Abstract

In March and April 2019, Deloitte Greece organized the 1st Greek Student Hacking Challenge, providing students of Greek academic institutions with a challenge namely “Can you hack your way to Vegas?” and win the following prizes:

  • 1st place: Ticket to DEFCON®, Las Vegas
  • 2nd place: One month subscription to OSCE labs + exam
  • 3rd place: Two months subscription to OSCP labs + exam

TLDR – “How did I hack my way to Vegas”

Setup

The 1st Greek Student Hacking Challenge was performed in the form of a Jeopardy-style Capture the Flag (CTF), which contained a number of challenges in various categories such as Web, Reversing, Forensics, Cryptography, Steganography, Exploit, Infrastructure, etc.

The event was hosted in the hackazon platform (courtesy of Deloitte Netherlands Etchical Hacking Team), using challenges created by Dotelite_GR.

YouTube registration video: https://www.youtube.com/watch?v=KQZxg_oc63U

The contest was performed in two phases:

  • Preliminary round, online for 8 days, open registration to Greek students.
  • Final round, onsite for 7 hours, top 40 players of the preliminary round.

Preliminary round

With a maximum score of 5275 points, the preliminary round contained 18 challenges of varying difficulty and required skills and experience. 178 Greek students from 25 academic institutions joined this round and 1190 flags were submitted by 105 active players. Involvement and perseverance of students was impressing, given that the first flag was submitted 4 minutes after the start of the event and the last flag was submitted 2 minutes before the end.

In total, 17 out of the 18 challenges were solved by at least one player and only 2 out of the 4 flags in WEB800 – Aion challenge remained unsolved.

After a long and thrilling week with many changes throughout the leaderboard, deltaclock, cavla and kirby ended up in the top of the final scoreboard, with 7 more players being in close distance.

The varying difficulty of the challenges and the relevant experience of the players is depicted in the below diagrams:

Write-up

One of the most difficult preliminary round challenges was the “WEB500 - Est que elle?” For an indicative solution of this challenge, please refer to the Write-up.

Final round

The final round of the event took place on Friday the 12th of April, where the top 40 players joined an intense and competitive 7-hours Jeopardy-style CTF contest with 9 advanced-level challenges.

31 out of the 40 participants were able to solve at least one of the challenges and submit a flag. The final scoreboard found kirby, InfidelCastro and cavla in the first 3 places, who were entitled to the big prizes of the event. As a surprise, all participants of the final round (places 4th – 40th) won a Raspberry PI 3 micro-computer.

Media

YouTube Final round video: https://www.youtube.com/watch?v=Aw844Wh-qH4