Username: 
Password: 
Restrict session to IP 

[CTF] Participate to Capture The Flag events

1 2
Global Rank: 195
Totalscore: 105263
Posts: 24
Thanks: 41
UpVotes: 24
Registered: 15y 361d

The User is Offline
[CTF] Participate to Capture The Flag events
Google/translate3Thank You!1Good Post!2Bad Post! link
Hey,

Our CTF team - w3pwnz (mostly players from w3challs and wechall) - seeks new players.
The primary target for this invitation is the upcoming 'Nuit Du Hack Prequals' event (24th of March, 48h long), but it's indeed still available for following events: pCTF (27 april), defcon, and so on...
More informations here

Topics discussed here are often related to exploitation (web, wargames...), RCE (x86, amd64, ARM...), crypto and forensics.
That's the kind of challenges you can play on some challenge sites available on wechall, except it's a time limited event designed for teams.
Those are a very interesting and formative way to discover new stuff that most often persistent challenge sites can't afford to propose.

*Anyone* here is very welcome to participate!
Some of us will be almost full time dedicated to the challenges, some won't.
Any hour invested in the CTF might be useful.
You can still attend your pony lessons Smile

We would be very glad to have new some participants coming from wechall.

If you're interested or need more details, feel free to contact me here, PM, IRC #wechall or irc.w3challs.com/w3challs :')

Last year we participated to NDH'prequals and ended up to the 7th place, having solved all challenges.
Our feedback is that challenges were suprisingly not that much guessing-oriented, thus funnier.
That's another reason to participate this year Smile

Cheers
Last edited by awe - Mar 12, 2012 - 21:18:20
Global Rank: 29
Totalscore: 313630
Posts: 54
Thanks: 79
UpVotes: 58
Registered: 15y 358d










Last Seen: 1d 1h
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate4Thank You!2Good Post!1Bad Post! link
i think it's funny to post it below a hacker contest invitation but seeing your link can't help it..is there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..
Last edited by criple_ripper - Mar 12, 2012 - 21:10:57
Global Rank: 195
Totalscore: 105263
Posts: 24
Thanks: 41
UpVotes: 24
Registered: 15y 361d

The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate3Thank You!2Good Post!1Bad Post! link
Quote from criple_ripper
Mar 12, 2012 - 21:09:08

i think it's funny to post it below a hacker contest invitation but seeing your link can't help it..is there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..


Huh, no Happy
Actually i didn't add the 'http://' prefix and wechall module bugged i guess, though i'm sure i choosed the 'http' mode in the select list before posting.
Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1336
UpVotes: 885
Registered: 16y 42d




Last Seen: 9h 19m
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
Quote from criple_ripper
Mar 12, 2012 - 21:09:08

i think it's funny to post it below a hacker contest invitation but seeing your link can't help it..is there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..

It's just you, GWF3 is secure by design Smile
The biggest CSRF you can do is like in this image: screen.jpg

EDIT:
Your two links are harmless.
the first one sends me to install script "Already installed" message.
the second one sends me to superuser login (module admin is secure) (EDIT: Actually this is not sending me to login, but i can change the password there - nice catch)
All the important stuff is POST, and quite protected. Circumventing is possible, but quite hard.

gizmore


EDIT: And come on ... somebody participate in w3pwn team! ;)
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Mar 13, 2012 - 01:55:42
Global Rank: 29270
Totalscore: 0
Posts: 257
Thanks: 236
UpVotes: 173
Registered: 24y 125d
Last Seen: 0s
The User is Online
RE: [CTF] Participate to Capture The Flag events
Google/translate3Thank You!2Good Post!1Bad Post! link
I will participate. Straight looking forward to 24 March ...
awe, do you know exactly time, when the event will start?
24 0:00 till 26 0:00 ?
Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1336
UpVotes: 885
Registered: 16y 42d




Last Seen: 9h 19m
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
OffTopic: I have fixed a priviledge escalation in GWF3, thx to criple_ripper. It would have been possible to reset the superuser password with a hypothetical XSS flaw. The Superuser authentication is the exception not beeing checked against beeing authenticated, and resetting pass was part of this method before the patch. Thx criple_ripper!


OnTopic: Please highlight my nickname too, i'd maybe like to spend a few hours on recent challenges in a CTF! Smile

Here is Webchat for W3Challs from awe.

Personally i want to wish the w3pwn team big success, all others i wish good luck ;)
The geeks shall inherit the properties and methods of object earth.
Last edited by gizmore - Mar 13, 2012 - 10:35:39
Global Rank: 195
Totalscore: 105263
Posts: 24
Thanks: 41
UpVotes: 24
Registered: 15y 361d

The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate3Thank You!2Good Post!1Bad Post! link
Quote from oleg
Mar 13, 2012 - 05:00:33

I will participate. Straight looking forward to 24 March ...
awe, do you know exactly time, when the event will start?
24 0:00 till 26 0:00 ?

Just received a tweet from organizers: « Remember, #ndh2k12 #prequals will start on March 24 00:00 (GMT +1) for 48 hours. Registration will open soon ! »
Global Rank: 29270
Totalscore: 0
Posts: 257
Thanks: 236
UpVotes: 173
Registered: 24y 125d
Last Seen: 0s
The User is Online
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
I am on too if it is ok Smile Just send me a PM with details.
Global Rank: 891
Totalscore: 28806
Posts: 1
Thanks: 2
UpVotes: 1
Registered: 15y 323d

Last Seen: 11y 264d
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate2Thank You!1Good Post!1Bad Post! link
Our team (yes I'm part of it Smile) is now officially registered !
Registered teams are listed on this page.

Of course it's not too late if you want to join us ;-)
Global Rank: 252
Totalscore: 87267
Posts: 1635
Thanks: 1336
UpVotes: 885
Registered: 16y 42d




Last Seen: 9h 19m
The User is Offline
RE: [CTF] Participate to Capture The Flag events
Google/translate1Thank You!0Good Post!1Bad Post! link
24th March, 6 days to go! (BUMP)
The geeks shall inherit the properties and methods of object earth.
1 2
tunelko, awe, quangntenemy, TheHiveMind, Z, balicocat, Ge0, samuraiblanco, arraez, jcquinterov, hophuocthinh, alfamen2, burhanudinn123, Ben_Dover, stephanduran89, braddie0, SwolloW, dangarbri have subscribed to this thread and receive emails on new posts.
1 people are watching the thread at the moment.
This thread has been viewed 10898 times.