Forum Discussion
Capture the Flag!
Hey there community...are you ready to capture the flag?
We'll get the competition dates nailed down in the next week, but here are the details:
- This CTF will be an individual exercise hosted in the F5 UDF environment. By commenting on this thread, we'll add you to the list and you'll get an invite to the competition.
- The CTF will open June 21st at noon pacific and close June 24th at noon pacific.
- This first CTF is not F5-centric, just an opportunity to grow or flash your red team skills against a very flawed web application.
- There are no prizes associated, but we'll highlight the podium finishers on the DevCentral Connects live stream on June 28th.
We can't wait to see how everyone does!
Update Jun 17th: If you commented below, you should have an invite in your inbox. This will give you access to the vulnerable web application you will be attacking. To track your flags, please register at https://ctf.jimmypackets.com. Happy hunting!
- JRahmAdmin
Congrats AlexBCT on finishing first in our kickoff CTF! More details to come on Tuesday's Top5. Would love to hear from you (and the others who competed!) on what you thought of the challenge, the environment, the registration process, etc. We'll do more of these in the future and refine as we go.
Congrats to AlexBCT from me too!
- natheCirrocumulus
Hey Jason, I thought it was a great challenge so kudos for putting the CTF on.
From a registration point of view it was very straightforward and I got onto the environment pretty easily. The environment itself was pretty self-explanatory too, so I was able to get right on to the fun and games very quickly.
Juice Shop was a great choice too, as it's got plenty of challenges, of all levels, and there's enough documentation online to provide handy hints, and hold your hand through some of them. This means all types of people can try their hand, which is what you want really. It reminded me of my WAF building days (f5 ASM of course) when I would try and craft exploits to get round the defences. I was very rusty, but enjoyed the challenge and the chance to learn, or re-learn, hacking skills.
From a tools perspective, I used mainly Chrome Dev tools and OWASP Zap. With more time I would've probably made use of the Kali instance.
I did get an error when I loaded the site within Mozilla Firefox, wish I had taken a screenshot but it seemed to suggest it wasn't 100% compatible (may have been just for me).
Great work all. I just wish I had had more time, but that was mainly down to my own diary than the time allocated.
Nathe
- SarahCirrus
Exciting! Please sign me up!
- StefanBraittiNTNimbostratus
☝️
- vinisousaNimbostratus
Let's do it
- JRahmAdmin
Capture the Flag will open June 21st at noon pacific and close June 24th at noon pacific. Course invites will be sent June 20th.
We will announce results on June 28th on DevCentral Connects.
Congrats AlexBCT and everyone who participated
Would like to share the tools I've used: mainly fiddler and Firefox dev tools, and some online tools like cryptii.com, and Kali to solve the challenge of support team password but didn't know where to locate a word list file.
I wish that next time we could get more time before the labs expire.
I used mostly Chrome and Firefox Developer Tools.
Postman for automation and SQLi.
ZAP for fuzzing or manipulating and resending requests.
crackstation.net for passwords.The registration process was straight forward, the UDF environment was ok.
The challenge was good. I have used the Juice Shop a couple of times, but never in a CTF.
- AlexBCTCumulonimbus
Thanks JRahm et.al.! Was a great challenge indeed, have learned loads! To be honest, I was lucky that I had last week off, so could spend quite a bit of time on it.
Tools that I used; Firefox Developer tools a LOT, couple of Kali tools, though would have been good to have graphic user interface on the kali system or somewhere else inside the environment, so you get more "raw" access to Juice Shop server. I think there are a few challenges that can't be done (though I'd be happy to be proven wrong) because of the external layer. (for example the Cross-Site-Request-Forgery)
This video that was referenced was also very helpful and helped me to get started with the SQLi stuff;
https://www.youtube.com/watch?v=v5AYFcAdb30Really enjoyed it though, I'll be building a Juice-Shop in my own environment soon and hopefully run some workshops with it; it's a nice blend of all kinds of different attacks and the hints help a lot to get you started.
Am I late? Please count me in.
- JRahmAdmin
not at all! I'll keep adding people up to the the final day of the CTF. You should have an invite in your inbox. See below for tracking flags in addition to the CTF environment
- JRahmAdmin
We have a holiday on Monday, so I sent your registrations early. Let me know if you didn't get one.
The CTF environment won't open until noon on Tuesday the 21st, but you can complete your UDF registration at any time. To compete with each other, you'll need to sign up at https://ctf.jimmypackets.com to post the flags you find.
- SaiBharathRet. Employee
Hi John ,
I haven't got a link to register for UDF environment , Can you please help me with that
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com