Suceava CTF USV

The CTF-USV (“Capture The Flag” – Suceava University) contest is intending to mobilize the energies of universities students, their knowledge and abilities on hacking informations systems and applications in an controlled and challenging environment.

The main objective of this competitional event is to encourage students to develop their skills, to train and exercise both intellectual and practical abilities in Information Security field - as future specialists.

Students from academic institutions are invited to participate in the third International Students Contest in Information Security, CTF-USV. The contest, organized as a CTF competition (Capture The Flag), is based on solving various challenges by exploiting weaknesses and vulnerabilities of web applications and operating systems in a limited time interval and inside a controlled data communication environment.

---

During the Suceava CTF-USV competition, UVTCTF participated and achieved the performance of finishing on the 3rd place. Unlike traditional challenges, the event focused on box-style tasks similar to Hack The Box. We managed to capture all but one flag by leveraging techniques such as identifying an entry point, followed by exploiting a stored XSS vulnerability to gain initial access. From there, a forensic analysis was needed to extract a password and establish SSH access. Progressing through the challenge, we performed lateral movement and pivoting to another Docker host. On this host, we discovered an SUID binary, which we exploited using path hijacking to escalate privileges and gain root access. For a more in-depth look at our course of action stand by for an upcoming write-up.