Saturday

Capture The Flag @ Hack.lu 2007

Well, I didn't blog a lot about the Hack.lu convention but I was having fun with the CTF game and it took most of my time. It was so much fun. I was fooling around with Hex editors and other tools (on Backtrack). My goal was to learn as much as possible from the game. The CTF was a multi disciplinary contest. There were 5 categories:

  1. Binary Leetness
  2. Forensics
  3. Web Hacking
  4. Potent Pwnables
  5. Trivia
I found it a pity that the game just started on day 2 and I didn't want to neglect following the presentations and talking to other people. It was hard not to get back to the game as soon as possible. I ended up in the top ten but there were still a few hours left when I headed back home. I certainly learned some new 'tricks'.
Next time, I will prepare a laptop with some proper tools and configuration. I only had the livecd from Backtrack and it had some drawbacks.
I hope the CTF will be posted online at some point in time so I can have a shot at the remaining challenges. I still have some of the binaries to analyze at home. But the web hacking is another thing. Since I was having so much fun, first thing I did back home, was to install Webgoat 5.1. So I'm finishing my post here. I have some playing to do! ;-)



Update: To clarify to some people. This was not the classical CTF game you see at most conferences. This was more a quiz with questions ranging from hacker trivia to computer forensics and Web server administration. For example, for forensics 100, you saw the photo of a street sign and the question was 'in which city was this photo taken'. The purpose was of course to look at the GPS coordinates embedded in the EXIF format and not looking up the street names on google (which might be a bit harder to solve this way). A classical CTF would not have been my cup of tea but this hacker game was very entertaining and educational.

No comments: