Daniel Fone

Ruby/Rails Engineer

Laziest possible solutions for Stripe's CTF

January 2014

A good programmer is a lazy programmer right? Here’s my solutions to Stripe’s latest CTF. I’m almost embarrassed how stupid some of them are, but at the end of the day, results matter.

Level 0

Converted array to set for fast lookups.

https://github.com/danielfone/stripe-ctf-level0

Level 1

Simply move the while loop into a single ruby process and use Digest::SHA1. Slow, but fast enough to beat the level. This is the only level I had to write proper code for.

https://github.com/danielfone/stripe-ctf-level1

Level 2

Exploit the fact that the test uses a fixed number of requests (and many more for “elephants” than “mice”), and limit each IP to 10 requests.

https://github.com/danielfone/stripe-ctf-level2

Level 3

Friends don’t let friends use scala.

  • Set up a basic sinatra server to implement the API
  • Shell out to grep to do actual searching. Single node, no index. O_o

https://github.com/danielfone/stripe-ctf-level3

Level 4

I was fortunate enough to reach this level early, and pass it before Stripe improved octopus. As such I passed it with my first attempt, simply by removing the failover (node0 becomes Single Point of Failure) and forwarding requests from the secondaries to the primary.

The remaining commits are my futile attempts to pass this level after the SPOF check was added to the tests. Looking at the code for successful solutions, I can see I was on the right path but needed to invest more time into making my command forwarding more robust.

https://github.com/danielfone/stripe-ctf-level4

comments powered by Disqus