Online Battling at PHDays 2012

If by any reason you do not get into the participant list of Positive Hack Days 2012 or cannot visit Digital October Center, the forum’s platform, on May 30 and 31, you still have an opportunity to participate in this event. Join the online battle with competitors from all over the world at Positive Hack Days 2012! Description and participation terms are under the cut.

Hash runner

The competitors will be provided with a list of hash functions generated according to various algorithms (MD5, SHA-1, BlowFish, GOST3411, etc.). Points for each decrypted password are scored according to the algorithm’s level of difficulty. To become a winner, a competitor should gain the most points in a limited period of time, leaving the rivals behind.

Any Internet user can participate in the competition. Competitors can register during PHDays on the forum\’s website. The competition will be held as part of PHDays 2012 and will last through the forum days.

WAF Bypass 

This competition is for enthusiasts and experts engaged in web application security. The competitors are to attack vulnerable web applications protected by Web Application Firewall using SQL Injection technique. The applications function in connection with DBMSes of various vendors.

Participants will be offered to attack (or demonstrate the attack possibility) for the purpose of gaining data from a DBMS. There are four vulnerable web applications employed in the contest, each of them uses its own DBMS type. All attacks exploiting any SQL injection vector, inclusive of gaining file system access, OS commanding, brute force and binary search attacks are counted.

The winner is the first who implements an SQL injection exploitation technique in one of the web applications.
The winner will be awarded Apple iPad 3. The best ten competitors will receive prizes and gifts from Positive Technologies (the PHDays organizers) and from the forum sponsors.

Hacked in 137 seconds 

This competition enables the members of the hackspaces supporting PHDays 2012 forum online to demonstrate their skills in cracking Cisco IOS network devices.

Within 3 hours the competition participants should gain unauthorized access to a specified Cisco network device consecutively increasing privileges up to level 15. With every new level gained, the participant obtains a flag in MD5 format, which should be entered into a form on a specified interface.

After 3 hours, during exactly 137 seconds the organizers will demonstrate every participant’s achievements in speeded-up mode and decide the winner. The winner is the person who obtains the highest level of privilege for the shortest time.


The competition will enable participants of the forum to find out how quickly and accurately they can find hidden information on the Internet.

The competition web page will contain questions about certain organization, information about which can be found online. The task of the competition participants is to find as many correct answers to the questions as possible in the shortest time. Results will be announced at the end of the second day of the PHDays 2012 forum.

Best Reverser

This competition enables the participants to try their skills in reverse engineering of executable files for MS Windows platform. Every participant gets a program specially crafted for analysis. There are no limitations on techniques or software used for capturing the flags (except for the applicable laws of the Russian Federation). The winner is the first who gets all three flags and shortly describes the ways to get them.

The participants who deal with the competition tasks later than the winner or get less than three flags take the second and third places by the jury’s decision.

PHDays Online HackQuest

The PHDays 2012 program will include Online HackQuest, a competition for the Internet users that offers participants to try their hands at solving various information security tasks. On the forum’s second day, Online HackQuest participants will have a chance to influence the results of PHDays CTF 2012, the on-site contest.

For the competition, participants are provided with access to a VPN gateway. After connecting to it, the participants are to identify target systems and detect their vulnerabilities. If exploitation of a vulnerability is successful, the participant gains access to a key (a flag), which should be submitted to the jury via the form on the participant’s personal page. If the flag is valid, the participant gains the corresponding number of points.

All flags are in the MD5 format. The winner is the first participant to gain 100 points (which is the maximum possible amount). Participants who manage to gain more than 100 points are traditionally awarded with individual prizes 🙂

Online HackQuest will also be available for out-of-competition participation during 14 days after PHDays 2012.

Details on the competitions and prizes are available on the official web site of Positive Hack Days 2012.

One thought on “Online Battling at PHDays 2012

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.