join the event
Competition Forum
Competition Forum
破解大赛分为两个赛项:原创漏洞演示复现赛和产品破解赛。两个赛项的比赛相互独立,同步举行,要求各报名队伍报名时即选择赛项和赛题。参赛队伍在报名时,只能在原创漏洞演示复现赛和产品破解赛中选择一个作为参赛项目,不能同时参加两个赛项的比赛。同一单位可委派多支队伍同时参赛。所有参赛选手成功实现破解并获得奖金后,不得在任何场合公开任何漏洞信息。
原创漏洞演示复现赛。所有报名参赛队伍提前向组委会提交最少1个自己掌握的高危原创漏洞执行效果演示视频,组委会在回避制度(参赛队伍相关专家回避)下,组织裁判组(含厂商背景专家)选取10-20个原创漏洞作为入围漏洞,并对每个入围漏洞确定奖金额度(与产品破解赛相似漏洞,奖金额度设置保持同一水平),提前准备现场复现所需要的相应软硬件设备。提交入围漏洞的队伍现场演示掌握的原创漏洞利用效果,时间为5分钟。其他队伍可选择对演示的漏洞进行现场复现,复现时限为24小时以上(比赛17日下午15:00截止前可随时申请进行复现效果演示)。若出现两支以上队伍申请复现同一漏洞,可由裁判组根据现场准备好的复现必须的软硬件设备条件,确定复现队伍数量。确定原则遵循先到先得,若两支或两支以上队伍同时申请复现,则由申请队伍分别向专家组陈述复现思路,原则上选择复现思路与演示队伍思路不同的队伍优先进行复现。若申请队伍复现思路相同,则采用抽签方式确定复现队伍。复现成功且质量最高(综合考虑用时、手段等多种因素,具体由裁判组进行判定)的队伍获得赢取奖金的权利。其他队伍若完全采用了不同的技术路线和手段也成功实现了复现,可由裁判组讨论确定给予赢取奖金的权利。最终,由漏洞演示队伍、复现质量最高的复现队伍及采用不同技术路线和手段实现复现的队伍一起获得该漏洞对应奖金(如,某漏洞经裁判组确定奖金额度为6万美金,现场有1支队伍以最高质量实现了复现,且有1支队伍采用不同技术路线实现了复现,则漏洞演示队伍与上述2支队伍,每队获得1/3额度的奖金,即2万美元)。若没有队伍申请复现或没有队伍成功实现复现,则该漏洞对应奖金额度由演示队伍单独获得。建议并鼓励每支参赛队伍提供难度较大的高危原创漏洞,保证自己单独获得漏洞对应奖金。每个漏洞均将在比赛场地设立独立的复现区域,漏洞演示队伍在复现过程中不得与参与复现的队伍进行交流和提示,一经发现,取消漏洞演示队伍获得漏洞奖金的权利。
产品破解赛。组委会按照题目难度大、漏洞影响范围广、对我国有特殊影响、体现网络安全发展趋势等原则,设置包含PC端、移动端、服务器端、IOT设备等在内的18道破解题目。由各参赛队伍进行现场破解,各参赛队报名时需确定要破解的题目。每队拥有3次破解机会,每次不超过5分钟,破解成功获得相应奖金。对每一赛项,均设置最高奖金池,为题目奖金额的3倍。即,如成功破解队伍超过3支,则所有队伍均分题目奖金额3倍的总奖金。若2支以上队伍采用相同技术路线及手段完成破解,则均分一份奖金(如三支队伍A、B、C成功破解了奖金额为4万美金的一个赛题,且均利用了不同漏洞,则A、B、C三支队伍各获得4万美金奖金;如四支队伍A、B、C、D利用不同漏洞成功实现了破解,则4支队伍获得奖金为4万美金*3/4支=3万美金/支;如四支队伍A、B、C、D,C、D两支队伍用了相同漏洞实现了破解,A、B均利用了不同的漏洞实现了破解,增A、B两队各获得4万美金,C、D两队均分一份奖金,各获得2万美金)。此外,同一队伍在不同参赛项目中使用的安全漏洞不能重复,不得使用已公开漏洞,否则将判定挑战项目失败。不同题目、不同队伍之间出现撞洞,也视为同一题目中出现撞洞进行处理。
Targets & Prizes:
1. Targets: Chrome
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21H1
Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $50000
RCE + Sandbox Escape: $150000
2. Targets: Safari
Equipment: Macbook Pro (13inch, 2017, 16G, 256SSD) or MacBook Pro (13inch, M1, 2020, 16G, 512SSD) by request.
System: Mac OS
Requirements: Use Safari to browse remote URL, control the browser or System.
Prizes:
RCE: $40000
RCE + Sandbox Escape: $75000
M1 RCE: $60000
M1 RCE + Sandbox Escape: $120000
3. Targets: Adobe PDF Reader (32 bit)
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21H1
Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $30000
RCE + Sandbox Escape: $60000
4. Targets: Docker-CE
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21H1
Host OS: Ubuntu Server 20.04 (latest LTS kernel, generic flavor)
By request: server or desktop
Container: Ubuntu 20.04 (w/ SSH access) desktop
Requirements:
Escape from the container, achieve code execution with root permission on the host OS.
Notes:
Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.
SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).
Prizes:
$60000
5. Targets: Ubuntu 20/CentOS 8
Equipment: Lenovo L14 i7-16G-500SSD
System: Ubuntu 20.04/CentOS 8
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.
Prizes:
Local Privilege Escalation: $40000
6. Targets: Microsoft Exchange Server 2019
System: Windows Server 2019
Requirements: Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.
Prizes:
Authenticated: $60000
Unauthenticated: $200000
7. Targets: Windows 10
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21h1
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.
Prizes:
Local Privilege Escalation: $20000
Local Privilege Escalation with Kernel-level Access: $40000
8. Targets: VMware Workstation
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21h1
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
$80000
9. Targets: VMware ESXi
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21h1
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System. This target requires the contestant to get the root permission of the host OS.
Prizes:
$180000
10. Targets: Ubuntu + qemu-kvm
Equipment: Lenovo L14 i7-16G-500SSD
Host: Ubuntu 20.04 desktop
Use the command “sudo apt-get install qemu-kvm virt-manager” in the host and use default configurations to install the guest system.
Guest: Ubuntu 20.04 server
Requirements:Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
VM Escape within Host Sandbox: $60000
VM Escape + Host Sandbox Escape: $150000
11. Targets: Parallels Desktop
Equipment: MacBook Pro (13inch, 2017, 16G, 256SSD)
System: Mac OS
GUEST: Ubuntu or windows 10 or cent OS by request.
Requirements:
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
$30000
12. Targets: iPhone 13 Pro
Equipment: iPhone 13 pro 128G
System: iOS 15
Requirements: Use iPhone 13 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.
The RCE with sandbox escape or jailbreak will gain additional prizes.
Prizes:
RCE: $120000
RCE + Sandbox Escape: $180000
Remote Jailbreak: $300000
13. Targets: Domestic mobile phones (Android)
Equipment:
小米:Xiaomi Mi 11
OPPO:K9 黑桃 K 8G+256G标准版
VIVO:S9 5G
Requirements: Use the phone to browse remote URL, escape the browser sandbox and control the phone system.
The sandbox escape with root privilege will gain additional prizes.
Prizes:
RCE+Sandbox: ¥30000/$4600
RCE+Root: ¥50000/$7700
14. Targets: Synology DS220j
Requirements: Achieve code execution on the remote device from LAN.
Prizes: $10000
15. Targets: ASUS Router AX56U 热血版
Requirements: Achieve code execution on the remote device from LAN.
Prizes:
$10000
16. Targets: Domestic New Energy Vehicles
Equipment: please contact us for details
Requirements: please contact us for details
Prizes: up to $50000
经过激烈的角逐,为期两天(2021.10.16 - 10.17)的天府杯2021国际网络安全大赛正式落下帷幕。
比赛共产生了七个奖项:
最佳产品破解奖一等奖 :昆仑实验室(Kunlun Lab)
最佳产品破解奖二等奖 :胖@奇安盘古
最佳产品破解奖三等奖 :漏洞研究院青训队
最具价值产品破解奖 :胖@奇安盘古
最佳产品创新突破奖:昆仑实验室(kunlun Lab)
最佳漏洞演示奖:STAR LABS
最佳漏洞复现奖:0x300战队
获奖名单 :原创漏洞演示复现赛奖金榜