Restrict session to IP 

[CTF] Participate to Capture The Flag events

1 2
Global Rank: 199
Totalscore: 104666
Posts: 24
Thanks: 41
UpVotes: 24
Registered: 16y 336d

The User is Offline
[CTF] Participate to Capture The Flag events
Google/translate3Thank You!1Good Post!2Bad Post! link

Our CTF team - w3pwnz (mostly players from w3challs and wechall) - seeks new players.
The primary target for this invitation is the upcoming 'Nuit Du Hack Prequals' event (24th of March, 48h long), but it's indeed still available for following events: pCTF (27 april), defcon, and so on...
More informations here

Topics discussed here are often related to exploitation (web, wargames...), RCE (x86, amd64, ARM...), crypto and forensics.
That's the kind of challenges you can play on some challenge sites available on wechall, except it's a time limited event designed for teams.
Those are a very interesting and formative way to discover new stuff that most often persistent challenge sites can't afford to propose.

*Anyone* here is very welcome to participate!
Some of us will be almost full time dedicated to the challenges, some won't.
Any hour invested in the CTF might be useful.
You can still attend your pony lessons Smile

We would be very glad to have new some participants coming from wechall.

If you're interested or need more details, feel free to contact me here, PM, IRC #wechall or :')

Last year we participated to NDH'prequals and ended up to the 7th place, having solved all challenges.
Our feedback is that challenges were suprisingly not that much guessing-oriented, thus funnier.
That's another reason to participate this year Smile

Last edited by awe - Mar 12, 2012 - 21:18:20
Global Rank: 33
Totalscore: 313358
Posts: 54
Thanks: 79
UpVotes: 58
Registered: 16y 333d

Last Seen: 10d 8h
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate4Thank You!2Good Post!1Bad Post! link
i think it's funny to post it below a hacker contest invitation but seeing your link can't help there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..
Last edited by criple_ripper - Mar 12, 2012 - 21:10:57
Global Rank: 199
Totalscore: 104666
Posts: 24
Thanks: 41
UpVotes: 24
Registered: 16y 336d

The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate3Thank You!2Good Post!1Bad Post! link
Quote from criple_ripper
Mar 12, 2012 - 21:09:08

i think it's funny to post it below a hacker contest invitation but seeing your link can't help there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..

Huh, no Happy
Actually i didn't add the 'http://' prefix and wechall module bugged i guess, though i'm sure i choosed the 'http' mode in the select list before posting.
Global Rank: 228
Totalscore: 94569
Posts: 1696
Thanks: 1365
UpVotes: 929
Registered: 17y 18d

Last Seen: 9h 44m
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
Quote from criple_ripper
Mar 12, 2012 - 21:09:08

i think it's funny to post it below a hacker contest invitation but seeing your link can't help there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..

It's just you, GWF3 is secure by design Smile
The biggest CSRF you can do is like in this image: screen.jpg

Your two links are harmless.
the first one sends me to install script "Already installed" message.
the second one sends me to superuser login (module admin is secure) (EDIT: Actually this is not sending me to login, but i can change the password there - nice catch)
All the important stuff is POST, and quite protected. Circumventing is possible, but quite hard.


EDIT: And come on ... somebody participate in w3pwn team! ;)
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Mar 13, 2012 - 01:55:42
Global Rank: 30282
Totalscore: 0
Posts: 267
Thanks: 245
UpVotes: 182
Registered: 25y 101d
Last Seen: 1s
The User is Online
RE: [CTF] Participate to Capture The Flag events
Google/translate3Thank You!2Good Post!1Bad Post! link
I will participate. Straight looking forward to 24 March ...
awe, do you know exactly time, when the event will start?
24 0:00 till 26 0:00 ?
Global Rank: 228
Totalscore: 94569
Posts: 1696
Thanks: 1365
UpVotes: 929
Registered: 17y 18d

Last Seen: 9h 44m
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
OffTopic: I have fixed a priviledge escalation in GWF3, thx to criple_ripper. It would have been possible to reset the superuser password with a hypothetical XSS flaw. The Superuser authentication is the exception not beeing checked against beeing authenticated, and resetting pass was part of this method before the patch. Thx criple_ripper!

OnTopic: Please highlight my nickname too, i'd maybe like to spend a few hours on recent challenges in a CTF! Smile

Here is Webchat for W3Challs from awe.

Personally i want to wish the w3pwn team big success, all others i wish good luck ;)
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Mar 13, 2012 - 10:35:39
Global Rank: 199
Totalscore: 104666
Posts: 24
Thanks: 41
UpVotes: 24
Registered: 16y 336d

The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate3Thank You!2Good Post!1Bad Post! link
Quote from oleg
Mar 13, 2012 - 05:00:33

I will participate. Straight looking forward to 24 March ...
awe, do you know exactly time, when the event will start?
24 0:00 till 26 0:00 ?

Just received a tweet from organizers: « Remember, #ndh2k12 #prequals will start on March 24 00:00 (GMT +1) for 48 hours. Registration will open soon ! »
Global Rank: 30282
Totalscore: 0
Posts: 267
Thanks: 245
UpVotes: 182
Registered: 25y 101d
Last Seen: 1s
The User is Online
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
I am on too if it is ok Smile Just send me a PM with details.
Global Rank: 905
Totalscore: 28866
Posts: 1
Thanks: 2
UpVotes: 1
Registered: 16y 298d

Last Seen: 12y 239d
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
Our team (yes I'm part of it Smile) is now officially registered !
Registered teams are listed on this page.

Of course it's not too late if you want to join us ;-)
Global Rank: 228
Totalscore: 94569
Posts: 1696
Thanks: 1365
UpVotes: 929
Registered: 17y 18d

Last Seen: 9h 44m
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate1Thank You!0Good Post!1Bad Post! link
24th March, 6 days to go! (BUMP)
The geeks shall inherit the properties and methods of object earth.
1 2
tunelko, awe, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri, csuquvq have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 11736 times.