Yesterday was the iCTF game. Needless to say, it was crazy, intense, and lots of things went wrong. However, much to our suprise, we did pretty well for a bunch of rookies: (We’re WCSC).

It was quite different than what I expected. I thought that teams would have about three flags on their machine at a time, and get new ones every half hour. However, it was more like ten at a time, with new ones every minute or so. In order to actually perform like that, we needed scripts to do the work.

I made lots of tiny perl scripts, and chained them together. At one point my command line was:

perl | perl | grep MTN | php urlencode.php| perl

Breaking that down, the first perl script (named because it was exploiting a C program called cprog that included inline ASM and called a perl script to do some dirty work) fed an enemy httpd an URL causing cprog to spit out the most recent flag stored in a particular place on their machine. put each flag on a different line, the grep separated out the flags from the chaff, urlencode.php worked as advertised, and actually did the submission.

Can this work?

It works!

We did get best logo: WCSC logo