Hackerone $50M CTF Writeup

Holy. Shit.

What a hell of a CTF! Those timing attacks, especially the one on the hash were hella cool… I’m sure it was quite exciting to see the hash materialize out of the air like that!

You gotta have some really really good networking to perform an attack like that though… any jitter or latency in the connection and it’d be really hard to make the timing comparisons, no? We’re talking about 500ms. I’m sure the CTF guys put a manual delay in their hash checking function but still.

And what a cool CTF challenge. I love how they just included a 3rd party PDF creation tool as part of the victims in the process. Hilarious lol.

Leave a Reply