Stripe CTF Solutions
Just what it says on the tin.
What?
Stripe held a CTF challenge that ran for one week, February 22nd to the 29th. It was basically a series of pentests. These were my solutions to all of them.
Why?
For posterity, mostly. I had a lot of fun completing the challenge, and even made some friends along the way. Now that it’s over, sharing our solutions lets us all compare our methods and learn from one another. Also, brag a little bit.
How?
Each folder corresponds to a level. In the folders is the message of the day printed when you logged in, any associated files, a solution folder with the steps taken and code used to exploit the level, and an explanation of how the exploit was found and works.
To Do
- Add an in depth explanation of how the magical solution to
level04works.
Credit Where It’s Due
A lot of the various improvements and implementations in level06’s timing attack, and the (forthcoming) explanation to the magical level04 solution are the result of my work with Thomas Hebb and Alex Yakoubian. We spent days bouncing off ideas to improve our timing attacks and stepping through level04 instruction by instruction to explain my magical solution. My work on the CTF would not be nearly as good without them.