2018 The secondary vocational group of the national vocational college skills competition

“ Cyberspace Security ” Official competition volume

One 、 Competition stage

Two 、 Topology

PC Machine environment ：

The physical machine ：Windows7;

virtual machine 1：Ubuntu Linux 32bit（ user name ：root; password ：toor）, Install toolset ：Backtrack5, Installation development environment ：Python3;

virtual machine 2：Kali（ user name ：root; password ：toor）;

virtual machine 3：WindowsXP（ user name ：administrator; password ：123456）.

3、 ... and 、 Competition assignment

（ One ） Phase I mission statement （700 branch ）

Mission 1. MSSQL Database penetration test （100 branch ）

Mission environment description ：

• Server scenario ：server2003（ user name ：administrator; password ： empty ）
• Server scenario operating system ：Windows server2003

1. In the local PC Penetration testing platform BT5 Use in zenmap Tool scan server scenario server2003 Network segment ( for example ：172.16.101.0/24) Live hosts in range IP Address and designated open 1433、3306、80 port . And take the string that must be used in the command used in this operation as FLAG Submit ;（10 branch ）

2. Via local PC Medium penetration test platform BT5 For the server scenario server2003 Conduct system service and version scanning penetration test , And take the service port information corresponding to the database service in the operation display result as FLAG Submit ;（10 branch ）

3. In the local PC Penetration testing platform BT5 Use in MSF The module explodes it , Use search command , And take the name of the scanning weak password module as FLAG Submit ;（10 branch ）

4. On the basis of the previous question, use the command to call the module , And view the information to be configured （ Use show options command ）, The target address to be configured in the echo will be displayed , Password guessing Dictionary , Threads , The fields of account configuration parameters are used as FLAG Submit （ Separated by commas , example hello,test,..,..）;（10 branch ）

5. stay msf Configure the target aircraft in the module IP Address , Use the first two words in the configuration command as FLAG Submit ;（10 branch ）

6. stay msf Specify the password dictionary in the module , The dictionary path is /root/2.txt Obtain the password and use the obtained password as FLAG Submit ;（14 branch ）

7. stay msf Switch the new penetration module in the module , For the server scenario server2003 Expand database services and use stored procedures , Call the command of this module as FLAG Submit ;（14 branch ）

8. On the basis of the previous question , Use the 6 Get the password and raise the right , Use at the same time show options Command to view the required configuration , And configuration CMD Parameters to view system users , Use the configured command as FLAG Submit ;（14 branch ）

9. Using msf The module obtains system permissions and views the exceptions of the target system （ hackers ） user , And treat the user as FLAG Submit .（8 branch ）

Mission 2. Host discovery and information collection （100 branch ）

Mission environment description ：

• Server scenario ：server2003（ user name ：administrator; password ： empty ）
• Server scenario operating system ：Windows server2003

1. Via local PC Medium penetration test platform BT5 Use fping For the server scenario server2003 Network segment ( for example ：172.16.101.0/24) Host discovery scan , And take the parameters that must be used in the command used by this operation as FLAG Submit ;（12 branch ）

2. Via local PC Medium penetration test platform BT5 Use genlist For the server scenario server2003 Scan the network segment for host survival discovery , And take the parameters that must be used in the command used by this operation as FLAG Submit ;（12 branch ）

3. Through local PC Medium penetration test platform BT5 Use nbtscan For the server scenario server2003 Search and scan the network segment , Get the target MAC Address and other information , And take the parameters that must be used in the command used by this operation as FLAG Submit ;（12 branch ）

4. Suppose the server scenario server2003 The firewall is set and cannot be used ping testing , adopt PC Medium penetration test platform BT5 Use arping Detect host connectivity scan （ The number of request packets sent is 4 individual ）, And take the fixed string in the command used in this operation as FLAG Submit ;（12 branch ）

5. Via local PC Medium penetration test platform BT5 Use fping For the server scenario server2003 Scan the network segment for survivability , And output the final scanned live host to the file ip.txt in , And take the parameters that must be used in the command used by this operation as FLAG Submit （ The parameters are separated by English commas , example a,b）;（12 branch ）

6. Via local PC Medium penetration test platform BT5 Use nbtscan From 5 The question is ip.txt File read IP Scan host information MAC Address and other information , And take the fixed string in the command used in this operation as FLAG Submit ;（12 branch ）

7. Via local PC Medium penetration test platform BT5 Use xprobe2 For the server scenario server2003 Conduct TCP scanning , Only scan the target 80,3306 Port opening ( The ports are separated by commas in English format ), And take the fixed string in the command used in this operation as FLAG Submit ;（12 branch ）

8. Via local PC Medium penetration test platform BT5 Use xprobe2 For the server scenario server2003 Conduct UDP scanning , Only scan the target 161,162 Port opening ( The ports are separated by commas in English format ), And take the fixed string in the command used in this operation as FLAG Submit .（16 branch ）

Mission 3. SNMP Information collection and utilization （100 branch ）

Mission environment description ：

• Server scenario ：server2003（ user name ：administrator; password ： empty ）
• Server scenario operating system ：Windows server2003

1. In the local PC Penetration testing platform BT5 Use in autoscan Tool scan server scenario server2003 Network segment ( for example ：172.16.101.0/24) The host address that survives in the range . Determine whether the surviving host opens the network management service , If it is on, it will be scanned out SNMP The host name of the service is used as FLAG Submit ;（11 branch ）

2. In the local PC Penetration testing platform BT5 Use in nmap Tool execution UDP Scan server scenario server2003 The host address that exists within the network segment , Judge the openness of network management services , If on , Then scan out SNMP Open port number as FLAG（ The ports are divided by English semicolons , example 21;23）, If not, submit none As FLAG;（11 branch ）

3. In the local PC Penetration testing platform BT5 Call in snmpwalk Tool test server scenario server2003 Open or not Windows SNMP service （ The default string is public, Through the of the target aircraft .1.3.6.1.2.1.25.1.6 Branch on snmpwalk To test the openness of the service （SNMP Version is v2c）, And take the parameters that must be used in the command used by this operation as FLAG Submit （ The parameters are separated by English semicolons , example a;b）;（11 branch ）

4. In the local PC Penetration testing platform BT5 Use in ADMsnmp The tool tries to guess the community string , And use all the commands used as FLAG Submit （ When submitting answers IP With 192.168.100.10 Instead of , Use the default dictionary snmp.passwd）;（11 branch ）

5. Replace with onesixtyone Tools execute commands to view help options , And take the input command as FLAG Submit ;（11 branch ）

6. In the local PC Penetration testing platform BT5 Use in onesixtyone Target machine SNMP Guess the group string , And use all the commands used as FLAG Submit （ The command submitted is ignore IP Commands that must be used after , The name of the dictionary is dict.txt）;（11 branch ）

7. In the local PC Penetration testing platform BT5 View the guessing results in , Take the community string guessed in the echo as FLAG Submit ;（11 branch ）

8. In the local PC Penetration testing platform BT5 Choose a new one from the list SNMP Attack module snmpcheck, According to what you get public Group string and use snmpcheck Collect information about the target plane , And take the parameters that must be used in the command used by this operation as FLAG Submit ;（11 branch ）

9. View the obtained system information , The system administrator user and the exception （ hackers ） Users act as FLAG Submit ,（ Users are separated by English semicolons , example root;user）.（12 branch ）

Mission 4. Windows Operating system penetration test （100 branch ）

Mission environment description ：

• Server scenario ：PYsystem4
• Server scenario operating system ：Windows（ Version unknown ）

1. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Perform OS scan penetration test , And display the result of this operation “Running：” The following string is used as FLAG Submit ;（6 branch ）

2. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct system service and version scanning penetration test , And display the operation in the result 445 The service version information string corresponding to the port is used as FLAG Submit ;（6 branch ）

3. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct penetration tests , Put the scene in the network connection information DNS Information as FLAG Submit ;( for example 114.114.114.114)（13 branch ）

4. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct penetration tests , Put the scene on the desktop 111 The only suffix in the folder is .docx The file name of the file is used as FLAG Submit ;（14 branch ）

5. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct penetration tests , Put the scene on the desktop 111 The only suffix in the folder is .docx The document content of the file is used as FLAG Submit ;（16 branch ）

6. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct penetration tests , Put the scene on the desktop 222 The English word in the only picture in the folder is FLAG Submit ;（15 branch ）

7. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct penetration tests , Take the password of the current top account administrator in this scenario as FLAG Submit ;（10 branch ）

8. Via local PC Medium penetration test platform Kali For the server scenario PYsystem4 Conduct penetration tests , Take the document contents of the files in the recycle bin in this scenario as FLAG Submit .（20 branch ）

Mission 5. Linux Operating system penetration test （100 branch ）

Mission environment description ：

• Server scenario ：PYsystem5
• Server scenario operating system ： Unknown

1. Via local PC Medium penetration test platform Kali For the server scenario PYsystem5 Perform OS scan penetration test , And display the result of this operation “OS Details：” The following string is used as FLAG Submit ;（6 branch ）

2. Via local PC Medium penetration test platform Kali For the server scenario PYsystem5 Conduct system service and version scanning penetration test , And display the operation in the result MySQL The service version information string corresponding to the database is used as FLAG Submit ;（6 branch ）

3. Via local PC Medium penetration test platform Kali For the server scenario PYsystem5 Conduct penetration tests , Put the scene /var/www/html The only suffix in the directory is .html The file name of the file is used as FLAG Submit ;（12 branch ）

4. Via local PC Medium penetration test platform Kali For the server scenario PYsystem5 Conduct penetration tests , Put the scene /var/www/html The only suffix in the directory is .html The contents of the document are used as FLAG Submit ;（16 branch ）

5. Via local PC Medium penetration test platform Kali For the server scenario PYsystem5 Conduct penetration tests , Put the scene /root The only suffix in the directory is .bmp The file name of the file is used as FLAG Submit ;（27 branch ）

6. Via local PC Medium penetration test platform Kali For the server scenario PYsystem5 Conduct penetration tests , Put the scene /root The only suffix in the directory is .bmp The English words in the picture file are used as FLAG Submit .（33 branch ）

Mission 6. Network protocol stack penetration test （100 branch ）

Mission environment description ：

Server scenario ：WindowsServer18065

Server scenario operating system ：Windows2003 Server

Server scenario FTP Download service user name ：anonymous, password ：123456

Server scenario FTP Download service port ：2121

1. Physical machine ping Program access target , After a successful visit , Use... In attack aircraft arpspoof The program controls the physical machine ARP Penetration test , To the physical machine ARP The cache is poisoned to ： Drone aircraft IP Address mapping attacker MAC Address ; From the target server scenario FTP Download files from the server arpspoof.py, Edit this Python3 Program files , Make the program realize the same as that in this task arpspoof Program consistent functions , Fill in the blanks in this document F1 character string , Take this string as Flag Value submission ;（9 branch ）

2. Continue editing the Python3 Program files , Make the program realize the same task 1 in arpspoof Program consistent functions , Fill in the blanks in this document F2 character string , Take this string as Flag Value submission ;（9 branch ）

3. Continue editing the Python3 Program files , Make the program realize the same task 1 in arpspoof Program consistent functions , Fill in the blanks in this document F3 character string , Take this string as Flag Value submission ;（9 branch ）

4. Continue editing the Python3 Program files , Make the program realize the same task 1 in arpspoof Program consistent functions , Fill in the blanks in this document F4 character string , Take this string as Flag Value submission ;（9 branch ）

5. Continue editing the Python3 Program files , Make the program realize the same task 1 in arpspoof Program consistent functions , Fill in the blanks in this document F5 character string , Take this string as Flag Value submission ;（9 branch ）

6. Continue from the target server scenario FTP Download files from the server icmpflood.py, Edit this Python3 Program files , Make the program pass ICMP To the physical machine DOS（ Denial of service ） Function of penetration test , Fill in the blanks in this document F6 character string , Take this string as Flag Value submission ;（9 branch ）

7. Continue editing named icmpflood.py Of Python3 Program files , Make the program pass ICMP To the physical machine DOS（ Denial of service ） Function of penetration test , Fill in the blanks in this document F7 character string , Take this string as Flag Value submission ;（9 branch ）

8. Continue editing named icmpflood.py Of Python3 Program files , Make the program pass ICMP To the physical machine DOS（ Denial of service ） Function of penetration test , Fill in the blanks in this document F8 character string , Take this string as Flag Value submission ;（9 branch ）

9. Continue editing named icmpflood.py Of Python3 Program files , Make the program pass ICMP To the physical machine DOS（ Denial of service ） Function of penetration test , Fill in the blanks in this document F9 character string , Take this string as Flag Value submission ;（9 branch ）

10. Continue editing named icmpflood.py Of Python3 Program files , Make the program pass ICMP To the physical machine DOS（ Denial of service ） Function of penetration test , Fill in the blanks in this document F10 character string , Take this string as Flag Value submission ;（9 branch ）

11. In the local PC Penetration testing platform BT5 Pass through Python3 The program interpreter executes the program file icmpflood.py, And open WireShark Monitoring network traffic , Analysis through program files icmpflood.py Produced ICMP Traffic , And put the ICMP In the data object Code Attribute values are passed through MD5 The string of the hexadecimal result of the hash value returned after the operation is used as Flag Value submission .（10 branch ）

Mission 7. Web Application penetration testing and security reinforcement （100 branch ）

Mission environment description ：

Server scenario ：WindowsServer18065

Server scenario operating system ：Windows2003 Server

Server scenario FTP Download service user name ：anonymous, password ：123456

Server scenario FTP Download service port ：2121

Server scenario FTP Upload service user name ：anonymous, password ：123456

Server scenario FTP Upload service port ：21

1. Visit the home page through the browser on the attacker side http:// Drone aircraft IP Address , adopt Web The application penetration test method is logged into the simulation product website of Panshi company , After landing successfully , take Web The string that pops up on the page passes SHA256 After the operation, the string that returns the hexadecimal result of the hash value is used as Flag Value submission ;（7 branch ）

2. From the target server scenario FTP Download files from the server loginauthentic.php, Edit this PHP Program files , So that the program can realize the... Of this task 1 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F11 character string , Take this string as Flag Value submission ;（7 branch ）

3. Continue editing section of this task 2 In the question PHP Program files , So that the program can realize the... Of this task 1 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F12 character string , Take this string as Flag Value submission ;（7 branch ）

4. Continue editing section of this task 2 In the question PHP Program files , So that the program can realize the... Of this task 1 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F13 character string , Take this string as Flag Value submission ;（7 branch ）

5. Continue editing section of this task 2 In the question PHP Program files , So that the program can realize the... Of this task 1 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F14 character string , Take this string as Flag Value submission ;（7 branch ）

6. Continue editing section of this task 2 In the question PHP Program files , So that the program can realize the... Of this task 1 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F15 character string , Take this string as Flag Value submission ;（7 branch ）

7. The edited loginauthentic.php Upload the program file to the target FTP service , Visit the home page through the browser on the attacker side http:// Drone aircraft IP Address , Through the... Of this task 1 Question used Web The application penetration test method is logged into the simulation product website of Panshi company , Will this time Web The string that pops up on the page passes SHA256 The string of the hexadecimal result of the hash value returned after the operation is used as Flag Value submission ;（7 branch ）

8. After successfully logging into the simulation product website of Panshi company , Continue to click the hyperlink to enter the product information page of Panshi company , adopt Web The application penetration test method obtains the file under the root path of the target flaginfo String in , And pass the string through SHA256 After the operation, the string that returns the hexadecimal result of the hash value is used as Flag Value submission ;（8 branch ）

9. From the target server scenario FTP Download files from the server product.php, Edit this PHP Program files , So that the program can realize the... Of this task 8 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F16 character string , Take this string as Flag Value submission ;（7 branch ）

10. Continue editing section of this task 9 In the question PHP Program files , So that the program can realize the... Of this task 8 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F17 character string , Take this string as Flag Value submission ;（7 branch ）

11. Continue editing section of this task 9 In the question PHP Program files , So that the program can realize the... Of this task 8 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F18 character string , Take this string as Flag Value submission ;（7 branch ）

12. Continue editing section of this task 9 In the question PHP Program files , So that the program can realize the... Of this task 8 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F19 character string , Take this string as Flag Value submission ;（7 branch ）

13. Continue editing section of this task 9 In the question PHP Program files , So that the program can realize the... Of this task 8 In the question Web Security protection during application penetration testing , Fill in the blanks in this document F20 character string , Take this string as Flag Value submission ;（7 branch ）

14. The edited product.php Upload the program file to the target FTP service , And pass the second step of this task at the attacker 8 Used in the question Web The application penetration test method obtains the file under the root path of the target flaginfo String in , Will this time Web The string that pops up on the page passes SHA256 The string of the hexadecimal result of the hash value returned after the operation is used as Flag Value submission .（8 branch ）

（ Two ） Phase II mission statement （300 branch ）

Suppose that the contestants are information security engineers of an e-commerce enterprise , Be responsible for the security protection of some servers in the enterprise , The server may have various problems and vulnerabilities . You need to secure the server as soon as possible ,15 In minutes, other teams will infiltrate these servers .

according to 《 Field parameter table 》 The information provided in the second stage , Please use PC Google browser login actual combat platform .

Target server environment description ：

scene 1：CentOS2018065（ user name ：root; password ：123456）, Server operating system ：CentOS（ Version unknown ）;

scene 2：Windows2018065（ Unable to open the console to operate the target , Only the of the target can be obtained IP, The competitor needs to enter the target aircraft by other methods to reinforce it ）, Server scenario operating system ：Windows（ Version unknown ）.

matters needing attention ：

1. Cannot attack the referee server , If the attack continues after one warning, the team will be ordered to leave the field ;

2.FLAG The value is the unique identification of each target server , Each target server has only 1 individual ;

3. Target server FLAG Values are stored in /root/flagvalue.txt File or C:\ flagvalue.txt In file ;

4. After logging into the automatic scoring system , Submit to the opponent's target server FLAG value , At the same time, you need to specify the target server of the opponent IP Address ;

5. CentOS2018065 The following services and ports of the target server are not allowed to be closed ：21、22、23、80、555、3306、7000-7999;Windows2018065 The following services and ports of the target server are not allowed to be closed ：HTTP 80、FTP 21、Telnet 23、7000-7999;

6. During system reinforcement, it is necessary to ensure the availability of external services provided by the target aircraft , The service can only change the configuration , Changes are not allowed ;

7. This session is a confrontation session , No overtime .

The list of possible vulnerabilities is as follows ：

1. The vulnerability in the server may be a conventional vulnerability or a system vulnerability ;

2. The website on the target server may have a vulnerability of command injection , Ask contestants to find vulnerabilities related to command injection , Exploit this vulnerability to obtain certain permissions ;

3. There may be a file upload vulnerability on the website on the target server , Ask the contestants to find the loopholes related to file upload , Exploit this vulnerability to obtain certain permissions ;

4. There may be a File Inclusion Vulnerability in the website on the target server , Ask the contestant to find the relevant vulnerabilities contained in the file , Combine with other vulnerabilities to obtain certain permissions and raise rights ;

5. The services provided by the operating system may contain vulnerabilities in remote code execution , Ask the user to find the service for remote code execution , And use this vulnerability to obtain system permissions ;

6. The service provided by the operating system may contain a buffer overflow vulnerability , Services that require users to find buffer overflow vulnerabilities , And use this vulnerability to obtain system permissions ;

7. There may be some system backdoors in the operating system , Players can find this back door , And use the reserved back door to directly obtain the system permission .

Scoring instructions ：

The rules 1： Per submission 1 Secondary target server FLAG Increase in value 2 branch , Whenever submitted by an opponent 1 Secondary target server FLAG Value minus 2 branch , Of each opponent's target server FLAG Values can only be submitted once ;

The rules 2： The system automatically starts the violation detection and score deduction mechanism , If the following violations are found , The system will automatically deduct points , Deduct a score for every violation detected , The score deduction details are displayed in the violation record , Calculated in the total score of the second stage ：

1） The attack and defense phase is enabled FLAG Detection mechanism , If found FLAG abnormal （ for example ： Delete 、 modify 、 Move 、 Killing process ）, Record it as a violation , Deduct points each time 3 branch ;

2） Enable the service port detection mechanism in the attack and defense stage , If the problem of closing is found, the port required to be opened , Record it as a violation , Deduct points for each port 1 branch ;

3） Target server in attack and defense stage IP The address is DHCP Automatic access to , No modification allowed , If modified, all the above detection mechanisms will be triggered ;

4） After reinforcement time , The player shuts down the target server or is shut down by others , Trigger all the above detection mechanisms , And the referee will not help restart .

The rules 3： The second stage is divided into 300 branch , Initial classification 100 branch . In the actual score and large screen display , A player's score may show a negative score or exceed 300 branch ; Those with negative scores , The evaluation results at this stage are all 0 branch ; Usually more than 300 Points of , The evaluation results at this stage are all 300 branch ;0-300 The evaluation score of the score remains unchanged .

Four 、 answer

5、 ... and 、 Standard for evaluation

1. Scoring stage

2. The first stage scoring rules

The rules 1： The first stage is divided into 700 branch , It is divided into 7 A mission , The breakdown of each question is indicated in the competition question ;

The rules 2： The system automatically scores and ranks , On the big screen ;

The rules 3： Players with the same score will be ranked according to the answer time provided by the system , The answer time is the last correct FLAG Time of value submission , First submitters rank high .

3. The second stage scoring rules

The rules 1： The second stage is divided into 300 branch , Initial classification 100 branch ;

The rules 2： Per submission 1 Of the second opponent's target FLAG It's worth scoring , Whenever submitted by an opponent 1 The of the secondary target FLAG Value deduction , Of each opponent's target FLAG Values can only be submitted once , The specific scores of scores and deductions are indicated in the competition questions ;

The rules 3： The system automatically starts the violation detection and score deduction mechanism , If the following violations are found , The system will automatically deduct points , Deduct a score for every violation detected , The deduction details are displayed in the deduction list , Record in the total score of the second stage ：

1） The attack and defense phase is enabled FLAG Detection mechanism , If found FLAG abnormal （ for example ： Delete 、 modify 、 Killing process ）, Record it as a violation , Deduct the corresponding score ;

2） Enable the service port detection mechanism in the attack and defense stage , If the problem of closing is found, the port required to be opened , Record it as a violation , Deduct the corresponding score ;

3） Target plane in attack and defense stage IP Parameter cannot be modified , If the modification is recorded as a violation , Deduct the corresponding score ;

4） After reinforcement time , The competitor shuts down the target plane by himself or by others , All recorded as three violations , Deduct the corresponding score , And the referee will not help restart .

The rules 4： The player's score is displayed on the big screen , A contestant's performance may show a negative score or exceed 300 branch ; Those with negative scores , This stage “ Review the results ” All are 0 branch ; Usually more than 300 Points of , This stage “ Review the results ” All are 300 branch ; The ranking order of contestants remains unchanged , Players who score the same score are based on “ Show grades ” And the ranking is different due to different scoring time points .

【 notes 】

Show grades ： This is the score automatically played by the system , Will be displayed on the big screen , The score may be negative , It may be more than the full score of the second stage 300 The score of points ;

Review the results ： The score is 0-300 Between points , It is the referee who revises according to the results derived from the system , Ensure that the results of the second stage will not affect the results of other stages .

4. Overall closing and opening rules

The rules 1： The final result is obtained by adding the results of the first stage and the review results of the second stage , If the total score is the same , Rank according to the results of the second stage review , In the second stage, the one with high performance in the review is the first ;

The rules 2： If the results of the second stage review are the same , Submit the correct... In the second stage FLAG value （ Show grades ） High and low order , It shows that the high achievers rank high ;

The rules 3： The second stage submission is correct FLAG value （ Show grades ） identical , Submit the last correct... In the second stage FALG Time sequence , Those who finish first rank high .

5. Score entry rules

The rules 1： The score of the score entry system cannot be the same ;

The rules 2： Same score player , In order of ranking , Start with the last player , Every top one , increase 0.01 Sub entry system .