
Stripe CTF Post Mortem: A Would-Be Hacker's Tale - noffle
http://www.stephenwhitmore.com/stripectf/
======
kijin

        <?php
        echo `cat ../password.txt`;
        ?>
    

That doesn't look like the work of a very talented hacker. Whatever happened
to readfile() ?

The attack could also have been a lot more interesting if .php files were
disallowed but short snippets like this could be hidden inside GIF images.

~~~
vasco
In one of the rounds the attack was exactly that, payload inside a gif

~~~
Smudge
Really? Which level was that? I don't recall using such a technique, but maybe
there were multiple solutions.

------
mbeattie
He didn't talk about the last level for some reason.

~~~
noffle
The astute reader will also note that Five and Six were also not discussed.
From the fourth paragraph, "I will be discussing a subset of the nine
challenges".

------
newnham
last challenge?

