Welcome to Day Three of our first ever Pwn2Own Ireland competition! We’ve already awarded $874,875, and we have 15 attempts left to go. Will we hit the $1,000,000 mark or will all remaining attempts end up in bug collisions? Stay tuned to find out. All times are Irish Standard Time (GMT +1:00).
SUCCESS – Ha The Long with Ha Anh Hoang of Viettel Cyber Security (@vcslab) used a single command injection bug to exploit the QNAP TS-464 NAS. Their fourth-round win nets them $10,000 and 4 Master of Pwn points.
FAILURE – Unfortunately, Sina Kheirkhah (@SinSinology) and Enrique Castillo (@hyprdude) of Summoning Team (@SummoningTeam) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.
SUCCESS – Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from the DEVCORE Research Team combined a CRLF Injection, an Auth Bypass, and a SQL Injection to exploit the Synology BeeStation. They earn $20,000 and 4 Master of Pwn points.
SUCCESS – PHP Hooligans / Midnight Blue (@midnightbluelab) used an OOB Write and a memory corruption bug to go from the QNAP QHora-322 to the Lexmark printer, which they demonstrated by printing their own “cash”. Their successful SOHO Smashup earns them $25,000 and 10 Master of Pwn points.
SUCCESS – The Viettel Cyber Security (@vcslab) used a single type confusion bug to exploit the Lexmark CX331adwe printer. In the process, they earn $20,000 and 2 Master of Pwn points.
COLLISION – Our first collision of Day Three: the group from STEALIEN Inc. successfully popped the Lorex camera, but the bug they used had already been demonstrated in the contest. They still earn $3,750 and 1.5 Master of Pwn points.
COLLISION – namnp and tunglth of Viettel Cyber Security (@vcslab) ran into another collision. Their stack-based buffer overflow took over the Canon printer, but it had been previously used in the competition. They still earn $5,000 and 1 Master of Pwn point.
SUCCESS – Newcomers Team Smoking Barrels used an unprotected primary channel bug to exploit the Synology BeeStation for code execution. They earn $10,000 and 4 Master of Pwn points.
FAILURE – Unfortunately, the Viettel Cyber Security (@vcslab) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.
SUCCESS – In the penultimate attempt of Day 2, Daan Keuper (@daankeuper), Thijs Alkemade (@xnyhps), and Khaled Nassar (@notkmhn) from Computest Sector 7 (@sector7_nl) combined 4 bugs, including a command injection and a path traversal to going from the QNAP QHora-322 to the TrueNAS Mini X. They earn $25,000 and 10 Master of Pwn points.
FAILURE – ExLuck (@ExLuck99) of ANHTUD was unable to complete his SOHO S=mashup in the time allotted. HE was able to get into the Synology router but couldn’t successfully pivot to the Canon printer.
Welcome to Day Three of our first ever Pwn2Own Ireland competition! We’ve already awarded $874,875, and we have 15 attempts left to go. Will we hit the $1,000,000 mark or will all remaining attempts end up in bug collisions? Stay tuned to find out. All times are Irish Standard Time (GMT +1:00).
SUCCESS – Ha The Long with Ha Anh Hoang of Viettel Cyber Security (@vcslab) used a single command injection bug to exploit the QNAP TS-464 NAS. Their fourth-round win nets them $10,000 and 4 Master of Pwn points.
FAILURE – Unfortunately, Sina Kheirkhah (@SinSinology) and Enrique Castillo (@hyprdude) of Summoning Team (@SummoningTeam) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.
SUCCESS – Pumpkin Chang (@u1f383) and Orange Tsai (@orange_8361) from the DEVCORE Research Team combined a CRLF Injection, an Auth Bypass, and a SQL Injection to exploit the Synology BeeStation. They earn $20,000 and 4 Master of Pwn points.
SUCCESS – PHP Hooligans / Midnight Blue (@midnightbluelab) used an OOB Write and a memory corruption bug to go from the QNAP QHora-322 to the Lexmark printer, which they demonstrated by printing their own “cash”. Their successful SOHO Smashup earns them $25,000 and 10 Master of Pwn points.
SUCCESS – The Viettel Cyber Security (@vcslab) used a single type confusion bug to exploit the Lexmark CX331adwe printer. In the process, they earn $20,000 and 2 Master of Pwn points.
COLLISION – Our first collision of Day Three: the group from STEALIEN Inc. successfully popped the Lorex camera, but the bug they used had already been demonstrated in the contest. They still earn $3,750 and 1.5 Master of Pwn points.
COLLISION – namnp and tunglth of Viettel Cyber Security (@vcslab) ran into another collision. Their stack-based buffer overflow took over the Canon printer, but it had been previously used in the competition. They still earn $5,000 and 1 Master of Pwn point.
SUCCESS – Newcomers Team Smoking Barrels used an unprotected primary channel bug to exploit the Synology BeeStation for code execution. They earn $10,000 and 4 Master of Pwn points.
FAILURE – Unfortunately, the Viettel Cyber Security (@vcslab) could not get their exploit of the Ubiquiti AI Bullet working within the time allotted.
SUCCESS – In the penultimate attempt of Day 2, Daan Keuper (@daankeuper), Thijs Alkemade (@xnyhps), and Khaled Nassar (@notkmhn) from Computest Sector 7 (@sector7_nl) combined 4 bugs, including a command injection and a path traversal to going from the QNAP QHora-322 to the TrueNAS Mini X. They earn $25,000 and 10 Master of Pwn points.
FAILURE – ExLuck (@ExLuck99) of ANHTUD was unable to complete his SOHO S=mashup in the time allotted. HE was able to get into the Synology router but couldn’t successfully pivot to the Canon printer.