-
global scoring after hackathon, initial points was 0.
-
overall content finished, which was a lot to not a lot.
Inspiration
My inspiriation for this project came from me wanting to learn better tools and techniques for hacking, as I have an immense interest for hacks and cybersecurity.
Challenges I ran into
Many challenges I ran into is the fact that although most of the web exploit challenges were recycled from last year, they patched things I never expected to be patched. One specific example of this was the fact that a website required a SSTI exploit in order to obtain config. I did the normal test payload, only to find they sanitised the input, meaning I had to find another way to get in, or a completely different exploit. Something as simple as a basic SQL Injection turned into me turning on Burp Suite in an attempt to include spaces to make the injection work and not fritz out.
Accomplishments that I'm proud of
There were many accomplishments I had through this experience, one of which being the typing game. The typing game gave you lines of commands to run in a "command line", with 60 seconds on the clock. Now, I don't consider myself a fast typer, but when the pressure was on, I was Speedy Gonzales with my typing. There was also the cryptography section, something I'm usually bad at, but I excelled at, creating many Vignere ciphers in an attempt to decipher an autobiography with a flag.
What I learned
I learned quite a lot from this CTF, some new skills, some improved skills. I learned a lot on the art of forensics, with using tools such as Wireshark to dissect packet dumps, as well as hexdump on reading messages. In cryptography, I learned many ways to attack ciphers, as well as creating these ciphers as well. As for web exploitation, there wasn't a whole lot I learned in new skills, but rather an adapted mindset for approaching exploitation of websites and such. It's not much, but it's honest work.
Built With
- burp-suite
- command-line
- webdev
Log in or sign up for Devpost to join the conversation.