Earlier this month we published the following image on our Twitter:
We deliberately left out any other details to this image. Of course, by mentioning flags we were surely suggesting that behind the encoded string awaits an exclusive CTF competition.
Our experienced readers would recognize that the second string is Base64 decoded. Decoding it results in the URL “https://T19challenge.com”. Inside, the background story and a sign up form to try to solve the challenge.
Unlike traditional CTF competitions, we wanted the T19 challenge to imitate a real life hacking situation. Instead of building multiple challenges and a ranking system (“Jeopardy style”) the challenge revolved around one application on a machine with the flags saved on it as hidden files. The goal of the challenge was to empty a database of hashes. To do so however, one would have to escalate privileges in a way that would expose the flags in order.
We are no longer hosting the challenge, but we did publish a Docker image similar to the one we used, so you can locally run the image and try to solve the challenge by yourself. See the challenge website for this option.
0xf – Flag found by infiltrating the web server on the web user’s home directory
0xff – Flag found after successfully escalating privileges to a second user
0xfff – Flag found after successfully exploiting the server binary and emptying the database
0xffff – Hidden (optional) flag found after escalating privileges to the root user
The top 7 participants to submit the flags to the CTF team are:
- Anonymous participant
- William Bowling (vakzz)
Special thanks to vakzz for helping us fix a (real) security issue we had with the CTF platform.
The full list of finishers of all levels can be found on the T19 challenge website.
The prize challenge coins are in the making, and will be delivered to the winners through February.
Finally, we would like to thank all participants for their efforts. It was a lot of fun running our first CTF and seeing everyone give their best efforts to solve it.
The following participants had written excellent writeups with their solutions to the challenge. Please contact us if we missed anyone else’s.
- kileak – https://kileak.github.io/ctf/2019/T19Challenge/
- daniellimws – https://daniellimws.github.io/t19-challenge-1.html
See you at our next challenge!
Breaking out of Docker via runC – Explaining CVE-2019-5736Read the Blog
T19 Challenge – Twistlock Lab’s first security challenge summary and solutionsRead the Blog
Kubernetes emergency survival: Hotfix patching running podsRead the Blog
Demystifying Kubernetes CVE-2018-1002105 (and a dead simple exploit)Read the Blog