NdH2k14 Prequals retrospective

Published on Tuesday, 08 April 2014 in Security ; tagged with ndh, ctf, challenge, security ; text version

It's been a long time

It has been a long time since I wrote something for my blog. This can been explained because of the transition between the end of my internship at Société Générale and the beginning of my semester at my University.
For the first time since a couple of semesters, most of my lectures are interesting. I have to deal with ARM architectures as well as programing on WiFi access point (on the OpenWRT firmware).

Moreover, I am applying for the GSoC 2014 edition this year.
The redaction of my proposal took me some times but I expect good news for my mentor really soon.
I will give you more information as soon as the official announce is published. At that time, I will write a few lines concerning the project I am applying for :)

Anyway, the following post describes the basic mistakes we have made while attending to the CTF for the NdH 2014 prequals.

CTF NdH 2014 Prequals

Last week-end (5 - 6 April), I have attended to the CTF for the NdH 2k14 prequals with HackGyver. According to the final scoreboard, we are 28th over ~400 teams (~240 of which have validated at least one challenge).

This is not an excellent score but we were kind of proud to reach that position since it was the first time we were gathered in our hackerspace in order to attend a CTF (usually we were doing so over IRC).

Since I was f*cking useless during this CTF (sigh), I will not write any write ups (you might check some of our write ups in jvoisin's blog). In fact, this post will more be like an retrospective of what we did good and what we did not.

What we did good

Team cohesion

First of all, I was pleased to see how easy it was to split the work. When the list of the available challenges was published, each of us chose one category to work on. Aside from the deception to see no cracking/re challenges (:/) we all got to work really quickly (I took a web challenge at first).

When the first challenges were solved (~50 points challenges), we changed our strategy and started to work as binomials and then all together for harder ones.

It was nice to see no one being like "Well, what the hell can I do now? I am useless..." (except for me by the end of the day but anyway...). At least it was true until 7pm.

Everything is easier when being together

For the first time, we attended to a CTF using the locale of the hackerspace and this, my friends, was really nice :)

It does not fundamentally change anything from participating through an IRC channel. With IRC you can explain what you have found so far on a challenge, you can ask questions to mate, share ideas, etc.

But being in the same place at the same time eases the overall process. And by ease I mean it makes every exchanges instantaneous!
How many of you have found painful to describe something really technical on an IRC channel, like when you are reversing some binaries?

In the locale, you can just ask your mate to move and check out your screen, use the blackboard to draw something explicit and even use the video-projector to display something for everyone! (Didn't use the last one for this CTF but I think we will for the next ones).
Plus, it is way funnier to be together even if I usually prefer being at home when working on something because of my setup.

What could be optimized

Beeing 28th is a start but we could definitively have done better. We did some mistakes and I think it could be interesting to share them.
This way, the next time you (amateur teams) and us will do better!

Take some rest

The first thing that comes up in my mind is the following: Take some rest.

During the 24 hours of the CTF, two members of the team (me included) did not sleep at all and I think we (the team) can agree that it was a mistake.
To be honest, I already managed to stay up more than 24 hours, in order to finish a project for instance, but we can all agree that at some points, everything you do starts being shitty...

In our case, after eating some pizzas around 6/7 pm, no one was able to start working anymore, at least not efficiently... And on a 24h CTF, it represents 25% of the available time.

Start working on medium/hard challenges early

We started to work on medium/hard challenges around noon/later in the afternoon. And this was a mistake.

Even though I think it is important for the moral to validate an easy challenge at the really beginning (you know you can do something and you can see your team climbing the scoreboard, two things really nice), you should start to think about the harder challenges really early for two reasons:

  1. You will be fresh with a brain fully operational.
  2. You can go back working on these challenges later in the day if you are stuck.

When we started working on the harder challenges in the afternoon, we were tired already. Plus, knowing that there was not so much time left increased the pressure and messed up our thinking.

Do not waste your time

The last mistake that I can think of is that we wasted too much time on some challenges. In our case, we have spent so much time on the web100 challenge because the admins were not able to explicitly tell us whether the challenge was up or not...

The solution of this challenge was really simple. With an XSS injection, we had to send a mail to the website's administrator in order to grab his cookie, log in and access to a restricted page were the flag was displayed.

But the staff had a lot of troubles with the bot that checked and simulated clicks on the URL we were sending and they were not able to clearly state if the challenge was working or not.
These two elements gave us some headaches because we wasted time trying to find another solution when our current one was correct.

When they finally fixed that challenge, we solved it in a second (gg to kiwhacks for grabbing the flag o/) but still, a lot of time was wasted :/


When attending to a CTF, where time matters and where brains are under a lot of pressure, you still have to get over it by:

  1. Sleep a few hours.
    If our eyes are opened but your brain stopped working, it is definitely useless. Go sleep an hour or two!
  2. Work on the harder challenges really early.
    You will be able to evaluate the plausible attack vectors and, in the case your are stuck, you will have time to go back working on these challenges later.
  3. Switch challenge when you are stuck and it is not worth it.
    Some challenges are not worth spending too much time on them. In the case of this CTF, one of their challenge was buggy and we spent to much time on it not knowing if we had to find another solution.
    Plus, the Worthless challenge was not worth it either since it only grants you 50 points.

I hope we (Hackgyver) will be able to attend to another CTF really soon because I cannot wait to see what we can do when following those obvious but necessary tips :)

Hackgyver's players

contactdepier.re License WTFPL2