On 3/2/2025, we hosted our FOURTH 6-Hour Capture the Flag challenge! Over 1000+ developers and hackers from diverse backgrounds registered for this challenge. Participants tackled a series of challenges by hacking short snippets of code by spotting vulnerabilities and exploiting them.
Nearly 60 participants joined, with 38 successfully solving at least 1 challenge. We received 92 correct solutions in total! Five people solved 6 challenges, two people solved 5, and seven solved 3 and 2. 17 people solved the 1st challenge.
Congratulations to our CTF Challenge Winners!
1st - Philippe Dourassov, 6/6 challenges solved within 2 hours 29 minutes 13 seconds
2nd - Miguel Costa, 6/6 challenges solved within 3 hours 43 minutes 22 seconds
3rd - Abraxus S, 6/6 challenges solved within 3 hours 54 minutes 15 seconds
We’ll be sending out SWAG for the best writeups on any of the challenges you completed. The deadline for submissions is Sunday, March 16th at 10:00 am ET. Submit your writeup as a post on LinkedIn using the hashtag #wizerctf.
If you’re curious to give it a go, the challenge is open for practice. Join us for our next live event for the chance to win prizes!
What Each Wizer CTF Challenge Covered: A Snapshot
Your Passcode is...
The first challenge is also the easiest, just as always!
In this challenge, your goal is to inject an alert('Hacked'). At first glance, it might seem straightforward since user input is directly assigned to <element>.innerHTML. However, there's a catch! Before the insertion, the input undergoes whitespace removal, adding a layer of complexity.
Can you find a clever way to bypass this restriction?
First Solver: Muhamad Visat
Your ID is your secret!
Can you figure out a way to obtain another user’s ID?
The code reveals AliceR's user data, but there’s another hidden user you can’t see directly. Here’s a hint: bo**@example.com.
Can you guess the full email address, use it with /getId, and retrieve the user’s ID to capture the flag?
First Solver: Philippe Dourassov
An ode to XML
XML was going to be the next big thing. It was going to take over the internet, everything was going to run on XML. Somehow that didn’t quite pan out like I hoped and now I’m left with this website I made that fully runs on XML. Like all legacy systems, perhaps someone should take a closer look at it to make sure they can’t read files from the filesystem. Are you up for the challenge?
First Solver: Philippe Dourassov
Sharpen Your Tools
This challenge is really easy. No seriously! There’s an endpoint that’s obviously vulnerable to SQL injections. Can you exploit it? Hmm, are some things in the way. We often see testers make mistakes when it comes to fully using their tools. Is your scanner still working if your session expired? Is it taking CSRF tokens from the response, and so on. It’s so important that you know exactly how your tools function, so I’d like to challenge you to figure out how to solve this challenge using tools like BurpSuite (Don’t take the cheap route and code it 😉).
First Solved: Miguel Costa
Notes Of Secrecy
This note taking web application allows you to store all your greatest secrets! But perhaps something is going on that’s not as it should be? It’s all in the fine details. Can you figure out a way of stealing TheTraveller’s notes?
First Solver: Philippe Dourassov
Fun Games - Cookie Clicker
I’m starting a new company: Fun Games. It’s going to have a lot of different games all tied into a platform. I’ve already made the authentication service and a cookie clicker game! But somehow people have been logging into my administrator account. That shouldn’t be possible. Can you figure out how to do it?
First Solver: Angelo Aguilar
This event showcased a captivating blend of individual talent, creativity, and problem-solving as participants competed to overcome the challenges. Congratulations to all the winners! We look forward to seeing you all again soon—stay tuned for our upcoming challenge announcement for Q2 of 2025!
Wanna give the challenges a try for yourself? They are now open for practice! Create an account or login to get started!
Make sure to join our Discord to connect with our community and participate in our bi-weekly CTF Challenges.
