Run your own CTF: Stripe publishes VM images (opens in new tab)

(stripe.com)

106 pointsab14y ago11 comments

11 comments

Thanks again for running this Stripe. It was quite fun and informative to actually implement some of these exploits rather than just recognize the possibility for it existed. Every level was instantly recognizable for the weakness that was available to take advantage of, but it sometimes took me hours of effort to write something that exploited it.

ericb14y ago

I am surely dreaming, but I would love to see a soup to nuts blog post series (not necessarily from Stripe) that would take me through every step, the reasoning involved, how to protect against the exploit, creating the C programs on linux, etc. Something along the lines of the multi-part pokerbot series I remember from a long while ago.

Thank-you to Stripe for putting CTF together!

Getahobby14y ago

https://github.com/dividuum/stripe-ctf The above was linked to in the article.

ericb14y ago

Missed that. Thank-you!

nathancahill14y ago

Awesome guys. I greatly enjoyed being there for the final presentation, especially hearing all of the different ways people had solved the levels. Thanks for publishing the AMIs.

rwmj14y ago

They've got VM images locked into Amazon Web Services. That's not the same as publishing VM images in an open format.

thehodge14y ago

Am I missing somewhere where it says open format? It specifically states they are using Amazon web services... It might not be to everyones taste but there seems to be this never ending battle for "I wish they would open source it", "I wish they would make it more open", "I wish they would use the BSD licence instead of GPLv3" it just seems to never end..

charliesome14y ago

I wish they would throw up a flat hdd.img

abOP14y ago

It's pretty easy to run an instance for a few minutes while you rsync the whole thing wherever you want. We used AMIs mostly because we ran the CTF itself in AWS and didn't have a great place to store the images otherwise.

spydum14y ago

Thanks for putting this on and leading me to smashthestack.org, I had looked (admittedly, a shallow look) for a CTF style game after doing one at a conference last year. These things are crazy addictive to me..

1 more reply

j / k navigate · click thread line to collapse

11 comments

janzer14y ago

ericb14y ago

Thank-you to Stripe for putting CTF together!

Getahobby14y ago

https://github.com/dividuum/stripe-ctf The above was linked to in the article.

ericb14y ago

Missed that. Thank-you!

nathancahill14y ago

Awesome guys. I greatly enjoyed being there for the final presentation, especially hearing all of the different ways people had solved the levels. Thanks for publishing the AMIs.

rwmj14y ago

They've got VM images locked into Amazon Web Services. That's not the same as publishing VM images in an open format.

thehodge14y ago

charliesome14y ago

I wish they would throw up a flat hdd.img

abOP14y ago

spydum14y ago

1 more reply

j / k navigate · click thread line to collapse