HOW STRONG IS YOUR FU ?
Registration to “How strong is your Fu” hacking tournament is open! Yes, we all know you can’t wait to get your dirty mits on our servers, and as each day passes we come up with nastier ideas for the hacking tournament itself -it’s almost like condoned sadism. The actual event takes place on the 8-9th of May. Each registered user will receive a VPN account into the challenge arena. This will ensure that all malicious traffic is limited to encrypted VPN traffic, and wont get you fired. This is what you were waiting for:
How Strong is Your Fu – Hacking Tournament Rules and Guidelines:
- We reserve the right to disapprove ANY registration. This is not a democracy.
- Only Registered and approved individuals may participate. Depending on the load of registrations, THERE MAY BE A CUTT-OFF for participants. Sorry – we can only support the addictions of a limited amount of hackers.
- Strictly stick to the IP’s we will issue for the challenge! We do not assume responsibility for typos, such as “I meant to type in W.X.Y.Z, but ended up with nsa.gov”. In fact, we don’t assume responsibility for ANY damage done outside of the challenge labs.
- No vulnerability scanners, or automated tools – in fact they will get you auto-banned. Not only will they get auto-banned, they will probably just waste your time, give you false positives, etc.
- No denial of service, or other malicious actions. “Other malicious actions” include things like “rm -rf /” on a compromised server, etc.
- A “successful compromise” includes getting an actual shell on the compromised machine – root or administrative privileges preferred. A PROOF file and ORGANIZED documentation are both required for us to accept your solutions to the challenge. GOOD documentation WILL HAVE PREFERENCE (ideally, a pentest report). Depending on your documentation, we may publish your report.
- The winner will be the first participant to compromise *all* servers presented to them, “sudden death” style. The prize will include a single Offensive Security Online course of the winners choice. Again, good documentation will have preference.
- The winner will *still* have to go through the Offensive Security Screening. This may include a scanned ID of some sort (with blurred out ID numbers, barcodes, etc).
- Any attacks on the submission system , VPN server, etc, will result in disqualification.
- You must try harder, no whining. We may add / remove / ammend these rules at any time, at our will. Tough luck.
- ANY ACTIONS OUTSIDE OF THESE RULES WILL RESULT IN DISQUALIFICATION.
Following these guidelines will ensure both you and other participant have a good time. Please remember these rules.
thanks for the opportunity. Regards.
let’s war with me !! g3t br34k<d, you're ()wn3d!
Thanks the opportunity.
I do not expect to win. But I do expect to learn alot in the process.
This will be fun!
I appreciate the opportunity. I have registered about an hour ago and have not received a confirmation email. I checked junkmail locally and on the mail server and do not see an email to finish the registration process. Is there any issues? I didn’t want to miss out. Thanks.
Nice !! best wishes to all.
I wonder if Metasploit is permitted ?
Regards
hey guys,
why are you sending emails from apache@localhost.localdomain ?
a lot of mail servers block that kind of stuff
pretty sure lot of registrations will bounce
Changed SMTP settings, try now. Thanks for the heads up!
Received confirmation email. Thank you.
Could you give a bit more details on the “no automated tools” rule ? I guess this is meant to rule out tools like nessus/nikto that generate a lot of traffic, but what about nmap (for port scanning) or automated sql injection tools like sqlmap ?
And thanks for bringing us such a great event !
Sébastien
[...] Kayıt için :Hacking Tournament, Offensive Security [...]
@Sebastien – You can use whatever you like…but the effects of these tools…might hinder your performance…*cough* *cough*
will this be like a WARGAME .. There is one solution to GO IN .. or its just challenging us .. to see if we can do it !!
because if its the second then this is a BIG Honey Pot xD
@k1ck3r – Maybe this will answer your question : http://www.offensive-security.com/tryharder.php
What criteria are you guys using for selection?
@Royler – That will become apparent when noob-filter.com comes to life :)
Great opportunity but im a little confused over:
“The winner will *still* have to go through the Offensive Security Screening. This may include a scanned ID of some sort (with blurred out ID numbers, barcodes, etc).”
Could you please clarify? Does this mean you require full (real) name disclosure is necessary to be awarded participation, the win and subsequent prize?
TY.
In short, yes.
Well, I registerd 18h ago, and again 4h ago (sorry for double registering) but no email received…..also not in spam folders!!
Try again in an hour or so, more SMTP changes made.
Looking forward to it! One question, what is the time zone the event will start on, GMT? Thanks
-Lincoln
The exact time will be published before the 8th, we will probably start it around 14:00 GMT.
so i understand if we can manage the vulnerability or automated tools ‘ connection speed (number of connections) it will be okay?
Thanks :D For Offensive Security Company
offensive security the Best ;)
i’m with guys
thxs for the opportunity, Regards : )
3 days before my OSCP exam — Hopefully a good warm-up (If approved). Sounds like a blast.
[...] Security will be hosting a Hacking Tournament May 8-9th. Details can be found here. For those who don’t already know, Offensive Security provides top-notch, hand-on, IT [...]
:: sik baby sik ::
:: root baby root ::
This is a great opportunity. All the best.
What method are you using for choosing individuals to compete?
Everyone will compete to a certain point… but if i tell you more, i’ll have to hurt you…sooner.
Thanks the opportunity.
I hope to participate :)
Is this going to be more setup/patching based, or more binary based, where its a find the vuln?
Cheers
@Ultrafresh – You’ll just have to wait and see …
Hey admin,
I’m trying to submit with a + in my email address and it’s responding with “Wrong Email”. Using it as following:
myalias+infosectraining@domain.tld
Would be appreciated if you could make the validity filtering a lil’ more RFC compliant :)
@D, use a different email. We would rather spend our time on making better challenges than making our contact form “RFC compliant”.
Thanks for the chance, have always want to take a course just dont have the money :( but this is super sick :)
good idea to organize a challenge:)
However I would like to know after how long I know the answer for participate to the contest ?
Everyone registered will participate in the first stage…
Thanks, Offesc mates. Please keep this regular and people would enjoy more fun :)
Hi Admin, I have forgotten to ask, what is the start time and end time in terms of PST or GMT as we come from Hong Kong?
check http://www.information-security-training.com/events/offensive-security-hacking-tournament-updates/
Thanks a lot for the opportunity, we will learn a lot from it. :)
When is the next tournament? I didn’t know about it until it had already ended and read about it on corelan’s website.
@MurderSkillz – no date set yet, but we make an announcement once we know