So, on February 11th – 12th I took part in Cyberthon 2021 by University of Vilnius. After eight hours of lectures on interesting topics the CTF was opened. At a glance the topics of the CTF were quite interesting, ranging from web pentesting to digital forensics. There were some OSINT challenges scattered in there for good measure, too. Sadly, those OSINT challenges were quite easy, as most of the answers were found in the metadata or by doing a simple Google search.
On the other hand, some of the challenges were quite frustrating. The forensics challenges often had something to do with Windows registries that we had to go through with FTK Registry Viewer or locating hidden files with FTK Imager. Most of the time these challenges were time-consuming, but not strictly hard.
What really drove me nuts during the 24-hour CTF were the web pentest challenges. I’m ashamed to admit that I didn’t solve any of them, even though in the beginning I thought I would get the most out of those ones. Sadly, those challenges were also the ones that awarded the most points. One of the pentest challenges was a VM that I wasn’t even able to get to boot properly. I wonder if that was the challenge in itself or if I had just messed up things? I’ll never know, because there were no instructions that came with the VM.
Another pentest challenge featured a WordPress site that had a vulnerability through an outdated version of Contact Forms addon. The vulnerability allowed a commenter to upload a malicious file through the image upload feature, because the addon failed to check for the correct file type if a particular Unicode was used. For some reason the addon didn’t work at all, meaning not even a perfectly normal comment could be posted. I’m not sure if this was due to the settings of the WordPress site, but this shut me down completely from this challenge. I even wrote a poor php script to abuse the vulnerability, shame that I didn’t get to try it out. 😂
I spent around 10 hours trying to solve the challenges and reached the 11th spot at best. Before I called it a day and went to bed, I was in position 15 in the scoreboard. I didn’t have time to try to solve the challenges next day, but I suppose I fell down a couple of placements when the CTF ended. It’s alright though, since I didn’t expect to do even this well in the challenges.
All in all I had a lot of fun with this competition and want to thank the University of Vilnius for taking the time to build something like this. Hopefully there will be more events like this in the coming years!
In the other news, I’ve been very busy with coursework recently, which takes time away from other activities. I’ve also been feverishly applying for jobs and trying to sneak in some extracurricular studies every now and then, but it’s a balancing act, to say the least. Hopefully things will settle in the coming months as I start getting closer to finishing my bachelor’s degree, because I really want to get back on the track with CTFs.
Until then, 👋