Hack2Win eXtreme Warm Up

Hack2Win eXtreme

In our upcoming Hack2Win eXtreme event in Hong Kong we will be asking contest participants to come and try their skills breaking into devices and software, showing their abilities in finding vulnerabilities in iOS and Android, as well as in Chrome and Firefox.
In preparation for the event, we are launching a “warm up” event where the target is different from the above devices and software. The event will be open to anyone who wants to participate, and will be open until the 19th of September (inclusive).
The target for this Hack2Win eXtreme warm-up will be Adobe Reader on Android, and the goal is to get it to run arbitrary code when a PDF file is opened.
An award prize of 30,000$ USD will be given to any person (up to 5 winners) that is able to provide a PDF file which is opened from either the local storage (on the Android device) or accessed through a URL being typed into a browser (Chrome, Firefox, etc), where that the PDF is able to:

  • Get code execution, which is able to do either:
    • Write an arbitrary file to the data folder of the Adobe Reader
    • Run /bin/bash – which should be visible when you run ‘ps’ on the Android OS

In addition, the vulnerability should be in Adobe Reader and not in some external application that can be launched from within Adobe Reader; it should not require any interaction beyond opening the file (e.g. clicking on popups or a confirmation dialog after the PDF is opened will not be considered a code execution vulnerability).
How to submit?
The submission process will be the same as any other vulnerability that being submitted to us, please refer to Submission Process page for more details.
Contest Deadline
Once we have reached the deadline (19th of September) or receive 5 valid submissions, we will no longer accept additional submissions. We will announce this on this blog page as well as on our @SecuriTeam_SSD twitter account.
The Hack2Win eXtreme is open for registration to anyone who is 18 years of age or older at the time of submission – excluding anyone working for Adobe. Also excluded are Beyond Security employees and any of its affiliates.
Winner Selection
The first 5 (five) submissions received will be selected, according to the email timestamp. Only complete and working submissions will be considered. If a submission does not work you will be asked to provide a working version – the submission date will be the date the working version was sent to Beyond Security.
Vulnerabilities and exploit techniques revealed by contest winners will be disclosed to Adobe and the exploits and whitepapers will be the property of Beyond Security. The original finder of the vulnerability will receive credit (or remain anonymous if he/she wishes to remain anonymous) for the vulnerabilities, the whitepaper and the disclosure.

SSD Advisory – Hack2Win – Cisco RV132W Multiple Vulnerabilities

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in Cisco RV132W Wireless N VPN version
The Cisco RV132W Wireless-N ADSL2+ VPN Router is “easy to use, set up, and deploy. This flexible router offers great performance and is suited for small or home offices (SOHO) and smaller deployments.”
The vulnerabilities found are:

  • Information Disclosure That Leads to Password Disclosure
  • Unauthenticated WAN Remote Code Execution

A security researcher from, NSHC, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program
Vendor response
Cisco were informed of the vulnerabilities and released patches to address them: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x
CVE: CVE-2018-0125 / CVE-2018-0127

SSD Advisory – Hack2Win – Asus Unauthenticated LAN Remote Command Execution

Vulnerabilities Summary
The following advisory describes two (2) vulnerabilities found in AsusWRT Version The combination of the vulnerabilities leads to LAN remote command execution on any Asus router.
AsusWRT is “THE POWERFUL USER-FRIENDLY INTERFACE – The enhanced ASUSWRT graphical user interface gives you easy access to the 30-second, 3-step web-based installation process. It’s also where you can configure AiCloud 2.0 and all advanced options. ASUSWRT is web-based, so it doesn’t need a separate app, or restrict what you can change via mobile devices — you get full access to everything, from any device that can run a web browser”
The vulnerabilities found are:

  • Access bypass
  • Configuration manipulation

An independent security researcher, Pedro Ribeiro (pedrib_at_gmail.com), has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
Asus were informed of the vulnerabilities and released patches to address them (version
For more details: https://www.asus.com/Static_WebPage/ASUS-Product-Security-Advisory/
CVE: CVE-2018-5999 and CVE-2018-6000

Hack2Win eXtreme

Hack2Win is a hacking competition we launched 5 years ago.
The competition had so far two flavors – Hack2Win Online and Hack2Win CodeBlue.
We decided to go big this year and with Hack2Win eXtreme!
Hack2Win eXtreme will focus on two primary targets, browsers and mobile.
We have up to $500,000 USD to give away!
The competition will take place during the beVX conference, on September 20-21, 2018.

SSD Advisory – D-Link 850L Multiple Vulnerabilities (Hack2Win Contest)

Vulnerabilities Summary
The following advisory describe three (3) vulnerabilities found in D-Link 850L router.
The vulnerabilities have been reported as part of Hack2Win competition, for more information about Hack2Win – Hack2Win – https://blogs.securiteam.com/index.php/archives/3310.
The vulnerabilities found in D-Link 850L are:

  • Remote Command Execution via WAN and LAN
  • Remote Unauthenticated Information Disclosure via WAN and LAN
  • Unauthorized Remote Code Execution as root via LAN

The vulnerabilities were found by the following researchers, while participating in Beyond Security’s Hack2Win competition:

  • Remote Command Execution via WAN and LAN: Zdenda
  • Remote Unauthenticated Information Disclosure via WAN and LAN: Peter Geissler
  • Unauthorized Remote Code Execution as root via LAN: Pierre Kim

Vendor response
The vendor has released patches to address this vulnerabilities (Firmware: 1.14B07 BETA).
For more details: http://support.dlink.com/ProductInfo.aspx?m=DIR-850L