Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is suprisingly fun. At first, you feel like a badass, reading the documentation for every function call, googling for exotic bugs. Then you feel like a total idiot when you notice how simple it actually is. Finally, you laugh at people in the IRC because you know exactly how stupid they feel.


The most frustrating thing was knowing exactly what the exploit was, but not quite getting how to take advantage of it.


Yeah... I can't believe I spent time looking for something wrong with the HMAC used for session cookies. Also, I'm pretty sure I solved #5 the "wrong" way since it didn't actually involve the hint they gave.


I didn't use the Level 2 server for #5 either (although I did for #8) - so I suspect that many people solved it the same way.


Yup. Kept overthinking it. Oy.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: