Capture the Flag (CTF)

September 22-23, 2011: An OWASP CTF and mplsCTFgames event

Looking for the University Challenge instead? Click here.

This OWASP AppSec USA 2011 CTF was put together by Steven van der Baan of the global OWASP CTF project, Spenser Reinhardt of mplsCTFgames, and Aaron Yaeger. All skill levels were welcome!

Congrats to The Dubliners, DisK0nn3cT, and sid for taking top honors in the OWASP AppSec USA 2011 CTF!

Whether you were an old hack or new enthusiast you should have joined us for the OWASP AppSec USA 2011 Capture the Flag event September 22-23, 2011 at the Minneapolis Convention Center (players had to register for the conference to play). The OWASP AppSec USA 2011 event was specially designed to support challengers of all skill levels. Players competed in multiple challenges, gaining points for each flag that they captured. One point per flag was granted as players picked and chose challenges across all areas of application security.

Players showed off their skills, learned some new tricks, and had a great time. All they needed was a laptop equipped with a wifi card and pre-installed with all of their favorite non-commercial tools. And the winners received gaming consoles, gift certificates, and more!

At the start of the event, each team was provided some basic rules regarding how to play nice in our little make believe network and a list of hints to get started chasing after those coveted flags. We were happy to have them all!

Pre-conference Challenge #3 - July 2011

Pre-conference challenge #3 - July 2011 - was solved in record time! The goal was to figure out the code and explain how you figured out the code. Congratulations to tomconner46 for being first to solve it! Honorable mention to: Dan Amodio, jstrassburg, @audiopocalypse, Johnny Y, dvvord, {}, weston.pace, @zhroom_42, woodzy, Michael, Roger Seagle, Jimmy, Chris Hartley, @planetlevel (apsectsecurity.com), Rizki Wicaksono (@rizki81), ##########, Jean-Michel Besnard, Timo Hirvonen (@TimoHirvonen), silvermaster, Aaron Weaver, and matonis (mike-matonis.com).

If you want to try it out for yourself, download this ZIP file. Here's a thoughtful solution to the challenge from matonis (mike-matonis.com).

Thank you to OWASP AppSec USA 2011 CTF organizer Aaron Yaeger for building this challenge.

Pre-conference Challenge #2 - June 2011

Congratulations to @DisK0nn3cT and @lobobastich for winning this pre-conference challenge! And raise your glass to Reinhart (different person than OWASP AppSec USA 2011 CTF organizer Spenser Reinhardt) for rooting the box and being so kind as to quietly disclose the need for a fix!

There's a great writeup on the June 2011 challenge and solution. Here were the hints to the challenge, What's the code?

Hints

HINT 0 (in the form itself!): Better attempt some engineering, so if excess time yields fifty or under rotations, please resist elaborate, fancy explanations. Really, really eliminate doubt.
HINT 1 (added 14-June-2011): You really want a code that will get you into the conference.
HINT 2 (added 22-June-2011): To go in the right direction, think about what person usually handles an invoice.
HINT 3 (added 29-June-2011): Have you really seen your invoice lately?
FINAL HINT (added to Steven's site shortly before being solved): MY invoice will get you there, not YOURS!

Much thanks to Steven van der Baan, OWASP CTF Project Lead, for putting this challenge together!