join the event
Competition Forum
join the event
Competition Forum
dynamic
Targets & Prizes:
1. Targets: Chrome
Equipment: to be updated soon
System: to be updated soon
Requirements: Use Chrome to browse remote URL, control the browser or System. The browser will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $75000
RCE + Sandbox Escape: $150000
2. Targets: Safari
Equipment: to be updated soon
System: Mac OS
Requirements: Use Safari to browse remote URL, control the browser or System.
Prizes:
M1 RCE: $60000
M1 RCE + Sandbox Escape: $120000
3. Targets: Adobe PDF Reader
Equipment: to be updated soon
System: to be updated soon
Requirements: Use the PDF documents that had been copied to the VM to control Adobe PDF Reader or System. Adobe PDF Reader will run within VMWare Workstation, 8GB default memory.
Prizes:
RCE: $30000
RCE + Sandbox Escape: $60000
4. Targets: Docker-CE
Equipment: to be updated soon
System:
Host OS: to be updated soon
Container: to be updated soon
Requirements:
Escape from the container, achieve code execution with root permission on the host OS.
Notes:
Docker CE was installed according to the official guide available at https://docs.docker.com/engine/install/ubuntu/.
SSH access (root user with password) to a running container (unprivileged, w/o uidmap, w/o volume mount, default bridge network).
Prizes:
$60000
5. Targets: Ubuntu Server 22/CentOS Linux (to be updated…)
System: Ubuntu Server 22/CentOS Linux
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as root. The OS will run within VMWare Workstation, 8GB default memory. Choose one target between Ubuntu 20 and Centos 8.
Prizes:
Local Privilege Escalation: $40000
6. Targets: Microsoft Exchange Server 2019
System: Windows Server 2019
Requirements: Connect to remote server and achieve remote code execution on the target. For authenticated entry, the user can only be a low privileged one. The contestant must contact and discuss detailed configurations with the judge before the contest.
Prizes:
Authenticated: $60000
Unauthenticated: $200000
7. Targets: Windows 11
Equipment: to be updated soon
System: Windows 11
Requirements: Run certain program as an unprivileged user to escalate privilege and run command as Administrator. The OS will run within VMWare Workstation, 8GB default memory.
Prizes:
Local Privilege Escalation: $20000
Local Privilege Escalation with Kernel-level Access: $40000
8. Targets: VMware Workstation
Equipment: to be updated soon
System: to be updated soon
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
$80000
9. Targets: VMware ESXi
Equipment: to be updated soon
System: to be updated soon
Requirements: Run certain programs to penetrate through and escape from the VM system, control the host’s operating System. This target requires the contestant to get the root permission of the host OS.
Prizes:
$180000
10. Targets: Ubuntu + qemu-kvm
Equipment:to be updated soon
System:
Host: Ubuntu
Use the command “sudo apt-get install qemu-kvm virt-manager” in the host and use default configurations to install the guest system.
Guest: Ubuntu
Requirements:Run certain programs to penetrate through and escape from the VM system, control the host’s operating System.
Prizes:
VM Escape within Host Sandbox: $60000
VM Escape + Host Sandbox Escape: $120000
11. Targets: iPhone 14 Pro
System: the latest
Requirements: Use iPhone 11 Pro to browse remote URL, control the phone system. This target requires the contestant to bypass the PAC mitigation.
The RCE with sandbox escape or jailbreak will gain additional prizes.
Prizes:
RCE: $120000
RCE + Sandbox Escape: $180000
Remote Jailbreak: $300000
12. Targets: Synology DS220j
Requirements: Achieve code execution on the remote device from LAN.
Prizes:
$10000
13. Targets: ASUS Router AX AX56U
Requirements: Achieve code execution on the remote device from LAN/WAN.
Prizes:
LAN: $5000
WAN: $20000
14. Targets: Western Digital PR4100
Requirements: Achieve code execution on the remote device from LAN/WAN.
Prizes:
LAN: $5000
WAN: $10000
15.国产操作系统、企业应用、软硬件及移动设备
具体产品及型号待更新。