Earlier this month, we hosted our second 6-Hour Capture the Flag challenge! This event drew hundreds of developers and hackers from diverse backgrounds. Participants tackled a series of challenges by hacking short snippets of code by spotting vulnerabilities and exploiting them.
1st - Jorian Woltjer, 6/6 challenges solved within 2 hours 21 minutes
2nd - Philippe Dourassov, 6/6 challenges solved within 2 hours 25 minutes
3rd - physuru, 6/6 challenges solved within 3 hours 57 minutes
1st - Jorian Woltjer - view the writeup here
2nd - Stuart Larsen - view the writeup here
3rd - Hussein Misbah - view the writeup here
If you’re curious to give it a go, the challenge is open for practice. Join us for our next live event for the chance to win prizes!
Most of you will probably find the issue quite quickly, yet exploiting it will take a couple of minutes. In this challenge, you’re required to bypass the current authentication and trick the app to log you in as an admin user.
First Solver: tarampampam
API Gateways are very common, especially when you have multiple sets of APIs which need to be routed between. Some gateways are also responsible for middleware functions. In this case, the API Gateway is responsible for the authentication part. Can you bypass the authentication and make a direct call to the internal API?
The developer of this code made a deliberate attempt to mitigate the vulnerability here and prevent XSS. Can you still find a bypass and trigger an XSS attack?
First Solver: Philippe Dourassov
There’s many kinds of flags: Country flags, red flags, but also CTF flags. But in this challenge getting your hands on that CTF flag isn’t so easy. Can you bypass this complex authentication flow and steal the flag?
First Solver: Jorian Woltjer
What if I told you it was possible to have a single payload that contains a Local File Inclusion, a Server-Side Request Forgery vulnerability, a Command Injection, a Server-Side Template Injection, and a Cross-site Scripting?
First Solver: Philippe Dourassov
Spotting the bug is easy, it’s an insecure direct object reference, but wait! Did you sign your request? No? Then you’re not allowed!
First Solver: Jorian Woltjer
This event showcased a captivating blend of individual talent, creativity, and problem-solving as participants competed to overcome the challenges. Congratulations to all the winners! We look forward to seeing you all again soon—stay tuned for our upcoming challenge announcement for Q3!