Solutions and end of the Web Security challenges from RootedCON'2010 CTF

The winner of the prize (iPod touch 4G) has been the first classified: PPP (Plaid Parliament of Pwning), an American team of known technical solvency, which has had to beat with other teams very seasoned in the hacking of web applications such as "FluxFingers" [third classified] (who has not read the magnificent articles of Reiners: [1], [2] and [3]) and even with solo people like our crack and friend Kachakil (in addition to teammate in "int3pids") [second placed].

There has been a great technical level and the contest was not easy (powerful and well-known teams such as the French Nibbles did not manage to overcome all the tests) so I take my hat off to those who have managed to finish them all successfully: ius, pepelux, okaboy, s3ntin3l, phib, ...). Of course, we must also recognize the effort and merit of the rest of the participants. You can check the top 25 of the classifieds or even access the complete "hall of fame".

The contest, which could be followed at all times thanks to my twitter (@roman_soft), had one more peculiarity: the "hall of shame" (or wall of shame :-)). This functionality of the new panel was not intended to be more than an experiment and at the same time a kind of joke: when a participant tried to hack the panel, it automatically introduced it into the "hall of shame", without further ado. The participant was not disqualified (despite being expressly prohibited from attacking the panel, according to the contest rules). I just wanted to demonstrate how the vast majority of participants would try to hack the panel and in fact it was (although luckily for me, without success :-P). As a result, a large part of the winners are part not only of the "hall of fame" but also of the "hall of shame" :-) On a technical level, I only placed a few check-points, strategically located, as a honeypot. It was more than enough ;-)).

Surely many of you are curious to know how one or more tests were passed... isn't it? I leave you the four solutions that I have received, compressed into a single file. Its authors are: ppp, pepelux, danitorre and miguel (very good work, guys!). For more information, don't forget to read the "readme" inside. And if you want to continue practicing (or try some of the techniques described in the solutions), hurry up and take advantage now that it is still possible: I will leave the challenge online for a while (maybe another month although it is not safe) although of course, it will no longer be possible to score. As always, I will try to warn via twitter of any news.

Finally, we would like to thank Bernardo Quintero and Hispasec Sistemas, sponsor of the contest, for their selfless support. And of course, to all of you who have participated in the contest and who are the ones who have really made this event great in every way. Thank you all!

Source: Roman Soft

Authors:

See original.