join the event
Competition Forum
join the event
Competition Forum
Special events
dynamic
Targets & Prizes:
1. Targets: Chrome
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21H1
Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $50000
RCE + Sandbox Escape: $150000
2. Targets: Safari
Equipment: Macbook Pro (13inch, 2017, 16G, 256SSD) or MacBook Pro (13inch, M1, 2020, 16G, 512SSD) by request.
System: Mac OS
Requirements: Use Safari to browse remote URL, control the browser or System.
Prizes:
RCE: $40000
RCE + Sandbox Escape: $75000
M1 RCE: $60000
M1 RCE + Sandbox Escape: $120000
3. Targets: Adobe PDF Reader (32 bit)
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21H1
Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $30000
RCE + Sandbox Escape: $60000
4. Targets: Docker-CE
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21H1
Host OS: Ubuntu Server 20.04 (latest LTS kernel, generic flavor)
By request: server or desktop
Container: Ubuntu 20.04 (w/ SSH access) desktop
Requirements:
Escape from the container, achieve code execution with root permission on the host OS.
Notes:
Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.
SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).
Prizes:
$60000
5. Targets: Ubuntu 20/CentOS 8
Equipment: Lenovo L14 i7-16G-500SSD
System: Ubuntu 20.04/CentOS 8
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.
Prizes:
Local Privilege Escalation: $40000
6. Targets: Microsoft Exchange Server 2019
System: Windows Server 2019
Requirements: Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.
Prizes:
Authenticated: $60000
Unauthenticated: $200000
7. Targets: Windows 10
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21h1
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.
Prizes:
Local Privilege Escalation: $20000
Local Privilege Escalation with Kernel-level Access: $40000
8. Targets: VMware Workstation
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21h1
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
$80000
9. Targets: VMware ESXi
Equipment: Lenovo L14 i7-16G-500SSD
System: win10 21h1
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System. This target requires the contestant to get the root permission of the host OS.
Prizes:
$180000
10. Targets: Ubuntu + qemu-kvm
Equipment: Lenovo L14 i7-16G-500SSD
Host: Ubuntu 20.04 desktop
Use the command “sudo apt-get install qemu-kvm virt-manager” in the host and use default configurations to install the guest system.
Guest: Ubuntu 20.04 server
Requirements:Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
VM Escape within Host Sandbox: $60000
VM Escape + Host Sandbox Escape: $150000
11. Targets: Parallels Desktop
Equipment: MacBook Pro (13inch, 2017, 16G, 256SSD)
System: Mac OS
GUEST: Ubuntu or windows 10 or cent OS by request.
Requirements:
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
$30000
12. Targets: iPhone 13 Pro
Equipment: iPhone 13 pro 128G
System: iOS 15
Requirements: Use iPhone 13 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.
The RCE with sandbox escape or jailbreak will gain additional prizes.
Prizes:
RCE: $120000
RCE + Sandbox Escape: $180000
Remote Jailbreak: $300000
13. Targets: Domestic mobile phones (Android)
Equipment:
小米:Xiaomi Mi 11
OPPO:K9 黑桃 K 8G+256G标准版
VIVO:S9 5G
Requirements: Use the phone to browse remote URL, escape the browser sandbox and control the phone system.
The sandbox escape with root privilege will gain additional prizes.
Prizes:
RCE+Sandbox: ¥30000/$4600
RCE+Root: ¥50000/$7700
14. Targets: Synology DS220j
Requirements: Achieve code execution on the remote device from LAN.
Prizes: $10000
15. Targets: ASUS Router AX56U 热血版
Requirements: Achieve code execution on the remote device from LAN.
Prizes:
$10000
16. Targets: Domestic New Energy Vehicles
Equipment: please contact us for details
Requirements: please contact us for details
Prizes: up to $50000