I spent some time over the weekend participating in Google's first CTF. There were 15 web challenges total with a large emphasis on Cross-Site Scripting and a few related to Google tech/products. I put together some write-ups on the challenges I was able to solve.
Google CTF – Web 7 – Spotted Quoll
Google CTF - Web 7 - Spotted Quoll
Google CTF – Web 11 – Flag Storage Service
Google CTF - Web 11 - Flag Storage Service
A challenge involving injecting into Google's Query Language (GQL) using a blind boolean technique to extract a password from the database.
Google CTF – Web 12 – FSS – Electric Boogaloo
Google CTF - Web 12 - FSS - Electric Boogaloo
Google CTF – Web 15 – Horton Hears a Who!
Google CTF - Web 15 - Horton Hears a Who!
Google CTF – Web 3 – Ernst Echidna
Google CTF - Web 3 - Ernst Echidna
Description: "Can you hack this website? The robots.txt sure looks interesting."
Google CTF – Web 2 – Wallowing Wallabies – Part Two
Google CTF - Web 2 - Wallowing Wallabies - Part Two
Continuing on from Wallowing Wallabies Part 1.
Google CTF – Web 4 – Dancing Dingoes
Google CTF - Web 4 - Dancing Dingoes
Description: "We're interested in finding out what information is stored on this website. We've already obtained the username "proff" and the password "strobe.c", but can't work out how to access the "admin" user. Any ideas?"
Google CTF – Web 8 – Global CTF
Google CTF - Web 8 - Global CTF
Google CTF – Web 6 – Purple Wombats
Google CTF - Web 6 - Purple Wombats