Web challenges from RootedCON’2010 CTF

Web challenges from RootedCON’2010 CTF

Once upon a time, about three years ago, RoMaNSoFt published in his website the advertisement of a web security competition: Web challenges from RootedCON’2010 CTF. A selected set of Capture The Flag challenges to test our computer skills. The prize: an iPod touch (4G) 32 Gb, laser signed.

The contest was designed by RoMaNSoFt (@roman_soft) and Dreyer (@dreyercito). It started at 8 p.m. on Sep 17th, 2010, Spain time. Here is the home page with the instructions.

I was really bored at that time and I filled the registration form on Sep 16th, 2010 at 12:00:26 p.m.

ctf-2010-indexThere were 7 levels (challenges). The level number did not correspond to the difficulty. As you can see in this image, I was able to solve all of them. That happened on Sep 29, 2010 at 1:59:39 p.m., i.e.: thirteen days after start. The winners, PPP (Plaid Parliament of Pwning), finished on Sep, 18, just two days after start! They are a really good U.S. team. Congratulations men! The second, kachakil (@Kachakil), a spanish hacker, one day later. Good job!

I finished in the 13th position! The game was over on Oct 25, 2010. Only 18 finished all the challenges from 1045 participants. Yes, you’ve read it right: 1045! Here’s the complete Hall Of Fame and the Hall Of Shame (I’m in the 138th position there ;-) RoMaNSoFt shielded the scoreboard to avoid hacking but 173 tried it.

hall-of-fameMy order of resolution of the seven levels was: 7-4-1-3-6-5-2. They were thirteen funny days in which I learned a lot about web hacking. I met other hackers in #rootedctf, the irc channel for that event. There, we help each other a little to jump over the challenges difficulties. I want to thank s3ntin3l, fk@WoD, ius and juju666 for their help.

Maybe you’re asking why I’m telling all of this now, three years after the contest. Well, the reason is because I didn’t it before. Easy, isn’t it? Kidding apart, every day, checking the records of my blog, I see how there are hundreds and hundreds of hacking attempts produced (I’m sure) by script kiddies who want deposit their shit into my blog. They are so incompetent that they fail. And so, I’ll post how I overcame the seven levels of this competition to see if they can learn something. Especially to use the knowledge for something positive.

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *

Antes de enviar el formulario: