On 2/4/2024, we hosted our first 6-Hour Capture the Flag challenge! Over 600 developers and hackers from diverse backgrounds registered for this challenge. Participants tackled a series of challenges by hacking short snippets of code by spotting vulnerabilities and exploiting them.
Nearly 100 participants joined, with 75 successfully solving at least 1 challenge. We received 146 correct solutions in total! 3 people solved 6 challenges,1 person solved 5, 3 people solved 4 and the rest solved between 1 and 3 challenges each.
1st - Philippe Dourassov, #/6 challenges solved within 1 hours 58 minutes
2nd - physuru, #/6 challenges solved within 3 hours 42 minutes
3rd - Evangelos Lioudakis, #/6 challenges solved within 5 hours 50 minutes
Challenge #1 - Matthias L - view the writeup here
Challenge #2 - Bhavya Jain - view the writeup here
Challenge #3 - Yoeri Vegt - view the writeup here
Challenge #4 - Lucas Voxted - view the writeup here
Challenge #5 & 6 - Evangelos Lioudakis - view the writeups here
Join us for our next live event for the chance to win prizes!
We’ve built our authentication system on the strongest technology ever: JWT. We’ve even enabled all of the encryption methods for extra security. I’m sure no one can steal the flag now!
Oof, this challenge has no code and just a configuration file, surely nothing can go wrong now! Everything looks so good on my “Fun with flags”-fanpage! Maybe you can find something off by a bit with this challenge
We’ve built an exciting new recipe book website. However, in our kitchen we had a problem with our WiFi whenever we used the microwave, so I had to add a last-minute feature to make sure our website worked even when offline using web workers and post messages. That last bit wasn’t security-checked, but what can go wrong?!
This is a website where you can take your profile and export it and then later import it again. This is a super cool feature, but something went wrong quite quickly. Can you figure out how to get an RCE on this little webapp?
You’ve gained access to an administrator portal that allows you to execute commands? Surely that’s vulnerable right? Well, not quite. You can’t seem to figure out how to actually get an OS command injection. What is this madness, right as you start getting errors in your brain, you realize that maybe errors are the way in after all!
Congratulations, you’ve made it this far, so you get a certificate. A certificate of support, with your name written on it. But oops! Our certificate generator is vulnerable. Can you spot the vulnerability in the code?
This event showcased a captivating blend of individual talent, creativity, and problem-solving as participants competed to overcome the challenges. Congratulations to all the winners!
Make sure to join our Discord to connect with our community and participate in our bi-weekly CTF Challenges.