Hack the Hackers

Live now until the 8th of November!

The goal of this contest is to discover vulnerabilities in pentest-tools.com, an online platform for penetration testing and vulnerability assessment.

In order to create a free account on the platform, you can use the following registration link and the voucher code HACKING-VILLAGE-2019.

Each vulnerability that you find should be reported at security@pentest-tools.com and reports must include technical details such as: proof-of-concepts, screenshots and a set of reproducible steps.

After we centralize and analyze the results based on our scoring system, the top three contestants will receive a prize.

Not all vulnerabilities are considered equal and it is up to our security team to decide the accepted risk level for each vulnerability.

However, you should consider the guidelines from the Rules and Scoring sections below.

Rules of Engagement
  • Scope: only https://pentest-tools.com is in scope.
  • Out-of-Scope vulnerabilities:
    • Cross-Site Request Forgery (CSRF)
    • Automated scanner output or scanner-generated reports, including any automated or active exploit tool
    • Man-in-the-Middle attacks
    • Social engineering attacks, including those targeting internal employees
    • Host header injections without a specific, demonstrable impact
    • Denial of service (DOS) attacks using automated tools
    • Self-XSS, which includes any payload entered by the victim
    • Any vulnerabilities requiring significant and unlikely interaction by the victim, such as disabling browser controls
    • Infrastructure vulnerabilities, including:
      • Issues related to SSL certificates
      • DNS configuration issues
      • Server configuration issues (e.g. open ports, TLS versions, etc.)
  • Information disclosure of public or non-protected information (e.g. code in a public repository, server banners, etc.)
  • Any other submission determined to be low risk, based on unlikely or theoretical attack vectors, requiring significant user interaction, or resulting in minimal impact
  • Vulnerabilities on third party libraries without showing specific impact to the target application (e.g. a CVE with no exploit)
Scoring system

Each accepted vulnerability will have a risk level and score:

  • Low – 25 points
  • Medium – 50 point
  • High – 75 points
  • Critical – 100 points

Contact: security@pentest-tools.com

PRIZES

1st place:

– JBL Clip 3 – Wireless Portable Speaker Waterproof
– 1 year license (Pro Advanced) at Pentest-Tools.com

2nd place:

– JJRC H36 Drone
– 1 year license (Pro Advanced) at Pentest-Tools.com

3rd place:

– Raspberry Pi 4
– 1 year license (Pro Advanced) at Pentest-Tools.com

SPONSORED BY