Thank you all for playing! We hope you had as much fun playing as we had organizing!

Congratulations to our winners:

  1. pasten
  2. Tea Deliverers
  3. Dragon Sector

See you all in a bit at the Chaos West Stage!

The flag file on the host is called /flag2.

Hi CTFers,

whether you captured a flag or not, join us at the Chaos West Stage at 21:30 local time. We'll announce the winners and have some beers together!

See you there!

You may send the payload as *.pdf instead of *.pdf.exe, in order to prevent Google Mail from filtering the attachment. We will rename it to *.pdf.exe on the vulnerable machine.

XSS and CSRF are not the only client-side attacks.

A rate limit has been added to SimpleGC of 10 connections per minute. Bruteforce is not necessary

Two new challenges released: rofl (crypto) and fuckbox (reversing)

When submitting a post ID to the admin, he will visit the URL http://localhost:1342/post/<postID>.

He uses a headless Google Chrome, version 63.0.3239.108.

We have updated the 'source' command in minbashmaxfun to print one additional line.

This is just for information purposes, nothing else inside the shell has changed.

We have released a new challenge: miner (crypto). Refresh and have fun!

5 bytes in SimpleGC have been changed: The alarm(160) call in main() is gone (patched out). Everything else remains the same.

Link to updated files. Challenge description was also updated.

We released a new crypto challenge! Press F5!

We added a second IP for superblog1 and superblog2. Refresh.

The URL for primepwn was fixed. Please refresh the page and re-download the linked .tar.gz file.

Happy hacking everyone <3

Fellow CTF players,

34C3 CTF is officially confirmed. This is the 6th iteration of this event and it will be as awesome as ever! It is a Jeopardy style CTF and is open to everyone online. The contest will run for 48 hours, from Dec 27th, 20:00 UTC to Dec 29th, 20:00 UTC. As always, try not to ruin other people's fun.

If you happen to be at the 34th Chaos Communication Congress, you are free to come and hack with us.

There will be a less hardcore version of this CTF with a different, easier challenge set. You can read more about it on the linked website.

And of course, there will be pwnage!


Twitter: @EatSleepPwnRpt

UPDATE: The start time was originally announced as 19:00 UTC. It was corrected to 20:00 UTC.

UPDATE 2: The Junior CTF has its own website and announcement now!

UPDATE 3: For one of the challenges, a strong VM host could be useful for 34C3 CTF. Win10 RS3 VMs can be downloaded from Microsoft. Apply latest updates. We recommend VMware and 16G of RAM. Also see this tweet.

Infrastructure sponsored by Google Cloud