usd AG hacking challenge / hackertag 2016 writeups

tl;dr I participated in a hacking challenge and got all five tokens/flags. Here are the writeups: part 1, part 2, part 3, part 4


Last week, I took the hacking challenge posted by usd AG to win a spot in a one-day pentesting workshop. Now that the submission deadline has passed, I am happy to share writeups of my solutions for all five tokens.

I had not really been actively working that much with pentesting and exploitation techniques in the last couple of years, so I was not feeling overly confident when I started to poke around on the challenge website. But once I had allowed myself to feel challenged... stopping was not an option any more.

The Challenge

Although I would say that this was a very well-designed hacking challenge with many really fun details, in retrospect it was not that hard overall. I have seen wargames and CTF challenges online which I consider significantly beyond my capabilities, at least within reasonable solution time frames, but here I made good progress until I arrived at the binary reversing part. That last part, which I did spend considerable time on, was the hardest but also most rewarding for me because I had almost forgotten how much fun this system level stuff can be.

The five tokens were:

  • HTTP header (described in part 1)
  • Open proxy (described in part 1)
  • SQL injection (described in part 2)
  • HTTPS man-in-the-middle (described in part 3)
  • Obfuscated password in ELF executable, packed and with anti-debugging techniques (described in part 4)

I submitted my tokens on Friday evening, and since this blogging site had been sitting around idly for months anyway, I thought why not publish some writeups to get it started at last.


This challenge was a lot of fun and really got me interested in the CTF scene again. I am definitely going to participate in a CTF every now and then to keep up-to-date with the more attack-oriented side of my field. My current work focuses on ISMS and compliance, but it cannot be complete without at least basic knowledge in exploitation.

Thanks to usd AG for putting a lot of thought and work into this challenge! I do hope there is a spot in the Munich event with my name on it.

Comments !