Hey there community...are you ready to capture the flag?
We'll get the competition dates nailed down in the next week, but here are the details:
We can't wait to see how everyone does!
Update Jun 17th: If you commented below, you should have an invite in your inbox. This will give you access to the vulnerable web application you will be attacking. To track your flags, please register at https://ctf.jimmypackets.com. Happy hunting!
We have a holiday on Monday, so I sent your registrations early. Let me know if you didn't get one.
The CTF environment won't open until noon on Tuesday the 21st, but you can complete your UDF registration at any time. To compete with each other, you'll need to sign up at https://ctf.jimmypackets.com to post the flags you find.
Congrats @AlexBCT on finishing first in our kickoff CTF! More details to come on Tuesday's Top5. Would love to hear from you (and the others who competed!) on what you thought of the challenge, the environment, the registration process, etc. We'll do more of these in the future and refine as we go.
Hey Jason, I thought it was a great challenge so kudos for putting the CTF on.
From a registration point of view it was very straightforward and I got onto the environment pretty easily. The environment itself was pretty self-explanatory too, so I was able to get right on to the fun and games very quickly.
Juice Shop was a great choice too, as it's got plenty of challenges, of all levels, and there's enough documentation online to provide handy hints, and hold your hand through some of them. This means all types of people can try their hand, which is what you want really. It reminded me of my WAF building days (f5 ASM of course) when I would try and craft exploits to get round the defences. I was very rusty, but enjoyed the challenge and the chance to learn, or re-learn, hacking skills.
From a tools perspective, I used mainly Chrome Dev tools and OWASP Zap. With more time I would've probably made use of the Kali instance.
I did get an error when I loaded the site within Mozilla Firefox, wish I had taken a screenshot but it seemed to suggest it wasn't 100% compatible (may have been just for me).
Great work all. I just wish I had had more time, but that was mainly down to my own diary than the time allocated.
Congrats @AlexBCT and everyone who participated
Would like to share the tools I've used: mainly fiddler and Firefox dev tools, and some online tools like cryptii.com, and Kali to solve the challenge of support team password but didn't know where to locate a word list file.
I wish that next time we could get more time before the labs expire.
I used mostly Chrome and Firefox Developer Tools.
Postman for automation and SQLi.
ZAP for fuzzing or manipulating and resending requests.
crackstation.net for passwords.
The registration process was straight forward, the UDF environment was ok.
The challenge was good. I have used the Juice Shop a couple of times, but never in a CTF.
Thanks @JRahm et.al.! Was a great challenge indeed, have learned loads! To be honest, I was lucky that I had last week off, so could spend quite a bit of time on it.
Tools that I used; Firefox Developer tools a LOT, couple of Kali tools, though would have been good to have graphic user interface on the kali system or somewhere else inside the environment, so you get more "raw" access to Juice Shop server. I think there are a few challenges that can't be done (though I'd be happy to be proven wrong) because of the external layer. (for example the Cross-Site-Request-Forgery)
This video that was referenced was also very helpful and helped me to get started with the SQLi stuff;
Really enjoyed it though, I'll be building a Juice-Shop in my own environment soon and hopefully run some workshops with it; it's a nice blend of all kinds of different attacks and the hints help a lot to get you started.