BFS Ekoparty 2019 Exploitation Challenge - Override Banking Restrictions to get US Dollars

Show us your skills, get invites to the BFS-IOACTIVE party and an opportunity to join BFS!


Ekoparty is back! This year we will be giving away invites to the BFS-IOACTIVE party which will take place during the Ekoparty security conference. Additionally, with this challenge you get to show off your skills and have an opportunity to join the BFS research security team.

The Scenario

The economy is collapsing! There is no escape. New regulations are now restricting purchases of US dollars, panic is in the air and there is no hope in sight. Your only option in order to save your currency is to override banking restrictions and convert all your pesos to US dollars. To achieve this task, you must hack your bank and override restrictions! Luckily, you have a contact at the bank who has provided you with his credentials. The current problem is that you need to pivot to another central system inside the bank which is running a custom network service. Luckily you got your hands on the service binary running on the target system. Perhpas there is a bug there that you can use?

The Rules

  1. Bypass ASLR remotely, get code execution and pop calc.exe or notepad.exe in order to ensure the system is fully under your control. Be careful, process continuation is key to ensure all systems continue to function properly.
  2. Your exploit must work in the 64-bit version of Windows 10 Redstone 6
  3. Solutions will be accepted in Python
  4. If you succeed, you will get an invite to the BFS-IOACTIVE party and a chance to join the BFS security research team.
  5. Solutions should be sent to and your full name needs to be provided in order to claim a free ticket.

You can download the application here

Best of luck, see you at Ekoparty!