Brett BuerhausI recently participated in the NahamCon CTF with the team Hacking for Soju. I was unable to complete this challenge before the end of the CTF, but managed to solve it the following day. Credits to maneolt and xehle for sharing notes and giving me a couple nudges.
Shout-out to the challenge creator Adam Langley (give him a follow) for keeping the hype going after the CTF ended and also making one of the better web CTFs I have seen!
It starts with Hackbookagram.com
Brett Buerhaus
I spent some time over the weekend participating in Google's first CTF. There were 15 web challenges total with a large emphasis on Cross-Site Scripting and a few related to Google tech/products. I put together some write-ups on the challenges I was able to solve.
Brett BuerhausGoogle CTF - Web 7 - Spotted Quoll
Brett BuerhausGoogle CTF - Web 11 - Flag Storage Service
A challenge involving injecting into Google's Query Language (GQL) using a blind boolean technique to extract a password from the database.
Brett BuerhausGoogle CTF - Web 12 - FSS - Electric Boogaloo
Brett BuerhausGoogle CTF - Web 15 - Horton Hears a Who!
Brett BuerhausGoogle CTF - Web 3 - Ernst Echidna
Description: "Can you hack this website? The robots.txt sure looks interesting."
Brett BuerhausGoogle CTF - Web 2 - Wallowing Wallabies - Part Two
Continuing on from Wallowing Wallabies Part 1.
Brett BuerhausGoogle CTF - Web 4 - Dancing Dingoes
Description: "We're interested in finding out what information is stored on this website. We've already obtained the username "proff" and the password "strobe.c", but can't work out how to access the "admin" user. Any ideas?"
Brett BuerhausGoogle CTF - Web 8 - Global CTF