Hello hackers!
Thanks to all of you who participated in our #h1415 CTF! We had a lot of fun building it, and it looks like many of you had a great time participating. As promised, our two winners will be sent to San Francisco for our live hacking event, h1-415! The first five participants who found the flag and submitted a valid write-up will receive a care package including a HackerOne hoodie!
On January 15 at approximately 13:37 PM, our co-founder, Jobert Abma lost access to his account, so we asked our community of hackers to give us a hand in recovering our top-secret documents. Here’s how it went down:
h1-415 CTF activity
- The first submission came in about 24 hours and five minutes after the initial launch
- 47,152,011 requests processed by the server
- Total number of chat messages: 25208
- Unique IP addresses: 6349
- Accessed Jobert’s account (account takeover): 35 people
- Bypassed CSP: 18 people
- Finished the CTF: 14 people
…and of course, it’s not a CTF unless somebody finds an unintended solution:
- Unintended solutions for ATO: 1 (extra flag)
- Unintended solutions for CSP bypass: 1
The criteria we judged each report on
- Creativity
- Completeness
- Coherent story
- Tools used
Drum roll, please…..
The winners of the h1-415 CTF are:
Here are all of the valid submissions sent to us on HackerOne. Thank you to everyone who submitted! And special thanks to @0xacb for all that you did to make this one of our most successful CTFs to date.
If you have any questions or feedback, please email us at live-hacking@hackerone.com
Congratulations to our winners, and we look forward to sharing our next CTF with you!