White hat hackers and defense experts test their limits online and offline in this year's biggest cyberbattle at PHDays Fest 2

Standoff 13 main stage

Earn points by finding vulnerabilities in systems. Points are awarded separately for each system, and you can report only one vulnerability of each type per system.

NoT1meToSleep

The company provides hosting services and develops software for organizations across various sectors. For instance, it maintains a ticket sales service and a platform for interaction between citizens and government authorities.

## Scope
Outer perimeter:
it.stf 10.119.12.0/26,
hosting.stf 10.119.12.64/26,
10.119.14.0/24 
Inner perimeter:
hosting.stf 10.149.18.0/23,
it.stf 10.149.16.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

STFware

IDDQD

The company produces, refines, stores, and markets oil and gas. Among its assets are a production field, an oil refinery, pipelines with pumping stations, tankage facilities, an oil-product loading station for rail transportation, and a gas distribution station

## Scope
Outer perimeter: 
10.119.11.128/26 
Inner perimeter:
10.149.12.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Tube

tSOC

The company owns a railroad, an airport, and a seaport. Heavy Logistics also operates the traffic-light system in the capital

## Scope
Outer perimeter:
10.119.12.192/26
Inner perimeter:
10.149.24.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Heavy Logistics

Command_and_Defend

The Central Bank of Standoff is the country's financial regulator. Consumer financial services are provided by three commercial banks. The Commercial Bank of Standoff, which has many offices across the country, caters to companies and organizations. First Partner Bank manages merchant accounts and enables QR code payments and fast transactions. Global Digital Bank has only one branch office as it is fully automated; the bank's applications are cloud-based.

## Scope
Outer perimeter:
combs.stf 10.119.10.64/26
centralb.stf 10.119.10.128/26
firstpb.stf 10.119.10.192/26
glodb.stf 10.119.11.0/26

Inner perimeter:
combs.stf 10.149.2.0/23
centralb.stf 10.149.4.0/23
firstpb.stf 10.149.6.0/23
glodb.stf 10.149.8.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Banking system

Your shell not pass

Electricity is generated at thermal and hydroelectric power plants, as well as by wind turbines and a solar power plant. The generated electricity is delivered through power lines to substations that feed cities, factories, and transport. All substations are managed by a dispatch control center. Smart meters send readings directly to the energy company.

## Scope
Outer perimeter: 
10.119.10.0/26
Inner perimeter:
10.149.0.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Electric power industry

Maybe False

ОЦК Минпромторга России

The factory has an onsite ore-blending plant with a bucket-wheel excavator and conveyor, a blast furnace, an oxygen-converter section, a rolling mill, and a continuous casting machine. Rolled metal is transported to customers from the finished product storage area

## Scope
Outer perimeter:
10.119.11.64/26
Inner perimeter:
10.149.10.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

MetalliKO

Grep_Tribe

Cyber1000

WithoutP@$$w0rd

The company's main business is providing housing and public services. In particular, it is in charge of street lighting, CCTV maintenance, and digital billboards. It also helps residents equip their apartments with IoT devices. Beside that, City Housing & Utilities manages a stadium, a multifunctional public service center, and an automated warehouse (dark store).

## Scope
Outer perimeter:
10.119.11.192/26
Inner perimeter:
10.149.14.0/23

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

City Housing & Utilities

GreenWallTeam

The company owns a nuclear power plant with a single power unit and a uranium enrichment plant. The energy generated by the nuclear power plant is delivered to consumers through substation 3. The plant has centrifuges that separate uranium-235 from uranium-238

## Scope
Outer perimeter:
10.119.12.128/26
Inner perimeter:
10.149.20.0/22

## Out of scope: 
1) all servers named logc.&lt;office&gt;.stf
2) network 10.119.1.0/24
3) SC SERVERS, SC USERS networks: 10.149.2.0/26, 10.149.4.0/26, 10.149.6.0/26, 10.149.8.0/26, 10.149.10.0/26, 10.149.12.0/26, 10.149.14.0/26, 10.149.16.0/26, 10.149.18.0/26, 10.149.20.0/26, 10.149.22.0/26, 10.149.24.0/26
4) Accounts starting with "pt*"

## Vulnerability reports
The tasks indicate where the vulnerabilities are located: on Gate hosts or in the DMZ and further within the infrastructure. Reports on vulnerabilities found in Gate are automatically verified upon flag submission. Reports on vulnerabilities found in the DMZ and within the infrastructure are verified by the jury.  
 
When reporting a vulnerability, make sure to note where it was found. If it was discovered on Gate hosts, open the report in the relevant tab, select the vulnerability, and submit the flag. If it was found in the DMZ and further within the infrastructure, fill out a report for the jury.

Standoff 13 main stage

Scope

Out of scope:

Vulnerability reports

Results