For Developers

Recap of Wizer’s 6-Hour Blitz CTF Event on Feb 4th

Written by Wizer Team | Feb 26, 2024 2:49:22 PM

Earlier this month, we hosted our first-ever 6-Hour Capture the Flag challenge! This event drew cybersecurity enthusiasts from diverse backgrounds. Participants, ranging from beginners to seasoned professionals, eagerly tackled a series of challenging tasks in reverse engineering, cryptography, and more, showcasing their technical acumen and adaptability in a virtual arena. 

Congratulations to our CTF Challenge Winners!

1st - Philippe Dourassov

Tied for 2nd - physuru & feasto

3rd - Evangelos Lioudakis

If you’re curious to give it a go, the challenge is open for practice (but, alas, no prizes awarded, only knowledge gained 🤩):

What Each Wizer CTF Challenge Covered: A Snapshot

JWT Authentication

This challenge showcases a simple authentication endpoint that allows multiple JWT algorithms. To win the flag, the user needs to make the system render the ‘flag’ message.

First Solver: Philippe Dourassov     

Best Write Up: Matthias L.

View additional write ups on the 1st challenge by Amine Nait Ali, Aftab Sama, Bhavya Jain, and Evangelos Lioudakis

 

Nginx Configuration 

In reviewing the nginx configuration file, the user is tasked with getting the flag from a file named flag.html.

First Solver: Philippe Dourassov

Best Write Up: Bhavya Jain

View additional write ups on the 2nd challenge by Matthias L., Amine Nait Ali, Aftab Sama, and Evangelos Lioudakis

 

Recipe Book

We created a recipe book website with a unique functionality: an offline mode. To win the flag, the user is tasked with proving that the code is vulnerable to XSS, by injecting an alert message.

First Solver: Philippe Dourassov

Best Write Up: Yoeri Vegt

View additional write ups on the 3rd challenge by Aftab Sama, Bhavya Jain, and Evangelos Lioudakis

 

Profile Page

A simple webpage that shows your profile, what could go wrong there? To capture the flag, the user needed to read the /flag.txt file.

First Solver: Yoeri Vegt

Best Write Up: Lucas Voxted

View additional write ups on the 4th challenge by Amine Nait Ali, Aftab Sama, and Evangelos Lioudakis

 

Hack The Admin

Pyjsparser.parser is a safe library for parsing and executing JavaScript within a Python app. To win the flag, the user is expected to read the content of /flag.txt file.

First Solver: Philippe Dourassov

Best Write Up: Evangelos Lioudakis

 

Evaluation Corp Certificate of Support

This code showcases a PDF Certificate generator. To win the flag, the user is tasked with making the code print the flag within the generated PDF Certificate.

First Solver: Philippe Dourassov

Best Write Up: Evangelos Lioudakis

 

This event was a thrilling display of individual skill, ingenuity, and problem-solving as participants raced to complete the challenges. Congratulations again to all the winners! We are excited to see you all again next time - stay tuned for our next challenge announcement coming soon!