|Timestamp||Nick||Source URL||Language||Cleanliness||Efficiency||Comments||Blog URL|
|8/29/2012 15:06:17||pepijndevos||https://gist.github.com/ecd0e0e20c6cd72f91c3||Python||4||5||hit the deadline in the middle of the final run|
|8/29/2012 15:06:43||lukegb||https://github.com/lukegb/Stripe-CTF-2.0/blob/master/level8/pingit_recvit.go||Go!||3||7||IT'S AWESOME! ;)||https://github.com/lukegb/Stripe-CTF-2.0/blob/master/level8.md|
|8/29/2012 15:06:48||IntruderAlert||https://gist.github.com/3d9730a3793eb5e0bc90||Python||6||5||It took 15 minutes on Friday when there were less people on the servers, but 55 minutes on the last day of the CTF.|
|8/29/2012 15:07:46||IntruderAlert||https://gist.github.com/f1128ad7ab3f8689c04d||Assembly||1||1||Assembly attempt - unfinished due to real life|
|8/29/2012 15:09:02||luna||http://pastebin.com/X3naehw5||Python||5||4||It works!|
|8/29/2012 15:13:20||Matt Fuller||https://github.com/matthewdfuller/stripe-ctf-solutions/blob/master/level8/exploit.py||Python||2||3||Awesome challenge. Check my blog for detailed level-by-level walkthroughs and explanations.||http://blog.matthewdfuller.com/2012/08/stripe-capture-flag-level-by-level.html|
|8/29/2012 15:17:01||nion||http://pastie.org/4612069||Python||5||4||works :)|
|8/29/2012 15:18:46||Foo||https://github.com/abrinsmead/Stripe-ctf-2-level-8-solution/blob/master/level-08-solution.py||Python||5||5||This was designed to be conservative and just get me the password on the slow 8-2 server I started with. I eventually had to switch to 8-3 to capture the flag. The script could be made much faster with a little work.|
|8/29/2012 15:25:11||jcromartie||https://gist.github.com/92896a3af1c9aa43da67||Python||6||3||I think the code is pretty clean. Nothing too hacky except kicking off a HTTP POST in a thread and doing socket.accept() immediately, and counting on that to work.|
It may be possible to make this concurrent.
|8/29/2012 15:40:41||atox||http://pastebin.com/RqV2A9KY||PHP||2||2||Quite dirty, had to add in flush() because of the php5-cgi that I was using and not even sure it is the latest version I used. But it worked||http://www.mindloop.be/stripe-ctf-security/|
|8/29/2012 15:48:34||originalcamper||https://gist.github.com/3517422||Ruby||3||4||Ended up including net-http-persistent to speed up reqs. ~150 LOC without it.|
|8/29/2012 15:50:10||Douglas||https://gist.github.com/3517847||Ruby||4||5||Not fully automated... needs patched as each chunk is solved. But uses a single HTTPS connection, which makes me think it must be efficient, right?|
|8/29/2012 15:50:11||rm_you||http://pastebin.com/TVszNfv1||Python||5||5||For the record, I didn't even know how Python global variables worked before I wrote this... I needed to get it running quickly, and not deal with huge argument lists. :)|
Still not a parallel solution, but it will figure out chunks 1-3 on its own, one at a time. It doesn't exit properly, but who cares... I know I didn't! :)
The final chunk was solved with this simpler script (and I watched it like a hawk):
|8/29/2012 15:50:16||pettazz||https://github.com/pettazz/Stripe-CTF-2.0/blob/master/8/comm_4.py||Python||5||3||This was revision 4 when I was just about ready to give up. The threaded versions look more awesome but don't even come close to working. Facepalms all over the place.||http://pettazz.com/2012/08/24/capturing-the-flag/|
|8/29/2012 16:02:08||x616d726b||http://pastie.org/private/e8ieskfe1lz7jcp6ixzaxq||Python||3||2||It was horrible. :(|
|8/29/2012 16:14:33||axisK||https://gist.github.com/3518251||C++||1||5||Really really really bad code quality and horrible threading, I haven't actually written anything in c++ before this. Ran in around 1.5 minutes per chunk and 2 minutes for the last chunk for which I commented out the file writing and just looked at the output|
|8/29/2012 16:36:47||useware||https://gist.github.com/3518444||Go!||7||6||This is my first Go program and I tried to explore as much Go sugar as I felt appropriate. I might do a post/tutorial about the code later. Comments on the gist would be nice :)|
|8/29/2012 16:44:54||Shadow6363||https://gist.github.com/3507384||Python||5||4||I'm working on improving the efficiency and I don't know Python all that well.|
|8/29/2012 18:08:05||miton||https://gist.github.com/3519510||Python||3||3||my first one was a lot better, but used twisted so I could not run it on level02 so I bastardized this together quickly|
it actually gets decent requests/second to the point you need to put the sleep in to keep the sync (which it doesn't even actually really bother to try to keep)
it still works but takes a while and it really conservative
I would not recommend reading it as it has no value itself
|8/29/2012 20:24:37||phobot1||https://github.com/pkallos/stripe-ctf2-level08||Go!||2||6||First GO program, ugly but performs okay.|
|8/29/2012 23:04:49||eevee||http://paste.pound-python.org/show/XVsuIyr0pmBX24Fy1YOQ/||Python||5||5||it is exceptionally mediocre.|
also i am very sorry about the hard tabs. level02 didn't have my .vimrc and all. i bring shame upon my entire family.
|8/30/2012 0:22:26||Daegalus||https://gist.github.com/6939e3c74023acad4215||Python||4||3||I don't get to use Python often, as much as I enjoy it. So lots of messy and poor code. But it worked. Except for the final iff statment. Its missing an str() and fails when it needs to print out the last 2 lines. Luckily you still get time to see the last number.|
|8/30/2012 1:44:45||rokoteko||http://p3m.org/pfn/162||Perl||4||6||Since there was no Perl submissions I decided to add this.|
The code is pretty fast, it was developed when load was very high. Uses async requests through sockets (no http module) to post the queries. Set's TCP_NODELAY on the sockets to make it faster.
Divides the requests to chunks of 100 to avoid the max: 100 of keep-alive, which I didn't figure out how to reset.
So it sends 100 password using a single socket, then re-creates sockets, send another 100 etc. And because it's built in async fashion the requests go out immediately and then we just wait for responses.
The code could be re-factored a bit more and lack all documentation and has only a few comments, which can make it more difficult to understand. But I think in overall it's pretty clean to be async socket code written in perl.
Only does one chunk at the time, you have to reconfigure for the next chunk(s).
First time I used IO::Lambda (for the async requests) and gotta say it's pretty sweet.
|8/30/2012 3:22:06||MaikuMori||https://github.com/MaikuMori/finalfloor||Go!||6||6||Should be quite fast ;).|
|8/30/2012 5:46:40||simon||http://pastebin.com/vzpm4baP||Python||4||5||A further improvement is/was to use a persistent HTTPS connection to the stripe server.|
|8/30/2012 5:48:24||luks||http://blog.sploit.de/2012/08/26/stripe-ctf-level8/||Python||6||6||it just werks (if you have the requests module installed :))||http://blog.sploit.de/2012/08/26/stripe-ctf-level8/|
|8/30/2012 8:51:14||TvdW||https://gist.github.com/38c0430b5084f8442858||Python||6||7||It's pretty fast - uses SSL sessions, optimally only 1 call per option, it's all in one script, etc. The 4th chunk could've been faster though.|
|8/30/2012 12:35:06||Bootvis||https://gist.github.com/3532498#comments||Python||2||2||Don't judge me :(|
|8/30/2012 17:42:29||ancat||https://github.com/ancat/level8-solution/blob/master/chunky.py||Python||7||4||The only solution I've seen that doesn't run an HTTP server and doesn't use threading. And it still works pretty good!||http://sec.omar.li/2012/08/stripe-ctf-writeup.html|