank them.

The team of non-developers

Challenge authors

Load

Synacktiv
@loadlow

Guillaume
ANDRÉ

Synacktiv
@yaumn_

0xMitsurugi

Synacktiv
@0xmitsurugi

Thomas
IMBERT

Synacktiv
@masthoon

Jérôme
M.

Synacktiv
Walleza

Aymeric
PALHIÈRE

Synacktiv
@bak_sec