Our Sokar birthday competition is well and truly over now. So the only thing left todo is to summarize everything and of course announce the winners!

Sokar was the name and ‘boot and root’ is the game. It’s your classic vulnerable virtual machine. We made it into a competition by asking competitors to write up their journey to root, tips and tricks and stats on how many keyboards were broken during their time hacking (stargate references were also very welcome).


Results

We were looking for a of combination of qualities in the write-ups: a detailed method, unique ways of solving the challenge, and being an entertaining read.

To us, this time around, there was one very clear winner, Ginnarr! However, who came afterwards, it was a close call. Getting straight to it, here are the results:

As in previous competitions, various attack vectors which were not obvserved during the creation of the vm were exploited. Once again, hackers will do what hackers do best - forever pushing the limits of what you believe were possible ;).

Reading through all 19 write-ups, there are various unique methods of beating the box. We were amazed by everyone was able to look at the same problem in a different light. We picked up a new trick or two whilst reviewing the submission, and encourage others to have a read too, there’s some great stuff in these write-ups! (also don’t kick yourself too hard if you missed anything)!

Prizes

We are going to try and do something slightly different this time around. For 1st & 2nd place, we will offer some hardware!

  • 1st Place - First pick of “hardware”, competition t-shirt, challenge coin & stickers.
  • 2nd Place - Second pick of “hardware”, competition t-shirt, challenge coin & stickers.
  • Runners Up - Either a £15 e-Gift card or a competition t-shirt. As well as a challenge coin & stickers.

Everyone in the above categories will get a challenge coin (same design from last time), and VulnHub stickers. Everyone at least has the option for this competition customized t-shirt. These are personalized to each person and will not be in re-printed again at any stage. Currently, the only way to get any VulnHub merchandise is to win it! This was the only time to grab a Sokar related VulnHub shirt!

We would like nothing better but to be able to offer prizes to everyone who took part. If you didn’t make it this time around, don’t worry! Keep your ears to the ground for when our next competition happens!

Hardware

As we wanted todo something different for the winners in this competition, we came up with the idea of giving away some other physical goodies. After shopping around online a bit and asking a some previous winners what they would of liked, we came up with the following hardware:

As there are only one of each item, 1st place (Ginnarr) has first choice of prize. 2nd place (sizzop) will have the remaining option. Should either party not want either of the prizes we will swap it out for a e-gift of the same value.

If you have any suggestions for a prize for next time, get in touch!

Feedback

This was competition number four for us. Looking back on reflective since last time:

  • “Hype.” - Both rasta_mouse & superkojiman hijack our social network accounts this time around - we thought they did a great job with the memes & videos.
  • “Prizes.” - The challenge coins, are still in high demand from last time, and we hope the new physical goods are as equally appraised.
  • “Timeframe.” - Rather than doing 4 weeks, it was only 3. We felt this was a much better time frame for this machine.
  • “Testing.” - There is always going to be a non-designed method of doing the machine even if it someone uses an 0day. You can never test it enough.
  • “Response times.” - We were slow at doing blog posts. Again.
  • “Announce times.” - Needs to be longer. Still.

Parting words

To the people who:

  • Learnt something new - Good. Don’t ever stop!
  • Got the root flag - Job well done (as long as you didn’t break the rules!)
  • Entered and submitted a entry - thank you =).
  • Will received a prize - well done ;).
  • To anyone that hasn’t tried sokar yet - Why not? What’s stopping you! =P

From the bottoms of our hearts, we thank rasta_mouse once again for helping out with our birthday by making the VM, help running the event and judging each submissions. Please, the next time you talk to him, thank him.

We are already looking forward to the next competition ;). Hopefully you are too ;) …

Warm regards,

The VulnHub Team

New Blog Desgin

So here’s the new design!As promised in the our last birthday post, this is the start of the front-end improvements.The (old) blog …… Continue reading

Competition - Sokar

Published on January 30, 2015

Now with HTTPS

Published on January 25, 2015