As promised at our birthday party last week, we’d like to announce the release of our first competition in 2015.... Sokar!
![]()
Rasta Mouse (the person to thank and/or blame regarding Kvasir) didn't bake us a birthday cake, but instead cooked up a brand new virtual machine for you to attack and have some fun.
He is no stranger to breaking boot2root machines. He has now crafted Sokar, using a few ideas that he had not previously seen in his travels of vulnerable virtual machines.
This blog post marks the start of the competition, which will run for 3 weeks. You have until 21st February 2015 23:59 UTC to submit both the flag and your solution.
Note: be sure to read & agree to the rules at the bottom of the post.
The competition will only be active for three (3) weeks (ending on 21st February 2015), however the virtual machine will stay hosted on VulnHub afterwards.
After reviewing all the submissions, we will then take up to a week to decide who won. At this point will we announce the lucky winners via Facebook & Twitter . As always, there will be a follow-up blog post with the highlights, our views, and every submission. All valid entries will be added to the walkthrough section for Sokar on VulnHub.
If you wish to publish it yourself (e.g. on your personal blog) we kindly ask you to refrain from doing so until the competition is over.
If Sokar is beating you, you’re loving it or hating it, be sure to shout about it somewhere! (IRC, Facebook, Twitter or email!).
The more feedback that is given, helps to encourage additional machines!
We wish you the best of luck with the challenge that is Sokar!
Warm regards,
The VulnHub Team
Rasta Mouse (the person to thank and/or blame regarding Kvasir) didn't bake us a birthday cake, but instead cooked up a brand new virtual machine for you to attack and have some fun.
He is no stranger to breaking boot2root machines. He has now crafted Sokar, using a few ideas that he had not previously seen in his travels of vulnerable virtual machines.
This blog post marks the start of the competition, which will run for 3 weeks. You have until 21st February 2015 23:59 UTC to submit both the flag and your solution.
Prizes
To be announced within a week. Promise! =)So how can I win?
- When Sokar is added to VulnHub, download it and start hacking.
- With some luck, sooner or later you’ll reach the flag.
- Try and remember what you did & how you did it, then record how. (This can be as simple or creative as you like in whichever form you like. Don’t fancy writing? Record a video!.
- After you have finished, be sure to email it to us: "competition at vulnhub d0t co m".
Note: be sure to read & agree to the rules at the bottom of the post.
The competition will only be active for three (3) weeks (ending on 21st February 2015), however the virtual machine will stay hosted on VulnHub afterwards.
After reviewing all the submissions, we will then take up to a week to decide who won. At this point will we announce the lucky winners via Facebook & Twitter . As always, there will be a follow-up blog post with the highlights, our views, and every submission. All valid entries will be added to the walkthrough section for Sokar on VulnHub.
If you wish to publish it yourself (e.g. on your personal blog) we kindly ask you to refrain from doing so until the competition is over.
If Sokar is beating you, you’re loving it or hating it, be sure to shout about it somewhere! (IRC, Facebook, Twitter or email!).
The more feedback that is given, helps to encourage additional machines!
We wish you the best of luck with the challenge that is Sokar!
Warm regards,
The VulnHub Team
Rules
- One entry per person. By submitting your entry, you are agreeing to the rules.
- The documents submitted, need to be in either a Portable Document Format (PDF) or Text (TXT) file format (and must include proof for verification and any custom code that was created - as they will be tested!). If you choose to do a video, we will accept; AVI, MP4 or MKV formats.
- Make sure your steps are reproducible using a “fresh” version of the Sokar. If it doesn't work for us at the time of reviewing the submission, the entry will be disqualified.
- You are not allowed to modify the virtual machine in any way prior to starting it up and attacking it. For example, performing cold boot attacks, externally mounting the virtual disk, using Live CDs/OSs or injecting into the virtual machine in any matter. Booting into "single user mode", "recovery console" or modifying the boot parameters will also be disqualified.
- If no-one has submitted their submissions within the given time frame (see rule #8), the first valid submission after the deadline will get the winners prize.
- Postage & shipping will be paid for regarding dispatching the physical items (the goodie bag). However, if there is import tax into finalist country, it will be the responsibility of the finalist to address.
- VulnHub cannot be held responsible for any damage or lost with the posting of the physical items or how they are handled.
- The competition starts on the 2015-January-30 16:30 UTC, and will run for three (3) weeks, ending on the 2015-February-21 23:59 UTC. All the times are state in Coordinated Universal Time (UTC).
- Please do not give out any hints, tips or walkthroughs to any other contestant during the duration of the competition being active. Even if they beg.
- You must be 13 years old or older at the time of submission.
- All sales are final. No refunds. No transfers.
- The rules are subject to change without notice at any stage.
- Using and attacking Sokar is done at your own risk. VulnHub, or Rasta Mouse cannot be held responsible for any loss or damage caused.
- Bribes will not be accepted ;).