By: Pragmatk

Pragmatk — Sun, 18 Jan 2009 19:17:42 +0000

There were no buffer overflows.
Challenges / services:
- insecure setups / “trojaned” configs
- An Ada service with a rather obvious backdoor (and some less obvious) + a search flaw which led to revelation (and therefore retrieval) of flags.
- A real funny perl implementation of BASIC as a CGI-handler. It had some unsanitized open()-calls which enabled arbitrary file reads, command execution through pipes, etc.
- Some Ruby web service which I must admit I didn’t understand much of.

[I might have missed one or two there, but you get the concept. There wasn't any "real" overflow-stuff]

Your age comment is ridiculous, blizzarddemon. Those guys won because they were quick to grasp the system setup and develop methods for systematically collecting the “flags” (hashes) from the other contestants and because of their ability to navigate through the treacherous config files (those were causing our team, the Janet Reno Redemption Fund, real problems – I think three hours passed before we *found* the last two services), not because of their age. I’m 15, and I think the oldest person in our team was 40-something, so we had the whole range covered – so why didn’t we win?! ;o)

By: blizzarddemon

blizzarddemon — Fri, 02 Jan 2009 02:20:27 +0000

Impressive, seeing the focus of there groups, I’d bet these guys might also be younger then the rest of the other folks attending. I’ve seen both groups work and I’ve yet to be disappointed.

By: Zamadatix

Zamadatix — Tue, 30 Dec 2008 15:37:33 +0000

amazing bootmii demo video:

By: TJHooker

TJHooker — Tue, 30 Dec 2008 15:31:15 +0000

They probably learned routing algorithms and buffer overflows way before they started reverse engineering firmware; they’d have to actually.

Comments on: 25C3: CTF dominated by iphone-dev team, HackMii

By: Pragmatk

By: blizzarddemon

By: Zamadatix

By: TJHooker