join the event
Competition Forum
Competition Forum
产品破解赛。组委会按照题目难度大、漏洞影响范围广、对我国有特殊影响、体现网络安全发展趋势等原则,设置包含PC端、移动端、服务器端、IOT设备等在内的18道破解题目。由各参赛队伍进行现场破解,各参赛队报名时需确定要破解的题目。每队拥有3次破解机会,每次不超过5分钟,破解成功获得相应奖金。对每一赛项,均设置最高奖金池,为题目奖金额的3倍。即,如成功破解队伍超过3支,则所有队伍均分题目奖金额3倍的总奖金。若2支以上队伍采用相同技术路线及手段完成破解,则均分一份奖金(如三支队伍A、B、C成功破解了奖金额为4万美金的一个赛题,且均利用了不同漏洞,则A、B、C三支队伍各获得4万美金奖金;如四支队伍A、B、C、D利用不同漏洞成功实现了破解,则4支队伍获得奖金为4万美金*3/4支=3万美金/支;如四支队伍A、B、C、D,C、D两支队伍用了相同漏洞实现了破解,A、B均利用了不同的漏洞实现了破解,增A、B两队各获得4万美金,C、D两队均分一份奖金,各获得2万美金)。此外,同一队伍在不同参赛项目中使用的安全漏洞不能重复,不得使用已公开漏洞,否则将判定挑战项目失败。不同题目、不同队伍之间出现撞洞,也视为同一题目中出现撞洞进行处理。
Targets & Prizes:
1. Targets: Chrome
Equipment: to be updated soon
System: to be updated soon
Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $75000
RCE + Sandbox Escape: $150000
2. Targets: Safari
Equipment: to be updated soon
System: Mac OS
Requirements: Use Safari to browse remote URL, control the browser or System.
Prizes:
M1 RCE: $60000
M1 RCE + Sandbox Escape: $120000
3. Targets: Adobe PDF Reader
Equipment: to be updated soon
System: to be updated soon
Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $30000
RCE + Sandbox Escape: $60000
4. Targets: Docker-CE
Equipment: to be updated soon
System:
Host OS: to be updated soon
Container: to be updated soon
Requirements:
Escape from the container, achieve code execution with root permission on the host OS.
Notes:
Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.
SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).
Prizes:
$60000
5. Targets: Ubuntu Server 22/CentOS Linux (to be updated…)
System: Ubuntu Server 22/CentOS Linux
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.
Prizes:
Local Privilege Escalation: $40000
6. Targets: Microsoft Exchange Server 2019
System: Windows Server 2019
Requirements: Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.
Prizes:
Authenticated: $60000
Unauthenticated: $200000
7. Targets: Windows 11
Equipment: to be updated soon
System: Windows 11
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.
Prizes:
Local Privilege Escalation: $20000
Local Privilege Escalation with Kernel-level Access: $40000
8. Targets: VMware Workstation
Equipment: to be updated soon
System: to be updated soon
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
$80000
9. Targets: VMware ESXi
Equipment: to be updated soon
System: to be updated soon
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System. This target requires the contestant to get the root permission of the host OS.
Prizes:
$180000
10. Targets: Ubuntu + qemu-kvm
Equipment:to be updated soon
System:
Host: Ubuntu
Use the command “sudo apt-get install qemu-kvm virt-manager” in the host and use default configurations to install the guest system.
Guest: Ubuntu
Requirements:Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
VM Escape within Host Sandbox: $60000
VM Escape + Host Sandbox Escape: $120000
11. Targets: iPhone 14 Pro
System: the latest
Requirements: Use iPhone 11 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.
The RCE with sandbox escape or jailbreak will gain additional prizes.
Prizes:
RCE: $120000
RCE + Sandbox Escape: $180000
Remote Jailbreak: $300000
12. Targets: Synology DS220j
Requirements: Achieve code execution on the remote device from LAN.
Prizes:
$10000
13. Targets: ASUS Router AX AX56U
Requirements: Achieve code execution on the remote device from LAN/WAN.
Prizes:
LAN: $5000
WAN: $20000
14. Targets: Western Digital PR4100
Requirements: Achieve code execution on the remote device from LAN/WAN.
Prizes:
LAN: $5000
WAN: $10000
15.国产操作系统、企业应用、软硬件及移动设备
具体产品及型号待更新。