1. all kinds of DoS activities (i.e., too many process/file creation, or network access) are forbidden.
there is no challenge which requires *excessive brute-forcing*. the intended solution always gets you the flag in less than a minuet |
2. if you find any unintended bug or system deficiency, please report admin. you will be thanked and get some credit |
3. challenges in Toddler's Bottle are allowed to freely post the solutions online. However, please refrain from posting solution for challenges in other categories. But if you insist, post easy ones (solved by many people) and do not spoil too much details for the sake of fun. |
4. you can ask/answer hints for challenges in IRC, but again, don't spoil too much |
5. all challenges are solvable. but if you think something is wrong, feel free to report admin |
6. google is the best teacher in the world, but if you are hopelessly stuck, feel free to contact admin or IRC for advice |
7. difficulties of pwnable.kr is orders of magnitude easier than top class CTF such as DEFCON CTF or real world hacking contest such as PWN2OWN |
jonathanxz22 : reporting server vulnerability (weak password) |
N1kasu, martin : reporting server vulnerability (local privilege escalation) |
veritas501 : reporting configuration error that allows unintended access for all QEMU-based tasks |
haber : reporting multiple vulnerabilities in configuration |
afang : reporting unintended solution (dos4fun) |
debukuk : reporting CSRF vulnerability on webpage |
yelang123 : reporting XSS vulnerability on webpage |
5unKn0wn : reporting unintended solution (pwnsandbox) |
Charo : reporting web server configuration error |
martin : reporting server vulnerability (local privilege escalation on proxy-server challenge) |
bla : IRC channel support |
neomant : reporting site management mistake (information disclosure) |
null0 : reporting site configuration error (duplicate flag authentication) |
acez : reporting server configuration error (unintended access for all QEMU-based tasks) |
sweetchip : reporting server configuration error (unintended ssh access) |