{"id":8842,"date":"2017-08-21T14:19:22","date_gmt":"2017-08-21T22:19:22","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/08\/21\/news-2615\/"},"modified":"2017-08-21T14:19:22","modified_gmt":"2017-08-21T22:19:22","slug":"news-2615","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/08\/21\/news-2615\/","title":{"rendered":"Hack2Win &#8211; Code Blue 3rd Edition"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 21 Aug 2017 06:26:26 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<div class=\"pf-content\">\n<p>Hi everyone,<\/p>\n<p>We are excited to announce our 3rd Hack2Win Code Blue competition!<\/p>\n<p>This year we have changed the format, raised the difficulty level and increased the prizes.<\/p>\n<p>The goal of the event is to find who can gain the highest privileges on any of the target software and hardware.<\/p>\n<p>Prizes for this contest will total $50,000 USD!<\/p>\n<p>In the new format we have:<\/p>\n<ul>\n<li>3 categories, in each category we will have a 2 products from different vendors<\/li>\n<li>Each category has different prizes<\/li>\n<li>Each category&#8217;s highest prize will be given to the first eligible submission<\/li>\n<li>A Quadcopter will be given to one participant who will be &#8220;the best of the show&#8221;<\/li>\n<\/ul>\n<p><u><strong>Category 1 &#8211; CMS<\/strong><\/u><br \/> <u>Prizes:<\/u><\/p>\n<ul>\n<li>WAN RCE &#8211; <strong>10,000$ USD<\/strong><\/li>\n<li>Information disclosure that leads to password disclosure \/ Authentication bypass &#8211; <strong>5,000$ USD<\/strong><\/li>\n<li>Pre-Authenticated XSS \/ Rest password &#8211; <strong>2,500$ USD<\/strong><\/li>\n<\/ul>\n<p><u>Products:<\/u><\/p>\n<ul>\n<li>WordPress default installation with the following plugins(*):\n<ol>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/really-simple-captcha\/\" target=\"_blank\" rel=\"noopener\">Really Simple CAPTCHA<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/contact-form-7\/\" target=\"_blank\" rel=\"noopener\">Contact Form 7<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/woocommerce\/\" target=\"_blank\" rel=\"noopener\">WooCommerce<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/google-sitemap-generator\/\" target=\"_blank\" rel=\"noopener\">Google XML Sitemaps<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wordpress-seo\/\" target=\"_blank\" rel=\"noopener\">Yoast SEO<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/all-in-one-seo-pack\/\" target=\"_blank\" rel=\"noopener\">All in One SEO Pack<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/akismet\/\" target=\"_blank\" rel=\"noopener\">Akismet<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" target=\"_blank\" rel=\"noopener\">Wordfence Security<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/w3-total-cache\/\" target=\"_blank\" rel=\"noopener\">W3 Total Cache<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/nextgen-gallery\/\" target=\"_blank\" rel=\"noopener\">NextGEN Gallery \u2013 WordPress Gallery Plugin<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/siteorigin-panels\/\" target=\"_blank\" rel=\"noopener\">Page Builder by SiteOrigin<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/advanced-custom-fields\/\" target=\"_blank\" rel=\"noopener\">Advanced Custom Fields<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/ninja-forms\/\" target=\"_blank\" rel=\"noopener\">Ninja Forms \u2013 The Easy and Powerful Forms Builder<\/a><\/li>\n<li><a href=\"https:\/\/wordpress.org\/plugins\/mailchimp-for-wp\/\" target=\"_blank\" rel=\"noopener\">MailChimp for WordPress<\/a><\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<p>(*) Each of those plugins has at least 900K active installations<\/p>\n<ul>\n<li>Drupal default installation with the following plugins(**):\n<ol>\n<li><a href=\"https:\/\/www.drupal.org\/project\/ctools\" target=\"_blank\" rel=\"noopener\">Chaos tool suite (ctools)<\/a><\/li>\n<li><a href=\"https:\/\/www.drupal.org\/project\/token\" target=\"_blank\" rel=\"noopener\">Token<\/a><\/li>\n<li><a href=\"https:\/\/www.drupal.org\/project\/pathauto\" target=\"_blank\" rel=\"noopener\">Pathauto<\/a><\/li>\n<li><a href=\"https:\/\/www.drupal.org\/project\/webform\" target=\"_blank\" rel=\"noopener\">Webform<\/a><\/li>\n<\/ol>\n<\/li>\n<\/ul>\n<p>(**) Each of those plugins has at least 500K active installations<\/p>\n<p><strong><u>Category 2 &#8211; Routers<\/u><\/strong><br \/> <u>Prizes:<\/u><\/p>\n<ul>\n<li>WAN RCE &#8211; <strong>10,000$ USD<\/strong><\/li>\n<li>LAN RCE \/ Information disclosure that leads to password disclosure \/ Authentication bypass &#8211; <strong>5,000$ USD<\/strong><\/li>\n<li>Rest password &#8211; <strong>2,500$ USD<\/strong><\/li>\n<\/ul>\n<p><u>Products:<\/u><\/p>\n<ul>\n<li><a href=\"https:\/\/www.cisco.com\/c\/en\/us\/products\/collateral\/routers\/small-business-rv-series-routers\/datasheet-c78-736464.html\" target=\"_blank\" rel=\"noopener\">Cisco RV132W Wireless-N VPN Router<\/a><\/li>\n<li><a href=\"https:\/\/www.asus.com\/Networking\/RTAC68U\/\" target=\"_blank\" rel=\"noopener\">Asus &#8211; RT-AC68U<\/a><\/li>\n<\/ul>\n<p><strong><u>Category 3 &#8211; NAS<\/u><\/strong><br \/> <u>Prizes:<\/u><\/p>\n<ul>\n<li>WAN RCE &#8211; <strong>5,000$ USD<\/strong><\/li>\n<li>LAN RCE \/ Information disclosure that leads to password disclosure \/ Authentication bypass &#8211; <strong>2,500$ USD<\/strong><\/li>\n<li>Rest password &#8211; <strong>1,250$ USD<\/strong><\/li>\n<\/ul>\n<p><u>Products:<\/u><\/p>\n<ul>\n<li><a href=\"https:\/\/www.wdc.com\/products\/network-attached-storage\/my-cloud-pr2100.html\" target=\"_blank\" rel=\"noopener\">Western Digital &#8211; My Cloud Pro Series PR2100<\/a><\/li>\n<li><a href=\"https:\/\/www.synology.com\/en-global\/products\/DS216j\" target=\"_blank\" rel=\"noopener\">Synology &#8211; DiskStation DS216j<\/a><\/li>\n<\/ul>\n<p><strong>Judging Criteria<\/strong><\/p>\n<ul>\n<li>New &#8211; the attack uses an unknown vulnerability (no record of it can be found on Google, Exploit-DB, etc)<\/li>\n<li>Complex \u2013 what was required to reach a successful attack<\/li>\n<li>Innovative \u2013 we regard an RCE as more innovative than SQLi, for example<\/li>\n<li>LAN or WAN \u2013 more points if the attack comes from the WAN side<\/li>\n<li>What is gained \u2013 we give no initial access to the challengers, so any type of access is an achievement. Of course, a guest level access would be considered less valuable than root<\/li>\n<li>Write-up Quality \u2013 how well is the write up (in English): including details, explanations, etc<\/li>\n<\/ul>\n<p><strong>Device Settings<\/strong><br \/> All the devices will be factory reset \u2013 i.e. default settings, and the only non-default setting would be the password for the \u2018admin\u2019 (or equivalent) account as documented in the product\u2019s user guide, and the WiFi password (if applicable).<\/p>\n<p><strong>What counts as \u2018hacked\u2019<\/strong><br \/> A device would be considered \u2018hacked\u2019 if the participant can prove they:<\/p>\n<ul>\n<li>Gained access to the device\u2019s post-authentication admin web interface (remember \u2013 you will not be given any credentials)<\/li>\n<li>Changed some configuration value, like the WiFi password<\/li>\n<li>Made the device do something it\u2019s not supposed to do: like execute code, or open a port\/service which was previously closed (like SSH, telnet, etc)<\/li>\n<\/ul>\n<p><strong>What we won\u2019t count as a \u2018hacked\u2019<\/strong><\/p>\n<ul>\n<li>Causing a malfunction to the device, DoS \/ XSS \/ CSRF, making it unresponsive, making it no longer boot, etc<\/li>\n<li>Usage of any known method of hacking \u2013 known methods including anything that we can find on Google\/Bing\/exploit-db\/etc \u2013 this includes: documented default password (that cannot be changed), known vulnerabilities\/security holes<\/li>\n<\/ul>\n<p><strong>Eligibility<\/strong><br \/> The contest is open to anyone who is at the legal age to receive a contest prize in your country, if you are not allowed to receive prizes \u2013 and please make sure to check this before participating \u2013 you may want to team up with a person that is eligible.<\/p>\n<p>The contest is not allowed to anyone working for one of the vendors, or is involved in development of the above devices.<\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3368\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Mon, 21 Aug 2017 06:26:26 +0000<\/strong><\/p>\n<p>Hi everyone, We are excited to announce our 3rd Hack2Win Code Blue competition! This year we have changed the format, raised the difficulty level and increased the prizes. The goal of the event is to find who can gain the highest privileges on any of the target software and hardware. Prizes for this contest will &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3368\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Hack2Win &#8211; Code Blue 3rd Edition<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10756,12603],"class_list":["post-8842","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-conferences","tag-hack2win"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8842","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=8842"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/8842\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=8842"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=8842"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=8842"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}