Upfront: It was an awesome event for nerds.
The Squareroots Team did a great job teaching the basic hacking techniques like SQL-Injection, File-Inclusion (RFI, LFI,Â …) using regexes, JS, bash-scripts, python and very much more. So one just got an overwhelming amount of information in the theoretical lessons, and before you could realize what you just learned it’s „And now YOU hack!“-time. The challenges on the server showed on your screen, you felt like „WTF? OK, gotta start doing something…“ because the scoreboard on the beamerÂ arose and you needed those f***ing flags submitted to get points and don’t fall to far behind the others. You know, everybody wants to win =) And trying, failing, trying, failing, trying again and then find this hole to get the password… great feeling while you read „Got access! Goto Level 8“. Smile on your face, submit the flag to the scoreboard and go for the next level!
So after two days of intense learning hacking techniques and solving IT-riddles the teams were split up for the final CTF and we were brought to the Squareroots dungeon.
The CTF competition itself was quite messy – so much things to do, so litte experience, so much chatter about what to do. It was tense. And hours felt like minutes. It was great fun. An in the end our team 3 (10.0.3.x), won in an epic style because our super-solid computer-kung-fu! xD
No, not really. We were like a baby thrown in in swimming pool, just getting 10% of whats going on. What are the services running on our server? OMG, I found flags on the other teams server! How to I retrieve them? Write a script to extract those images with flag-codes written on them? Script fails, gotta run to close one Â that other holes…
We had no clue. And so did the other teams. Every hint by a member of the squareroots was worth a ton of gold. Or flags. So finally we maybe had the best tips. =)
After all I can say it was great fun and the Squareroots did a awesome job. I you want to know more about the team or join their next workshop check => squareroots.de.