On October 27th, we hosted our third 6-Hour Capture the Flag challenge! Over 800+ developers and hackers from diverse backgrounds registered for this challenge. Participants tackled a series of challenges by hacking short snippets of code by spotting vulnerabilities and exploiting them.
Nearly 100 participants joined, with 41 successfully solving at least 1 challenge. We received 109 correct solutions in total! One person solved 6 challenges, 6 people solved 5, and 3 solved 3. The rest solved between 1 and 2 challenges each.
Congratulations to our CTF Challenge Winners!
1st - Stuart Larsen, 6/6 challenges solved within 4 hours 2 minutes
2nd - Arthur D, 5/6 challenges solved within 1 hours 40 minutes
3rd - physuru, 5/6 challenges solved within 2 hours 40 minutes
Send In Your CTF writeups!
We’ll be sending out SWAG for the best writeups on any of the challenges you completed. The deadline for submissions is Sunday, November 10 at 10am ET. Submit your writeup as a post on LinkedIn using the hashtag #wizerctf.
If you’re curious to give it a go, the challenge is open for practice. Join us for our next live event for the chance to win prizes!
What Each Wizer CTF Challenge Covered: A Snapshot
Companies API
The first challenge is also the easiest, as always :) In this Companies API endpoint code, the developer did sanitize the inputs, however, can you still find a way to get the list of all companies?
First Solver: Philippe Dourassov
Profile Secret Key
Can you trick the system to retrieve the secret key of a user named `jdoe`?
On this app, a profile object contains multiple pieces of information, including the name and a secret key. The developer created an internal function which serves two purposes: 1. Extract the name out of the profile, when the argument sent to the function is a single value which serves the end-user UI, and 2. Extract multiple full profile details, serving admin-mode only, when an array argument is provided.
First Solver: Philippe Dourassov
Custom Card, anyone?
Finding a flag in an app can be like finding a needle in a haystack, right? Well, I’d argue that this statement isn’t true here! The developer of this code created a custom EJS based template mechanism to render a nicely designed invite card (endpoint /renderInvite). In applying responsible security measures, a `sanitizeTemplate` function was implemented to block malicious attempts. Where could possibly the flag be? Can you get it?
First Solver: Philippe Dourassov
Pirate Auth
Arrr, we've crafted a guarded portal t' keep them scallywag hackers o' the sea from plunderin' our booty! 🏴☠️ All jokes aside, this challenge shows how even a simple /login endpoint can fall victim to a very technical vulnerability. Even if you can spot the vulnerability at first sight, we can guarantee you that you’re going to need at least an hour to actually bypass the login form!
First Solver: Stuart Larsen
Traveler’
This webpage allows you to time travel between different ages and places. A true engineering feat. However, some bugs may still be present in the code and therefor, we’ve added a way for you to report faulty travel URLs to the administrator. It’s nothing new: A user of a web application attacks an administrator through a client-side attack. But can you spot the real attack here?
First Solver: J H
Hidden Lair
Welcome to the hidden lair: A secure underground chatroom where criminals alike can talk amongst each other. But the feds have been able to infiltrate and leak some TLS encrypted traffic. Surely no 0day exists in TLS for you to decrypt this traffic, but what if there was another way for you to read what these criminals were chatting about?
First Solver: Stuart Larsen
This event showcased a captivating blend of individual talent, creativity, and problem-solving as participants competed to overcome the challenges. Congratulations to all the winners! We look forward to seeing you all again soon—stay tuned for our upcoming challenge announcement for Q1 of 2025!
Make sure to join our Discord to connect with our community and participate in our bi-weekly CTF Challenges.
