Please submit flags as soon as you find them. You are not allowed to hold on to the flags until the last hour.
The OWASP AppSec Conference Bucharest 2017 CTF is ready to start at 9am. Have fun and happy hacking!
We've added plenty of hints. Happy hacking!
We've added a new exploit challenge named feeder2.
We've updated the archive for the Crypter challenge.
We've added a new reverse challenge named Crypter.
We've added hints for the All Over and Already There misc challenges.
We've added a new exploit challenge called Mail.
We've added a new misc challenge called String Mapper. It's a rather difficult 300 points challenge. Do enjoy.
The qualifiers will start on Saturday, September 9, at 10:00:00 and end in the same day, at 22:00:00, EEST (i.e. Romania time).
For any support we will use the Freenode channel #owasp-bucharest-ctf.
Unless otherwise stated, flags use the format OWASPCTF{Some_random_string}.

In order to be eligible for the prizes and be a part of the competition, you must follow the following rules:
1. Do not attack the infrastructure. If you find a problem with one of our tasks, please report to us.
2. You are not allowed to intercept the traffic of other teams or attack them. Any attempt to cheat on the contest will lead immediately to disqualification.
3. Only team members that are present to the CTF location can be part of the contest. If you ask other people for help, or ask for solutions online, you will be disqualified.
4. We will not score unintended solutions. We will ask you how you solved each task, and if the solution is not the correct one, we will take your points from the scoring platform. We may, instead, give some bonus points or extra hints to those who report unintended solutions.
5. The points that you receive on the scoring platform are valid only if you solved the task and know how to explain us the solution. If you take flags from other teams of someone that is not present at the CTF location solves the challenge for you, you will be disqualified.
6. Don’t ask for hints in private. We will only give hints that are available to all the teams.
7. Submit the flag as soon as you finish a challenge. If you submit all the flags at the end of the contest we will assume you didn't have time to work on all the tasks at once.
8. In case two teams have equal scores, the team that got to that score first will have the advantage.
As we all love practical security and challenges, we are going to organize a CTF (Capture the Flag) contest during the OWASP Bucharest AppSec Conference 2017. There are two phases:
  • qualifiers: will take place online on Saturday, 9th of September 2017, from 10am to 10pm EEST (Bucharest time, UTC+2); the first ten teams will join the finals
  • finals: will take place on the conference site on Thursday, 12th of October 2017, 9am to 5pm EEST (Bucharest time, UTC+2)

In order to take part in the CTF contest, you have to register a team of maximum 5 people. In case you are part of the finals, you need to be at the conference location. The first three teams will be awarded prizes.

The OWASP CTF is targeted at beginners. Its difficulty level is rather easy. If you're the kind of team competing at world-stage CTFs, we kindly ask you to let the beginners hone their skills in the CTF.

Let's get cracking!