Code Name: 2019 Stonecutters CTF

A secret society, not unlike the illuminopi (did I spell that right?), is putting on a secret CTF that will run for all of 2019.  They will add challenges over the course of the year, some exist but are currently locked behind other challenges, and some will be retired as the solve rate reaches 100%.

I have been given permission to write-up retired challenges if I scrub all of the CTF's identifying information.
So that I can refer to this event, I've code-named it: the 2019 Stonecutters CTF.

The 2019 Stonecutters CTF

In addition to what I have already shared, I can tell you is that this a Jeopardy style CTF, when challenges are solved the point value decreases, and there are a lot of very high-level competitors playing...like 100 of them, so I don't expect to score a lot of points.

Please feel free to check back every now and again for updates or watch the following twitter feeds for newly added write-ups:
@strupo_
@TeamWTG

Thanks,
-strupo_

Challenge Write-Ups:


Quinn Hopper's Class 

The Bus the Couldn't Slow Down - Image Processing Challenge

<redacted> 118 points

Stone of Shame - MD5 Hashing Race Condition

<redacted> 200 points

Stone of Triumph - Random Hashes Race Condition 

<redacted> 75 points

Where's the Any Key?

Easy Drinking Duff - Easy SQLi

https://blog.welcomethrill.house/2019/03/2019-stonecutters-easy-drinking-duff.html
75 points

Fink Does Yoga - XXE Challenge 

Battle of Gettysburg - OS Command Injection

https://blog.welcomethrill.house/2019/07/2019-stonecutters-battle-of-gettysburg.html
494 points

Bleeding Gums - Trickier SQLi

Crypt-D'oh and Steg-D'oh

Burns's Bear - Ransomware Challenge

<unsolved>

Bobo the Bear - Ransomware Challenge (Hard)

<unsolved>

Bobo the Bear's Eye - Ransomware Challenge (Harder)

<unsolved>

Radioactive Man - Digital Signals Challenge

<redacted> 352 points

Popular posts from this blog

A Primer for On-Site CTFs

BHIS CTF@Shmoocon 2019 - Feeling Blue?

DEF CON 27 - Our Car Hacking CTF Experience