PwnTillDawn Malaysia 2019

0
808

wizlynx group hosted its second edition of PwnTillDawn in Kuala Lumpur, Malaysia on the 12th of July 2019! The computer hacking contest, PwnTillDawn, follows a capture the flag (CTF) style competition, and is purely oriented attack/offensive security.

During 12 intense and fatiguing hours, 35 students and fresh graduates were challenged to compromise as many machines as possible, collecting flags along the way. The machines within the PwnTillDawn network are affected by real life vulnerabilities witnessed by wizlynx group through hundreds of penetration tests conducted for companies and organizations of various sizes and industries. When a flag is submitted into the PwnTillDawn CTF application, points are awarded to the contestants based on the flag’s difficulty.

At the end of the 12 hour session, the person with most points won the CTF contest and its 25,000 RM prize.

Similar to a penetration test, the contestants started with a reconnaissance of the network in the attempt to discover the target machines, as well as which services and applications are reachable. This crucial phase allowed them to start mapping our machines and discover the vulnerabilities that would give them initial access.

Early in the contest, most of the 35 competitors scored easy-to-find flags with a value from 10 to 50 points.

It was only after approximately 3 hours into the competition, things started getting serious with NRockHouse in the 1st place with 485 points, mohin in the 2nd with 435 points and mreiaz in the 3rd place with 385 points.  NRockHouse managed to get the lead by exploiting a complicated Blind OS Command Injection, giving him initial access to a tricky machine.  NRockHouse scored another very valuable flag by leveraging a local privilege escalation.

At half-time of the competition, the scoreboard changed with Shahril taking the lead, followed by mreiaz and Nrockhouse. It was with an XML External Entity (XXE) vulnerability that shahril managed to take the 1st place! Not an easy vulnerability to exploit for a student!!

With less than two hours before the end of the competition, mreiaz, a very focused & talented competitor, became the leader with a 200 point lead of shahril and more than 400 points from s3ns3.  But with two hours to go, it was still possible for the other contenders to claim the 1st place!

During the last hour, tensions and excitement started filling the room, as the scoreboard was hidden to the competitors so they could not see who was leading.  They all kept trying and fighting until the end!!!

We are pleased to announce that with 1610 points, mreiaz won our PwnTillDawn competition in Malaysia.  Congratulations for this amazing performance!

Well done to shahril and s3ns3 for securing the 2nd and 3rd place!

Congratulations to all contestants!! Even when being exhausted, you all fought and competed until the very end, showing the best of yourself.  You are all champions!!

Here is the Top 20 ranking:

1st: mreiaz1610
2nd:Shahril1335
3rd:s3ns31335
4th:Ide0x901210
5th:NRockhouse1035
6th:mohin660
7th:mlhein 560
8th:imNicL560
9th:em4teoW410
10th:toranova385
11th:c0dbat385
12th:Double3385
13th:J7szl335
14th:Trailbl4z3r335
15th: Bossku310
16th:vulcan300
17th:SiangJames260
18th:D4rkatan4260
19th:BenedictNeo250
20th:Riazufila235

At wizlynx group, we believe that PwnTillDawn is not only a great way for students and fresh graduates to learn and improve their offensive security skills, but also a fun way to inspire them in entering the cybersecurity field.

We also want to thank our PwnTillDawn Staff team who worked day and night to make sure this competition is a success!

The event is without a doubt a successful event. I’m pretty sure the experience gained by everyone of all levels especially me is priceless.
Thank you for making the event real!

– Alif

Thank you for hosting the CTF event, it was a great experience, we were able to learn many new things and meet new people. Hope that challenges like this will be held in the future!

– Hais