Share this post on Twitter

Capture the Flag: Wrap-up

Andy Brody on March 19, 2012

Update: We've also posted downloadable Stripe CTF disk images, available by direct download or BitTorrent.

You're free to use the disk images to do your own cool things. The Stripe code on the disk images is licensed under a BSD license. Third party code included in the disk images is subject to its own license, which is included. We'd appreciate you letting folks know where you got the original code and we'd love to hear what cool things you're doing (but that's up to you).

Janos Gyerik has also created a Live CD image of the Stripe CTF that makes it even easier to get started.

We ran a capture the flag security challenge a few weeks ago. Expecting only one or two hundred people to look at it over the course of its week-long run, we were blown away when we found 900 simultaneous users logged in just a couple hours after we launched. Thanks for bearing with us while we provisioned more servers to handle the load.

Simultaneous users over time

Our users were largely anonymous, but we had people log in from 12,000 unique IP addresses. Among them we saw everything from startups and security firms to major universities and Fortune 100 technology companies. It was awesome to see participants hailing from all around the world.

By popular demand, we've created virtual machine images that you can use to run your very own Stripe CTF server. They're available in the Amazon Web Services us-west-1 and us-east-1 regions as AMIs owned by account 928171847254. When you log in as user ctf, you'll see instructions on how to get it up and running. We recommend using VPC so you can set outbound firewall rules.

I've posted the slides from my short security talk given at the meetup and the source code of each level. Several people have posted their solutions online. You can find more by searching for the final password: theflagl0eFTtT5oi0nOTxO5.

To the 250 people who solved every level and captured the flag: congratulations, your T-shirts will be in the mail soon! To everyone else who participated: we hope you enjoyed it as much as we did.