Hi Pragyan CTF organizers, we haven't received the prize INR 80000 for winning this CTF in 2018.

https://ctftime.org/event/581
Archive: https://web.archive.org/web/20190709091452/https://ctftime.org/event/581

It seems like in 2016,2017 (see https://ctftime.org/event/581#comment) you did the same to the winning teams.
Would you really send the prize this year?

So I added our team through CTFtime.org do we still need to register on the site it seems a little bit to much info, phone number etc. Lots of data to be gained. Unless I buy a burner.

@mojorisin78 Registration can be done either on Pragyan or directly on the ctf portal which will go up shortly.

I dont see an option for signing up as a team? How can this be done?

So I see our team in the list competing to but it is asking me to sign in and register still, do I not log in with my teams credentials, from ctftime.org?

@kladblokje_88 on the ctf site make sure you have a team set up there and logged in, click on the event and scroll down it says “my team will participate” I have done this but still no further as to logging in through a CTF portal, and I’m not giving phone numbers etc over in the registration, hopefully we get in the other way mentioned through a portal.

when you screw up discord permissions lol

Website and Discord are gone. RIP.

Discord invitation invalide!

Big problem with your server, impossible connect to https://ctf.pragyan.org/home and https://ctf.pragyan.org/challenges !!!!

1 0 0 ASCII Sentence 1 Decode this
1007111211499727410210086571089088821069950785589517812110050571079771116102885086579… 1 1582366530 1582547400 p_ctf{jack_sparrow_found_the_key_to_chest} 1 1 100 0 0 NULL
edit 2 0 0 Encuéntralo si puedes 2 Luis is very fond of music. Recently he developed a keen interest in CTF challenges. He makes a chal… 1 1582366530 1582547400 p_ctf{Mzg3NjJjZjdmNTU5MzRiMzRkMTc5YWU2YTRjODBjYWRjY2JiN2YwYQ==} 1 1 350 0 0 NULL
edit 3 0 0 Pretty Peculiar Pokemon 2 Ash is on his mission to become world's best pokemon master. On his way he finds an amazing pokemon … 1 1582366530 1582547400 p_ctf{Y0U_$0LVED_1HE_H!DDEN_P0KEM0N} 1 1 150 0 0 NULL
edit 4 0 0 Up can be Down 2 Mr. Robot is being sent to future. But accidently he lost his passkey which he needs to activate the… 1 1582366530 1582547400 p_ctf{s0rry_6ut_1_@m_n0t_@_r060t} 1 1 100 0 0 NULL
edit 5 0 0 I am not a poker 2 Ron is really amazing in encryption security related stuff, but he is very bad in memorising things.… 1 1582366530 1582547400 p_ctf{d1ce_c@n_be_dec1eving_s0met1mes} 1 1 350 0 0 NULL
edit 6 0 0 Hide and Seek 4 Little Joe is lonely and has no one to play with him. So, his father built him a toy that can play h… 0 1582366530 1582547400 p_ctf{I_g0t_th3_b35t_t07_1n_th3_w02ld!} 1 1 0 0 0 NULL
edit 7 0 0 Auction 4 A shocking twist has happened! Someone managed to find the flag and is selling it to anyone who can … 0 1582366530 1582547400 p_ctf{17_w45n7_45_51mpl3_4s_1_7h0u9h7} 1 1 0 0 0 NULL
edit 8 0 0 Battle 4 Adam is frustrated that his team kept losing multiplayer battle games, so he decided to build his ow… 0 1582366530 1582547400 p_ctf{I_m4d3_5ur3_m7_t34m_15_th3_b35t!} 1 1 0 0 0 NULL
edit 9 0 0 Secret 4 Mark is a spy and managed to gain access to a computer belonging to his enemies. However, all it run… 1 1582366530 1582547400 p_ctf{m7_3n3m1e5_ar3_n0_m4tch_f0r_m3!} 1 1 150 0 0 NULL
edit 10 0 0 Welcome!!! 5 Go and checkout our bot in case you are bored and get some bonus points.
1 0 1582547400 p_ctf{bots_are_cool_af} 1 1 10 0 0 NULL
edit 11 0 0 Brutus 3 An Unidentified User in the server is leaking important information through his website handle (ip_a… 1 1582366530 1582547400 p_ctf{ch1ef_5ecurity_head_kn0ws_us} 1 1 150 0 0 NULL
edit 12 0 0 Home sweet Home 5 An user named "CruSieg" is posting messages in support of Terrorism in a famous social media platfor… 1 1582366530 1582547400 p_ctf{next_t1me_w0nt_be_e45y} 1 1 250 0 0 NULL
edit 13 0 0 AskTheOracle 1 Mr Robot has worked all night to find the Cipher "TE2GVo0jKwXNdk+xheq5m3HlKf8EKeqDh6RA3R3y8eSs5XS2TM… 1 1582366530 1582547400 p_ctf{fl@gs_@re_not_host3d_th3y_@re_c@ptur3d} 1 1 150 0 0 NULL
edit 14 0 0 Htide 1 Tony stark before dying in Avengers End Game he says one last thing to Doctor Strange which is '0da… 1 1582366530 1582547400 p_ctf{fl@gs_@re_not_host3d_th3y_@re_c@ptur3d}

Does the CTF site working fine?

BONUS :) -> https://i.imgflip.com/3pzeyq.jpg

p_ctf{jack_sparrow_found_the_key_to_chest}
p_ctf{Mzg3NjJjZjdmNTU5MzRiMzRkMTc5YWU2YTRjODBjYWRjY2JiN2YwYQ==}
p_ctf{Y0U_$0LVED_1HE_H!DDEN_P0KEM0N}
p_ctf{s0rry_6ut_1_@m_n0t_@_r060t}
p_ctf{d1ce_c@n_be_dec1eving_s0met1mes}
p_ctf{I_g0t_th3_b35t_t07_1n_th3_w02ld!}
p_ctf{17_w45n7_45_51mpl3_4s_1_7h0u9h7}
p_ctf{I_m4d3_5ur3_m7_t34m_15_th3_b35t!}
p_ctf{m7_3n3m1e5_ar3_n0_m4tch_f0r_m3!}
p_ctf{bots_are_cool_af}
p_ctf{ch1ef_5ecurity_head_kn0ws_us}
p_ctf{next_t1me_w0nt_be_e45y}
p_ctf{fl@gs_@re_not_host3d_th3y_@re_c@ptur3d}
p_ctf{fl@gs_@re_not_host3d_th3y_@re_c@ptur3d}
p_ctf{t1ll_my_l45t_bre47h_p4ndor4_4ever}

?

cant post emoji :(

ping ctf.pragyan.org -c 3
PING ctf.pragyan.org (167.99.28.218) 56(84) bytes of data.

--- ctf.pragyan.org ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2035ms

wget -r -c -x https://ctf.pragyan.org/challenges
--2020-02-22 19:26:41-- https://ctf.pragyan.org/challenges
Résolution de ctf.pragyan.org (ctf.pragyan.org)… 167.99.28.218
Connexion à ctf.pragyan.org (ctf.pragyan.org)|167.99.28.218|:443… échec : Connexion terminée par expiration du délai d'attente.
Nouvel essai.

--2020-02-22 19:28:55-- (essai : 2) https://ctf.pragyan.org/challenges
Connexion à ctf.pragyan.org (ctf.pragyan.org)|167.99.28.218|:443…

curl -i -vv https://ctf.pragyan.org/challenges
* Trying 167.99.28.218:443...
* TCP_NODELAY set
* connect to 167.99.28.218 port 443 failed: Connexion terminée par expiration du délai d'attente
* Failed to connect to ctf.pragyan.org port 443: Connexion terminée par expiration du délai d'attente
* Closing connection 0
curl: (28) Failed to connect to ctf.pragyan.org port 443: Connexion terminée par expiration du délai d'attente

. Well played @fsociety instead of helping, you guys attacked the server and now their weeks of preparation for hosting an international CTF is a total waste.

What a stupid move to host the challenges on the same main server, I don't know what you were all thinking, especially pwning --'.
ALTHOUGH, this doesn't excuse what InfoSecIITR did, very uncool and very childish. And to a team from your own country as well, so messed up.

Is the management working on the problem?

you guys should have atleast notified the host
u might be a top tier team
but there are others who wanted to play this ctf atleast for the sake of fun
and this is a complete disgrace for both the "prestigious" universities of the country.

this is the dumbest, bad, stupidly organized and unstable ctf my team has ever played!

Ok so first of all someone *pwned the server alongside us and deleted the database*. Then people started deleting the discord channels and then they removed all the admins from that discord server. After all this I dont think anyone should waste his/her time on this ctf. So we released all the flags.

how was discord compromised ?
was the same creds used everywhere ?
out of all i wanna know how this happened

Please, add a writeup on how you pwned the server :)

Don't play this shit wait for aero ctf tomorrow...
This guys are known for not paying prizes to the wining teams for years.
Finally this year they got what they deserve everything got pwned even the discord server rofl.
Don't forget to rate 0 in the end of the ctf

https://blog.rwx.kr/how-pragyan-ctf-2020-hacked/
I will make this public at the end time of this competition.

Facts proving Pragyan team are noobs:

1. Challenges docker containers on the same host than the scoreboard. You need to use two separate hosts.
2. Not using docker virtual networks. You need to put put each challenge container on a virtual bridge, so from one compromised challenge machine you can reach other challenge machines or the host.
3. Bad permission on the web folders.

PS: well done @posix

When its gonna be back ?

Still down?

whatever happened could have been avoided.

We will be getting the event back up shortly.

it's not that hard to get permissions right.

Hey pragyanCTF Organizers,
Greetings from OTA

If you are working on making the ctf online again, please fix the following to avoid getting hacked again

Our team member was digging in when he noticed the following:

```
dig A ctf.pragyan.org
```

Found the IP 167.99.28.218

opened it and we found your server config, which was updated 30min ago with SQL backup and everything again.
This is a concern message to help you not get rekt again, so please fix its permission asap

Regards
OTA

Now I guess its a challenge for them to host it securely instead XD

discord channel invite?

The flag was leaked once more. Change it again.
@pragyanctf

lol

plz hide dockerfile / docker-compose.yml

are you sure open your server info to everyone?

Please reset flags, server is hackable. I was able to see the flags. -_-' Not fair for everyone.

Plus fix/patch servers and change all previous creds used.

I found an issue, the format of this CTF is listed as Jeopardy though it's clearly an Attack-Defense.

@ameeer Thank you, we have resolved the issue.

no discord channel?

New binary challenges have been added

no discord channel?

Clarification on payment of prize money - We have paid all winners from 2019.
https://drive.google.com/folderview?id=1BYfu4RFpZt-t05BT-eg02DxNeF3oEYbP

As the admin dont answer about discord channel, i created an unofficial one.

https://discord.gg/M52txcx

happy to join, im alone on it at this moment

and hacked again!?

wait what happened to the database !

The portal is up now.

no reversing ?

so bad !!!

wrong scoreboard,
removing space character.

wrong scoreboard !! can you fix it ?
poor organisation for real , pwned website platform , discord got hacked , wrong scoreboard removing spaces from team name ..

In https://ctf.pragyan.org/scores
you guys strike out these teams:
https://ctf.pragyan.org/user?id=669
https://ctf.pragyan.org/user?id=675

and add them in this scoreboard?
this affects all team ratings very badly
can you guys give a clarity on what this was?
there has been no communication whatsoever by any admin so far after the CTF was hacked

wtf, add spaces on team name and fix the scoreboards!

We have contacted ctftime admins regarding the same, will resolve the whitespace issue ASAP

already one week and u didn't fix the scoreboard , and the ctftime still didn't merge the 2 teams ,
perfect CTF ever ..