I spent some time over the weekend participating in Google’s first CTF. There were 15 web challenges total with a large emphasis on Cross-Site Scripting and a few related to Google tech/products. I put together some write-ups on the challenges I was able to solve.

Continue reading →

Google CTF – Web 7 – Spotted Quoll

Continue reading →

Google CTF – Web 11 – Flag Storage Service

A challenge involving injecting into Google’s Query Language (GQL) using a blind boolean technique to extract a password from the database.

Continue reading →

Google CTF – Web 12 – FSS – Electric Boogaloo

Continue reading →

Google CTF – Web 15 – Horton Hears a Who!

Continue reading →

Google CTF – Web 3 – Ernst Echidna

Description: “Can you hack this website? The robots.txt sure looks interesting.”

Continue reading →

Google CTF – Web 2 – Wallowing Wallabies – Part Two

Continuing on from Wallowing Wallabies Part 1.

Continue reading →

Google CTF – Web 4 – Dancing Dingoes

Description: “We’re interested in finding out what information is stored on this website. We’ve already obtained the username “proff” and the password “strobe.c”, but can’t work out how to access the “admin” user. Any ideas?”

Continue reading →

Google CTF – Web 8 – Global CTF

Continue reading →

Google CTF – Web 6 – Purple Wombats

Continue reading →