Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Come learn how to solve Stripe's Capture The Flag (meetup.com)
58 points by pc on Feb 28, 2012 | hide | past | favorite | 22 comments



Meh, I got to level 4 but didn't go any further.

Learned a lot, but I'm still not sure if there wasn't a much simpler solution that I missed. Was return-to-libc really required to exploit it, or was I trying to kill a fly with a sledge hammer?


Return-to-libc (a.k.a. ret2libc) is usually used to bypass NX-bit / DEP, but NX was disabled for level04 - the solution does not require return-to-libc.


But it did have ASLR enabled, right? I didn't get how to bypass that without ret2libc.

I think I'll try again tomorrow morning and see what I missed.


On 32-bit machines, you can disable mmap randomization (and thus library randomization) using ulimit -s unlimited.

Also, there's another useful place you can return to that isn't in libc.


ASLR is enabled, yes.

ASLR actually makes ret2libc much more difficult to pull off (esp. on 64-bit platforms), because the location of libc.so itself is randomized.


Nice.. looking forward to the meetup.

In the meantime, if anyone wants tips/tricks or just to chat about it, feel free to contact me (email in my profile). I captured the flag late last last week.

FWIW, Stripe has a campfire room setup for this as well - http://stripe.com/campfire.


The CTF-specific room we set up is at: https://stripechat.campfirenow.com/59127


Any chance this would be webcast live or recorded for later viewing?


Unfortunately, we won't be webcasting. We will be releasing official solutions at some point however.


That's a little bit of a shame. I'm not close enough to make it to the meetup, but I and others would love some way to take part and chat with everyone.


Awesome, I'm really looking forwards to these. I was stumped from level 1 and it made me worry about what I'm doing wrong/not doing for my own servers.


I was going to ask the same question. It would be nice to see other people solutions too.


You guys should stream this meetup so us east-coasters can watch too.


I sent an email after I beat it, but never got a response =(


We'll be sending out replies within the next week or two. Don't worry, there will be T-shirts for all!


Awesome, thanks for the update. I was starting to get worried, but I guess it makes sense you're swamped with requests.


Will the challenge continue on after you guys post the solutions? I have not had enough free time to have a go at it and would like to.


We're taking it down on Wednesday at noon PST. We'll probably bring it back sometime in the future though!


If only this was Friday instead, I really wish I could make it, sounds like it would be interesting :(


Dammit. It starts not 5 hours after I leave SV for Chicago :(


I'd sign up in a heartbeat for a meetup like this in NYC.


I'm so close on level06. If Real Life(TM) would just stop getting in the way, i'd be done by now :). I guess its going to be another late night...




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: