Once upon a time, about three years ago, RoMaNSoFt published in his website the advertisement of a web security competition: Web challenges from RootedCON’2010 CTF. A selected set of Capture The Flag challenges to test our computer skills. The prize: an iPod touch (4G) 32 Gb, laser signed.
The contest was designed by RoMaNSoFt (
@roman_soft) and Dreyer ( @dreyercito). It started at 8 p.m. on Sep 17th, 2010, Spain time. Here is the home page with the instructions.
I was really bored at that time and I filled the registration form on Sep 16th, 2010 at 12:00:26 p.m.
Continúa leyendo Web challenges from RootedCON’2010 CTF
Scriptures was the last level in the Web challenges from RootedCON’2010 CTF list but the first I resolved.
Just a textbox and a button to check the user input.
Let’s go through the textbox and we take a look inside…
Continúa leyendo Level 7 – scriptures
I don’t be lying saying that oneweb was the easiest level of the Web challenges from RootedCON’2010 CTF.
Here’s how it looks like: a single text (in spanish) as instructions to follow:
“Ok, we are at 1st., the next file you must read is:
Into that file you will find more instructions.“
Continúa leyendo Level 4 – oneweb
The getadmin contest show us the danger of enabling the register_globals directive in PHP. Looking into the source code, you can see that it is a simple form:
Continúa leyendo Level 1 – getadmin
Take a look into the source code:
A simple GET form with an interesting comment:
<!-- fortune files are in fortunes/ directory -->
This is a clue!
Continúa leyendo Level 3 – fortune