DerbyConCTF Index To Flags Found

October 2, 2014 — 4 Comments

Here is an index to the Capture The Flag (CTF) flags I found during DerbyCon 4.0 Family Rootz:

No Flag Points Explanation
1 password 20 Link
2 MayUrG0atsBeFr33 20 Link
3 Goats34Milk 20 Link
4 ML5jVuOCTvMhaG70p0BL 20 Link
5 HopeSolo 40 Link
6 MudFlaps 80 Link
7 ImpossibleToHerd 20 Link
8 lambSkinCoat 40 Link
9 mossyoakcamo 30 Link
10 pirateslife4me 100 Link
11 time2seethebirds 100 Link
12 TheFappening 100 Link
13 SourceCodeTheft 100 (Not yet published)
14 PurpleMooCow 500 (Not yet published)

I will update this table with links to each of the flags as I blog about them.

I hope this blog series:
1. Will help hesitant hackers participate in a future CTF by giving them a starting point of where and how to look for flags.
2. Will produce a conversation with fellow CTF participants that stumble across the blog about what their experiences were with this particular CTF.
3. Will produce a conversation about the flags I overlooked, techniques/tools I need to become proficient at and pointers on how I can be a better hacker and CTF player.

Aaron Melton


4 responses to DerbyConCTF Index To Flags Found

  1. Hi Aaron, thanks for doing the writeups. I was on team UnicornPoo – we came in 13th overall. I don’t usually blog but happy to share what I have – we were not that organized during the competition 🙂

    • 13th is pretty good in my book. I really had too much going on to do well as an individual and I’m disappointed at how I didn’t approach this competition as methodically as I should have. Looking back at how I obtained my flags, I was really all over the place and didn’t invest enough time to thoroughly investigate every box/service and document what I found before moving onto the next. There’s always next year. 🙂

  2. Thanks for the writeup! I’m going to Derbycon this week and plan to try the CTF. I’ve never really done a live CTF before. What do you use for a CTF laptop? I prefer to use a pure linux laptop but I know some like to use VMWARE or some other virtual machine setup for different aspects of the contest.

    • Moriskod,

      I apologize for the delayed response to your inquiry as DerbyCon is already over — but better late than never? 🙂

      The first CTF I ever participated in I used VMWare Player to run Kali. It worked okay, but I ran into problems with both sharing the Ethernet port with the host OS (Linux in this case) or using a USB Ethernet port. Learning from that experience I simply used a second HDD dedicated to CTF that I didn’t have to worry about. I made sure everything was working as anticipated before the event and afterwards I wiped the drive. In spite of the rules and spirit of CTF, you will likely find (if you’re paying attention) someone else on the CTF LAN attempting to hack your own box. I’d rather be safe than sorry.

      Hope you learned a great deal from this year’s CTF and if you blog about it anywhere, please let me know!


Leave a Reply

Text formatting is available via select HTML.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>