Capture the Flag


I went to an interesting meetup in denver created by Learn Cybersecurity Denver, and it was an intro to Capture the flag.

It was really well done, and the challenges were well spread out from true intro, the advanced AppSec.

I however realized in the shower, that I could use the exploit from level 2 on AppSec to write my own terminal and gain access to all the passwords. I want to contact them and see if they were aware of the secondary attack.

Things I played with: Directory Traversal attacks and sgid exploits. It was a brain teaser.