About

ZeroNights hackquest is a hacking challenge before annual ZeroNights conference where the goal is to solve tasks related to information security (reverse engineering, web, mobile hacking, penetration testing and more).
The winners receive free invitation to the conference and a place in our Hall of Fame.

If you have any questions related to hackquest - drop us a line to zeronights@dsec.ru

2017's Rules

  1. Hack quest lasts 7 days, from 20:00 October 23 to 19:59 October 30 (each task starts at 8 PM Moscow Time (UTC+3, check your time);
  2. One task a day. Task duration: 24 hours;
  3. 7 tasks in total;
  4. The first person to solve the task gets an invite;
  5. The second and third participants to solve the task will also earn points. The second one gets 0.5 point, the third—0.25. 1 point will get you 1 invitation, but not more than one per one competitor;
  6. To prevent cheating, you may be asked to describe the steps you performed to solve the task;
  7. It's prohibited to share hints and flags with other participants;
  8. Do not register more than one account per a participant;
  9. Current date and time: 2017-12-11 08:32:13

Good luck and have fun!

Day 1 / webpwn

Description

Hints

24/10/2017 19:30
Flag lies in a home directory
24/10/2017 16:00
Did you check a cyberplatform neighboring resources?
24/10/2017 12:10
What will you choose: shell upload or RCE in software?
24/10/2017 01:40
1 bug = 1 domain
24/10/2017 01:35
There is a path to get into an admin panel without knowing login and password
23/10/2017 21:25
Page source code might tell you something

Day 2 / PetrovKey

Description

Hints

25/10/2017 12:00
We love the movie Matrix. email: zn2017@reverse4you.org, key: 00A4-7ZHS-G7YT-5249-Z245-TVWY
25/10/2017 09:25
blob[offset1+i]^blob[offset2+i], off1 23620, off2 195814
25/10/2017 09:25
The Lua code is encrypted, look at email + key
24/10/2017 23:30
sysctl kernel.yama.ptrace_scope=1 (protection check)

Day 3 / YouAreWelcome

Description

Hints

26/10/2017 12:45
Captcha Captcha
Text around
Painted black on white background
Brute it faster should you now
We are sure that you know how
26/10/2017 10:10
You can always try again :)

Day 4 / Remasonry Challenge

Description

Hints

27/10/2017 15:45
TASK_4: A similar task was met at CTF competitions. Google it if you can not find a solution.
27/10/2017 13:35
TASK_4: For this task you need Z3 SMT Solver.
27/10/2017 12:10
TASK_4: Maybe you'll find something familiar if you do this
open('data.txt','r').read().strip()[1:-1][::-1]
27/10/2017 02:00
TASK_3: Due to a bug in the algorithm, the task was removed from the Remasonry Challenge

Day 5 / NOTSAFEAGENCY

Description

Hints

28/10/2017 13:10
Sample rate - 2M, Address length - 5 bytes
28/10/2017 02:35
these devices are used iN wiReless keyboards and sometimes in Flying drones
28/10/2017 01:25
You don't need any special hardware to solve the task. Try to understand what devices are used
28/10/2017 00:10
This task is not about fuzzing, there are no hidden paths
28/10/2017 00:05
Do u like gnuradio, baudline or urh?
27/10/2017 21:30
Photo of task preparation

Day 6 / Strange command server

Description

Day 7 / Hacking Chains

Description

Hints

29/10/2017 21:50
Is customer support really offline?

Winners

Winners of 2017

Task Place Nickname Reward
Day #1 / Webpwn #1 blackfan Invite
#2 DarkCaT 0.5 points
#3 kreon 0.25 points
Also solved ilyaluk, raz0r, akamajoris, kurlikasd, poneev, shvetsovalex007, leon+zeronights, mohemiv
Day #2 / PETROVKEY #1 vient Invite
#2 Felis-Sapiens 0.5 points
Day #3 / YOUAREWELCOME #1 Paul_Axe Invite
Day #4 / REMASONRY CHALLENGE #1 sysenter Invite
#2 AV1ct0r 0.5 points
#3 Felis-Sapiens 0.25 points
Also solved Aleksey Cherepanov
Day #5 / NOT SAFE AGENCY #1 maximilian Invite
#2 p41l 0.5 points
Day #6 / STRANGE COMMAND SERVER #1 Aleksey Cherepanov Invite
#2 smalukav 0.5 points
#3 paulch 0.25 points
Also solved okob2008, Kurlikasd, mcstarpro
Day #7 / HACKING CHAINS #1 ilyaluk Invite
#2 smalukav 0.5 points
#3 Felis-Sapiens 0.25 points

Hall of fame

Winners of 2016

Task Place Nickname Reward
Day #1 #1 sysenter Invite
#2 vos 0.5 points
#3 smalukav 0.25 points
Also solved ilyaluk, AVictor2007, a.v.e.r, dmit.mx, felis-sapiens, stas.zn
Day #2 / Golden Rabbit #1 smalukav Invite
#2 ilyaluk 0.5 points
#3 vos 0.25 points
Day #3 / ETHERIUM BOT #1 ilyaluk Invite
#2 lozko.roma 0.5 points
#3 snk 0.25 points
Also solvedvladas.bulavas, okob2008, dartslon, beched
Day #4 / BAD ASSISTANT #1 beched Invite
#2 smalukav 0.5 points
#3 Aleksey Cherepanov 0.25 points
Day #5 / StrongBox #1 Stanislav Povolotsky Invite
Day #6 / Packer #1 erbolsyn Invite
#2 ilyaluk 0.5 points
Day #7 / I wanna be better! #1 blackfan Invite

Winners of 2015

Task Place Nickname Reward
Day #1 / Chocolate Factory #1 cdump Invite
#2 BlackFan 0.5 points
#3 kidcrash 0.25 points
Day #1 / Chocolate Factory (reborn) #1 BlackFan Invite
#2 Beched 0.5 points
#3 AV1ct0r 0.25 points
Day #2 / HSM V1.0 #1 Abr1k0s Invite
#2 BooL 0.5 points
#3 kidcrash 0.25 points
Day #3 / BAZAAR NG #1 AV1ct0r Invite
#2 shr 0.5 points
#3 Petuhov_Forever! 0.25 points
Day #4 / ILLOGICAL PHOTOGALLERY #1 Beched Invite
#2 bafoed 0.5 points
#3 allyofgood 0.25 points
Day #5 / CRACKME #1 sysenter Invite
#2 okob2008 0.5 points
#3 h0t_max 0.25 points
Day #6 / BANK ROBBERY #1 dr.glukyne Invite
Day #7 / BLINK2PWN #1 mr_dawerty Invite

Winners of 2014

Task Place Nickname
#1 / Alighieri #1 BECHED
Also solved derwolfman, neomant, Anton Cherepanov
#2 / Yolochka #1 BECHED
#3 / InfectedTerminal #1 sysenter
#4 / Chip-in-the-middle #1 GiftsUngiven
Also solved Dmitry Ananyev
#5 / M-Nature #1 Roman Bondarenko
Also solved Stanislav Povolotsky
#6 / Not a HARD task #1 Torn
Also solved goober, ispras team, Richard Baranyi, BECHED, qwerty@x.x
#7 / private bank haxing #1 Dmitry Ananyev
Also solved abc1111abc, beched, Abr1k0s ctf team, darkbyte, obriain, bmth, bo0om, arnor9400
#8 / Photo story #1 Sergey Bobrov
Also solved Dan, Alexander & Tolya

Winners of 2013

Task Place Nickname
#1 / Hello, snake #1 BECHED
#2 / Hello, snake (special task: read file) #1 Dan Sigalov
#3 / Hello, snake (special task: read + write) #1 George Noseevich
#4 / A problem #1 darkbyte_ru
#5 / Bo0oM #1 Ilia Deto
#6 / wheeeeeeeeeeeeeeeeee #1 vos
#7 / Erlang #1 Anton Sapozhnikov
#8 / [noname] #1 vos
#9 / Quake 3 #1 Andrey1800

Contacts

If you have any questions related to hackquest - drop us a line to zeronights@dsec.ru