EN

join the event

International Cybersecurity Contest

With the target of gradually creating China’s own “Pwn2Own”, Tianfu Cup International PWN Contest will have three independent and parallel events: the original vulnerability demonstration and recurrence contest, the product Contest, and the system Contest. All teams are required to use original vulnerabilities to hack the given subject. The total bonus of the contest will reach up to 1 million US dollars in a bid to deliver a feast of cyber security technologies.
Contest Topic
$1000000

Competition Forum

TFC 2022 International Cyber Security Summit Forum

The International Cybersecurity Summit will focus on the hot areas of cybersecurity technology, inviting top technical experts and industry experts from home and abroad to share the most cutting-edge international technology issues, as well as summarising the achievements of this year's Tianfu Cup International Cybersecurity Competition, commending the winning teams, and releasing the "Top 20 Most Valuable Security Researchers in the World" list and various lists for vendors at the forum.TFC International Cyber Security Summit is based in Southwest China and radiates nationwide. It aims to build the most professional international cyber security event in southwest China and promote the high-quality development of China's cyber security industry.

dynamic

More

Tianfu Cup 2020 International Cyber Security Competition and Summit Forum grand opening

2020-11-07 4989

2021 Chinese Enterprise Digital Security Construction White Paper

2021-07-06 3337

The 2020 Tianfu Cup International Cyber ​​Security Competition has ended 34 participating teams staged a technical feast

2020-11-09 3071

guide

点击地图可查看详细路线

Organization

Organizers (in random order)
奇安信
赛博昆仑
华为
百度
阿里巴巴
360
清华大学网络科学与网络空间研究院
中科院信息工程研究所
国家工业信息安全发展研究中心
绿盟
天融信
启明星辰
永信至诚
亚信安全
成都天投集团

TFC 2022 Targets & Prizes

Targets & Prizes:

1.  Targets: Chrome

Equipment: to be updated soon

System: to be updated soon

Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $75000

RCE + Sandbox Escape: $150000

 

2.  Targets: Safari

Equipment: to be updated soon

System: Mac OS

Requirements: Use Safari to browse remote URL, control the browser or System.

Prizes:

M1 RCE: $60000

M1 RCE + Sandbox Escape: $120000

 

3.  Targets: Adobe PDF Reader

Equipment: to be updated soon

System: to be updated soon 

Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.

Prizes:

RCE: $30000

RCE + Sandbox Escape: $60000

 

4.  Targets: Docker-CE

Equipment: to be updated soon

System:

Host OS: to be updated soon

Container: to be updated soon

Requirements:

Escape from the container, achieve code execution with root permission on the host OS.

Notes:

Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.

SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).

Prizes:

$60000

 

 

5.  Targets: Ubuntu Server 22/CentOS Linux to be updated

System: Ubuntu Server 22/CentOS Linux

 Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.

Prizes:

Local Privilege Escalation: $40000

 

6.  Targets: Microsoft Exchange Server 2019

System: Windows Server 2019

Requirements:  Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.

Prizes:

Authenticated: $60000

Unauthenticated: $200000

 

7.  Targets: Windows 11

Equipment: to be updated soon

System:  Windows 11

Requirements:  Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.

Prizes:

Local Privilege Escalation: $20000

Local Privilege Escalation with Kernel-level Access: $40000

 

8.  Targets: VMware Workstation

Equipment: to be updated soon

System: to be updated soon

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

$80000

 

9.  Targets: VMware ESXi

Equipment: to be updated soon

System: to be updated soon

Requirements: Run certain programs to penetrate through and escape from the VM system, control the hosts operating System. This target requires the contestant to get the root permission of the host OS.

Prizes:

$180000

 

10.  Targets: Ubuntu + qemu-kvm

Equipmentto be updated soon

System

Host: Ubuntu

Use the command sudo apt-get install qemu-kvm virt-manager in the host and use default configurations to install the guest system.

Guest: Ubuntu

RequirementsRun certain programs to penetrate through and escape from the VM system, control the hosts operating System.

Prizes:

VM Escape within Host Sandbox: $60000

VM Escape + Host Sandbox Escape: $120000

 

11. Targets: iPhone 14 Pro

System: the latest

Requirements: Use iPhone 11 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.

The RCE with sandbox escape or jailbreak will gain additional prizes.

Prizes:

RCE: $120000

RCE + Sandbox Escape: $180000

Remote Jailbreak: $300000

 

12.  Targets: Synology DS220j

Requirements: Achieve code execution on the remote device from LAN.

Prizes:

$10000

 

13.  Targets: ASUS Router AX AX56U

Requirements: Achieve code execution on the remote device from LAN/WAN.

Prizes:

LAN: $5000

WAN: $20000

 

14.  Targets: Western Digital PR4100

Requirements: Achieve code execution on the remote device from LAN/WAN.

Prizes:

LAN: $5000

WAN: $10000

 

15.国产操作系统、企业应用、软硬件及移动设备

具体产品及型号待更新。


Close
Registration Contact: May E-mail: tianfucup@163.com
Copyright © 2005-2023 tianfucup.com All Rights Reserved
QAX 京ICP备16020626号-8 京公网安备 11010502040961号