[CTF] Participate to Capture The Flag events

Hey,

Our CTF team - w3pwnz (mostly players from w3challs and wechall) - seeks new players.
The primary target for this invitation is the upcoming 'Nuit Du Hack Prequals' event (24th of March, 48h long), but it's indeed still available for following events: pCTF (27 april), defcon, and so on...
More informations here

Topics discussed here are often related to exploitation (web, wargames...), RCE (x86, amd64, ARM...), crypto and forensics.
That's the kind of challenges you can play on some challenge sites available on wechall, except it's a time limited event designed for teams.
Those are a very interesting and formative way to discover new stuff that most often persistent challenge sites can't afford to propose.

*Anyone* here is very welcome to participate!
Some of us will be almost full time dedicated to the challenges, some won't.
Any hour invested in the CTF might be useful.
You can still attend your pony lessons

We would be very glad to have new some participants coming from wechall.

If you're interested or need more details, feel free to contact me here, PM, IRC #wechall or irc.w3challs.com/w3challs :')

Last year we participated to NDH'prequals and ended up to the 7th place, having solved all challenges.
Our feedback is that challenges were suprisingly not that much guessing-oriented, thus funnier.
That's another reason to participate this year

Cheers

i think it's funny to post it below a hacker contest invitation but seeing your link can't help it..is there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..

Quote from criple_ripper

Mar 12, 2012 - 21:09:08

i think it's funny to post it below a hacker contest invitation but seeing your link can't help it..is there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..

Huh, no
Actually i didn't add the 'http://' prefix and wechall module bugged i guess, though i'm sure i choosed the 'http' mode in the select list before posting.

Quote from criple_ripper

Mar 12, 2012 - 21:09:08

i think it's funny to post it below a hacker contest invitation but seeing your link can't help it..is there a CSRF issue with these links or is it just me??
i was thinking something like here clicked from you Gizmore..and i think this is the best case scenario..maybe something like this it's not working btw (i am too dizzy from work to find an exploit link, if any, right now) but you get the idea..

It's just you, GWF3 is secure by design
The biggest CSRF you can do is like in this image: screen.jpg

EDIT:
Your two links are harmless.
the first one sends me to install script "Already installed" message.
the second one sends me to superuser login (module admin is secure) (EDIT: Actually this is not sending me to login, but i can change the password there - nice catch)
All the important stuff is POST, and quite protected. Circumventing is possible, but quite hard.

gizmore


EDIT: And come on ... somebody participate in w3pwn team! ;)

I will participate. Straight looking forward to 24 March ...
awe, do you know exactly time, when the event will start?
24 0:00 till 26 0:00 ?

OffTopic: I have fixed a priviledge escalation in GWF3, thx to criple_ripper. It would have been possible to reset the superuser password with a hypothetical XSS flaw. The Superuser authentication is the exception not beeing checked against beeing authenticated, and resetting pass was part of this method before the patch. Thx criple_ripper!


OnTopic: Please highlight my nickname too, i'd maybe like to spend a few hours on recent challenges in a CTF!

Here is Webchat for W3Challs from awe.

Personally i want to wish the w3pwn team big success, all others i wish good luck ;)

Quote from oleg

Mar 13, 2012 - 05:00:33

I will participate. Straight looking forward to 24 March ...
awe, do you know exactly time, when the event will start?
24 0:00 till 26 0:00 ?

Just received a tweet from organizers: « Remember, #ndh2k12 #prequals will start on March 24 00:00 (GMT +1) for 48 hours. Registration will open soon ! »

I am on too if it is ok Just send me a PM with details.

Our team (yes I'm part of it ) is now officially registered !
Registered teams are listed on this page.

Of course it's not too late if you want to join us ;-)

24th March, 6 days to go! (BUMP)