join the event

国际网络安全大赛

“天府杯”国际网络安全大赛致力成为全球第一的破解比赛,面向所有安全从业人员公开征集参赛选手与参赛项目。参赛选手根据目标赛项设定报名参赛项目,比赛设置冠军、亚军、季军奖。大赛共设立100万美元的奖金,包含PC端、移动端与服务器端三大项,以及虚拟化 软件、操作系统软件、浏览器软件、办公软件、移动智能终端、Web服务及应用软件、DNS 服务软件、共享管理类服务软件等八大类别。
$1000000

Competition Forum

国际网络安全高峰论坛

本届高峰论坛围绕网络安全技术热点领域,邀请国内外顶级技术专家、行业专家分享国际最前沿的技术议题,同时在论坛上总结本届“天府杯”国际网络安全大赛取得的成绩,对获奖团队进行表彰,在论坛上还会重磅发布“全球最具价值安全研究员TOP20榜单”以及针对厂商的各类榜单。国际网络安全高峰论坛立足西南、辐射中国,旨在打造西南地区最专业的国际网络安全盛会,推动西南地区乃至中国网络安全产业高质量发展。

Organization

组织机构

主办单位 (排名不分先后)

“天府杯”国际破解大赛规则

赛事环节:

产品破解赛。组委会按照题目难度大、漏洞影响范围广、对我国有特殊影响、体现网络安全发展趋势等原则,设置包含PC端、移动端、服务器端、IOT设备等在内的18道破解题目。由各参赛队伍进行现场破解,各参赛队报名时需确定要破解的题目。每队拥有3次破解机会,每次不超过5分钟,破解成功获得相应奖金。对每一赛项,均设置最高奖金池,为题目奖金额的3倍。即,如成功破解队伍超过3支,则所有队伍均分题目奖金额3倍的总奖金。若2支以上队伍采用相同技术路线及手段完成破解,则均分一份奖金(如三支队伍A、B、C成功破解了奖金额为4万美金的一个赛题,且均利用了不同漏洞,则A、B、C三支队伍各获得4万美金奖金;如四支队伍A、B、C、D利用不同漏洞成功实现了破解,则4支队伍获得奖金为4万美金*3/4支=3万美金/支;如四支队伍A、B、C、D,C、D两支队伍用了相同漏洞实现了破解,A、B均利用了不同的漏洞实现了破解,增A、B两队各获得4万美金,C、D两队均分一份奖金,各获得2万美金)。此外,同一队伍在不同参赛项目中使用的安全漏洞不能重复,不得使用已公开漏洞,否则将判定挑战项目失败。不同题目、不同队伍之间出现撞洞,也视为同一题目中出现撞洞进行处理。

关闭

“天府杯”国际破解大赛题目

Targets & Prizes:

1.  Targets: Chrome

Equipment: to be updated soon

System: to be updated soon

Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $75000

RCE + Sandbox Escape: $150000


2.  Targets: Safari

Equipment: to be updated soon

System: Mac OS

Requirements: Use Safari to browse remote URL, control the browser or System.

Prizes:

M1 RCE: $60000

M1 RCE + Sandbox Escape: $120000


3.  Targets: Adobe PDF Reader

Equipment: to be updated soon

System: to be updated soon 

Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $30000

RCE + Sandbox Escape: $60000


4.  Targets: Docker-CE

Equipment: to be updated soon

System:

Host OS: to be updated soon

Container: to be updated soon

Requirements:

Escape from the container, achieve code execution with root permission on the host OS.

Notes:

Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.

SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).

Prizes:

$60000



5.  Targets: Ubuntu Server 22/CentOS Linux to be updated…)

System: Ubuntu Server 22/CentOS Linux

 Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.

Prizes:

Local Privilege Escalation: $40000

6.  Targets: Microsoft Exchange Server 2019

System: Windows Server 2019

Requirements:  Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.

Prizes:

Authenticated: $60000

Unauthenticated: $200000

7.  Targets: Windows 11

Equipment: to be updated soon

System:  Windows 11

Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.

Prizes:

Local Privilege Escalation: $20000

Local Privilege Escalation with Kernel-level Access: $40000

8.  Targets: VMware Workstation

Equipment: to be updated soon

System: to be updated soon

Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.

Prizes:

$80000


9.  Targets: VMware ESXi

Equipment: to be updated soon

System: to be updated soon

Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System. This target requires the contestant to get the root permission of the host OS.

Prizes:

$180000


10.  Targets: Ubuntu + qemu-kvm

Equipment:to be updated soon

System:

Host: Ubuntu

Use the command “sudo apt-get install qemu-kvm virt-manager” in the host and use default configurations to install the guest system.

Guest: Ubuntu

Requirements:Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.

Prizes:

VM Escape within Host Sandbox: $60000

VM Escape + Host Sandbox Escape: $120000


11. Targets: iPhone 14 Pro

System: the latest

Requirements: Use iPhone 11 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.

The RCE with sandbox escape or jailbreak will gain additional prizes.

Prizes:

RCE: $120000

RCE + Sandbox Escape: $180000

Remote Jailbreak: $300000


12.  Targets: Synology DS220j

Requirements: Achieve code execution on the remote device from LAN.

Prizes:

$10000


13.  Targets: ASUS Router AX AX56U

Requirements: Achieve code execution on the remote device from LAN/WAN.

Prizes:

LAN: $5000

WAN: $20000


14.  Targets: Western Digital PR4100

Requirements: Achieve code execution on the remote device from LAN/WAN.

Prizes:

LAN: $5000

WAN: $10000


15.国产操作系统、企业应用、软硬件及移动设备

具体产品及型号待更新。

关闭