Hey there community...are you ready to capture the flag? We'll get the competition dates nailed down in the next week, but here are the details: This CTF will be an individual exercise hosted in the F5 UDF environment. By commenting on this thread, we'll add you to the list and you'll get an invite to the competition. The CTF will open June 21st at noon pacific and close June 24th at noon pacific. This first CTF is not F5-centric, just an opportunity to grow or flash your red team skills against a very flawed web application. There are no prizes associated, but we'll highlight the podium finishers on the DevCentral Connects live stream on June 28th. We can't wait to see how everyone does! Update Jun 17th: If you commented below, you should have an invite in your inbox. This will give you access to the vulnerable web application you will be attacking. To track your flags, please register at https://ctf.jimmypackets.com. Happy hunting!

Forum Discussion

JRahm

Admin

Jun 01, 2022

Capture the Flag!

Hey there community...are you ready to capture the flag?

We'll get the competition dates nailed down in the next week, but here are the details:

This CTF will be an individual exercise hosted in the F5 UDF environment. By commenting on this thread, we'll add you to the list and you'll get an invite to the competition.
The CTF will open June 21st at noon pacific and close June 24th at noon pacific.
This first CTF is not F5-centric, just an opportunity to grow or flash your red team skills against a very flawed web application.
There are no prizes associated, but we'll highlight the podium finishers on the DevCentral Connects live stream on June 28th.

We can't wait to see how everyone does!

Update Jun 17th: If you commented below, you should have an invite in your inbox. This will give you access to the vulnerable web application you will be attacking. To track your flags, please register at https://ctf.jimmypackets.com. Happy hunting!

28 Replies

Daniel_Wolf
MVP
Jun 26, 2022
I used mostly Chrome and Firefox Developer Tools.
Postman for automation and SQLi.
ZAP for fuzzing or manipulating and resending requests.
crackstation.net for passwords.

The registration process was straight forward, the UDF environment was ok.

The challenge was good. I have used the Juice Shop a couple of times, but never in a CTF.
AlexBCT
Cumulonimbus
Jun 26, 2022
Thanks JRahm et.al.! Was a great challenge indeed, have learned loads! To be honest, I was lucky that I had last week off, so could spend quite a bit of time on it.

Tools that I used; Firefox Developer tools a LOT, couple of Kali tools, though would have been good to have graphic user interface on the kali system or somewhere else inside the environment, so you get more "raw" access to Juice Shop server. I think there are a few challenges that can't be done (though I'd be happy to be proven wrong) because of the external layer. (for example the Cross-Site-Request-Forgery)

This video that was referenced was also very helpful and helped me to get started with the SQLi stuff;

JRahm
boneyard
MVP
Jul 31, 2022
quite late but still congratulations AlexBCT subscribed but the week went by too fast to actually join.