schedule
schedule
home cfp register sg_program sg_speakers sg_training sponsorship download archive travel about contact
Archive > 2009 > Singapore > P2O

What is Pwn?

From Wikipedia: Pwn is a leetspeak slang term, derived from the verb "own", as meaning to appropriate or to conquer to gain ownership. The term implies domination or humiliation of a rival, used primarily in the Internet gaming culture to taunt an opponent who has just been soundly defeated (e.g. "You just got pwned!"). The past tense may also be spelled: pwnd, pwn'd pwn3d, pwnt or powned.

In hacker jargon, pwn means to compromise or control, specifically another computer (server or PC), web site, gateway device, or application. It is synonymous with one of the definitions of hacking or cracking. An outside party who has pwned a system has obtained unauthorised administrative control of it.

What is 0wn?

Owned is a slang word, that originated among 1990s hackers, where it referred to "rooting" or gaining administrative control over someone else's computer. The term's original usage was close to that of the traditional meaning of the word "own" - for instance, "I owned the network at MIT" indicated that the speaker had cracked the servers and had the same root-level privileges that the legitimate owner of the servers had. "Owned", a later variant, became more common in the late 1990s, as did the more abstract usage referring to any compromised security mechanism. By 1997, "owned" was regularly used in website defacements, and it subsequently spread to gaming circles, where it was used to refer to defeat in a game. For example, if someone makes a particularly good kill shot or wins a fight in a multiplayer video game, they might yell out "owned" to the loser(s), as a manifestation of victory, a taunt, or provocation.

Owned has now spread beyond computer and gaming contexts and become part of standard slang, where it typically entails severe defeat or humiliation, usually in an amusing way or through the dominance of an opposing party. Other variations of the word owned include own3d, 0wn3d and pooned, terms which incorporate elements of leetspeak.

At some point, the variant term "pwned" appeared in the same subculture; this alteration originated from typos that occurred when hasty gamers tried typing too fast on the keyboard, thus missing the "o" and typing "p" instead. Pwn has become a term in its own right.

So...PWN20WN means, very simply, compromise a machine to take control of it. Therefore, this game is really simple to play. If you can show us that you are able to gain control of any of these applications by compromising it, we will offer you a prize of a laptop computer and S$4,000 cash.

Rich Internet Apps (RIA) category:
Adobe Flash
Silverlight
Java

Office Suites category:
MS Office 2007
Open Office
Google Docs (run on chrome browser)

How to play?

  1. Anyone can take part.
  2. There will be a whiteboard at the PWN20WN room, sign up on the whiteboard. You are only allowed 1 time-slot a day. first come first served basis.
  3. You must sign an agreement of responsible disclosure before being allowed to compete.
  4. You can try any number of applications (within 1 category) during the allocated timeslot.
  5. You submit a copy of their exploits to the judges before starting. This would be stored on a server machine that the contestants can surf to in order to show their exploits (server will be managed by the judges/tech assistants)
  6. You can only try your exploits inside (within) of the designated VM on the desktop
  7. The game desktops will be connected to a projector for audience benefit
  8. All winning exploits must be handed over to COSEINC to be responsibly disclosed. Contestants should allow COSEINC to handle the disclosure process and not disclose further information on their own.
  9. You must disclose details of exploit to judges for judging purposes.
  10. Winning entries must be proven original (0-day)
  11. Judges decision is final.

In order to win:

  1. Only one click allowed to follow a given link or open a given document
  2. You must prove that code execution has taken place in the context of the targetted application
  3. For Google docs+chrome case: you will need to access a given Google Docs account (COSEINC generated account) and retrieve a file located inside with a secret password. The text of the file is in clear. the objective will be to just demonstrate unauthorised access
  4. prizes given only if targetted application is exploited. for example, no prize if a OS vulnerability or VMWare issue is exploited.

Prizes

  1. First 3 winning exploits will win a laptop computer (allocation decided by judges and COSEINC)
  2. COSEINC will offer a cash prize of $4000 for 3 eligible entries
  3. For cash prize, you must sign NDA with COSEINC. the vulnerability and exploit will belong exclusively to COSEINC
  4. One winning exploit per application. Once a winner is declared for the application, it will be removed from the contest

Disqualification

  1. Doing anything outside of designated machine/vm
  2. Attempting to hack infra, such as hotel network
  3. You will be handed over to the police
© Copyright, 2014, SyScan