Forum Thread: How RAZE Captured the Flags

JSchmoe wins the CTF, but me & wirewise would still like to make a writeup about our failure :P

First of all, gaining access for me and WireWise was incredibly hard, due to the following reasons:

  • Our proxies were unresponsive
  • Nmap spitted out weird and unreadable output
  • Port forwarding didn't work for both of us
  • And a lot more...

After the problems suser decided to give us the vulnerable port (due to nmap not working) and allowed me to SSH into his attacking machine because mine was having a lot of trouble reaching the CTF server.

For the exploitation, we simply used the tomcat_mgr_upload exploit, which basically automates what JSchmoe did in his breach of the server. We used a Java meterpreter payload.

The login credentials were tomcat/tomcat. It was late so suser simply gave them to us. Maybe because he felt sorry for our unfortunate technical difficulties.

Image via

Once we executed the exploit and got in, we looked for the files using the find / -name "*.gpg command as well. But suser sent me the flags because I couldn't download them directly to my machine (take note that I was using his attack box).

Once that was done, It is just a matter of cracking! Ugh!

Sorry for the un-detailed description, but RAZE didn't really do much due to our technical difficulties. We spent more than 3 hours on trying to even reach the server, not to mention the other problems we had!

Me and WireWise will stop here with the competition, thus making JSchmoe the winner. Well played Joe, well played.

Me and WireWise also have a suggestion for the next CTF: declare it earlier! Like one month before it is actually kicked off! Most hacks take years to complete, this one isn't that much different. I think the reason for our problems was lack of preparation time.

Was it a fun experience? Not really, due to all the problems me and WireWise experienced. But we will hopefully have more luck next time!


7 Responses

I agree that I hope the next CTF is more difficult but gives a week/month worth of time for people to figure it out. I'm more for the learning opposed to speed and competitiveness. Personally, I had a blast!

I personally think more vulnerabilities should be inserted, allowing for more strategies.


right but do try to think of it from my perspective I was letting a group of hackers attack and potentially gain full root access to a box that was tied to my personal identity. I was mainly trying to keep you guys on a leash so I could monitor your activities closely. This was also the reason for the short time period that the server would be up (well that and I'm cheap :P).

How about getting a cheaper VPS somewhere else not tied to your name?


I'd gladly pay BTC to support such events if need be :)

After reading the two solution articles that have been posted, I think the following events will be improved and very fun!


I need to figure out why my router refused to port forward. That was my issue but I knew what to do XD

Share Your Thoughts

  • Hot
  • Active