Shall We Play a Game?

UPDATE: Wednesday, January 22, 2020

I finally went through every submission from the recon CTF and it was very fun to read everyone’s comments and thought process. The point of the CTF was to make the giveaway less random but I also wanted to see how everyone approaches the CTF and to see what rabbit holes you will end up in. There were a ton of good submissions and it was very hard to select winners and I appreciate everyone participating in the CTF! 

Here is how the winners were selected: The first time I went through the submission, I was going to pick the winners by selecting the first three submissions that came in, but then I realized that wouldn’t be fair to people that may be asleep. With that said, I still wanted to make the first submission special, so I have selected them as the first place winner. Second and third place winners were selected based on the quality of the writeup and reporting style. 

Winners

FIRST PLACE: RAHUL_R95

  1. eLearnSecurity PTS v4 (Elite Edition) 

  2. PentesterLab subscription (one month)

  3. NahamSec Sticker+hoodie

SECOND PLACE: ADAM

  1. BurpSuite Pro License 

  2. PentesterLab subscription (one month)

  3. NahamSec Sticker+hoodie

THIRD PLACE: SIMONE_BOVI

  1. Shodan Account

  2. Pentester Lab (one month)

  3. NahamSec Sticker+hoodie

PENTESTERLAB WINNERS:@COPENHACKING, @STOFERSS, @CIRCASECURED, @ESCN, @RISINGHUNTER_

I have already emailed all of the winners including the NMP submissions, but I want to keep their identity anonymous. The NMP winners were selected based on the quality of submissions and attention to small details.

If you are curious about the solution, here are some of the write ups I have seen on Twitter and Discord:

Video Solution by c0rruptm0nk

PirateDucky’s Solution

m1ndfulhacker’s Solution

Hazana’s Solution

Last but not least: a big THANK YOU to Yasser for helping me put this together, the folks at eLearnSecurity for sponsoring the giveaway with their eLearnSecurity PTS v4 (Elite Edition), and of course, all of you for participating! 


When I hit 25,000 followers on Twitter, a few people mentioned that I should do a giveaway and make it special. Sure, I could give out random stuff for free and call it a ‘giveaway’ but I think it needs to be more personal. It should be something that will bring some value and will seem directly from me. After endless late nights of recon and brainstorming, I had an idea — create a recon CTF one I hit 30k. This CTF isn’t really that hard, it was developed with up and coming hackers in mind, but it requires you to think about how to find the right site(s) or endpoint(s) in order to complete it! 

Here’s everything you need to know:



First Place: 

  1. eLearnSecurity PTS v4 (Elite Edition) 

  2. PentesterLab subscription (one month)

  3. NahamSec Sticker+hoodie

Second Place

  1. BurpSuite Pro License 

  2. PentesterLab subscription (one month)

  3. NahamSec Sticker+hoodie

Third Place

  1. Shodan Account

  2. Pentester Lab (one month)

  3. NahamSec Sticker+hoodie

Best Write Up(s)

This could also be one of the top 3 winners, but does not have to be

  1. NahamSec Sticker+hoodie

  2. Direct mentorship from yours truly (Optional)

Rules: 

  • No cheating or sharing answers

  • Nahamsec.com / Nahamsec.dev or any of the boxes I have used during my streams are not used for this CTF. 

  • This is a recon CTF! Think recon and check out the tips or ideas I have shared while streaming for inspo. 

  • Please don’t ask for help or hint on Twitter. If I have anything to share, they’ll be posted directly on my Twitter so it’s fair and available for everyone.

  • If you want to solve this to become a part of my mentorship program, send your submissions in with “[NMP]” in the beginning of the title. (i.e.: [NMP] Recon Submission)

Also, a big thank you to eLearnSecurity and Pentesterlab for sponsoring the giveaways as well as Yasser Ali for helping me put this CTF together. 

Good luck, have fun, and happy hacking! 

UPDATE: Wednesday, January 22, 2020

I finally went through every submission from the recon CTF and it was very fun to read everyone’s comments and thought process. The point of the CTF was to make the giveaway less random but I also wanted to see how everyone approaches the CTF and to see what rabbit holes you will end up in. There were a ton of good submissions and it was very hard to select winners and I appreciate everyone participating in the CTF! 

Here is how the winners were selected: The first time I went through the submission, I was going to pick the winners by selecting the first three submissions that came in, but then I realized that wouldn’t be fair to people that may be asleep. With that said, I still wanted to make the first submission special, so I have selected them as the first place winner. Second and third place winners were selected based on the quality of the writeup and reporting style. 

Winners

First Place: Rahul_R95

  1. eLearnSecurity PTS v4 (Elite Edition) 

  2. PentesterLab subscription (one month)

  3. NahamSec Sticker+hoodie

Second Place: Adam

  1. BurpSuite Pro License 

  2. PentesterLab subscription (one month)

  3. NahamSec Sticker+hoodie

Third Place: simone_bovi

  1. Shodan Account

  2. Pentester Lab (one month)

  3. NahamSec Sticker+hoodie

Pentesterlab Winners:@Copenhacking, @Stoferss, @CircaSecured, @escn, @RisingHunter_

I have already emailed all of the winners including the NMP submissions, but I want to keep their identity anonymous. The NMP winners were selected based on the quality of submissions and attention to small details.

If you are curious about the solution, here are some of the write ups that were sent to me on Twitter/Discord:

Video Solution by c0rruptm0nk

PirateDucky’s Solution

m1ndfulhacker’s Solution

Hazana’s Solution

Last but not least: a big THANK YOU to Yasser for helping me put this together, the folks at eLearnSecurity for sponsoring the giveaway with their eLearnSecurity PTS v4 (Elite Edition), and of course, all of you for participating! 

Previous
Previous

My Expense Report resulted in a Server-Side Request Forgery (SSRF) on Lyft

Next
Next

Chaining Multiple Vulnerabilities to Gain Admin Access