Skip to main content

NahamCon 2025 CTF: Scripts, Struggles, and Small Wins

· 2 min read

This weekend, I competed in my second Capture the Flag event with the Hack Smarter team at NahamCon 2025, and we placed 92nd out of 1,721 teams!

The Butterfly Effect of Learning

My 7th-grade science teacher once shared a metaphor that stuck with me:

If someone is struggling to answer a question and you answer it for them, that's like helping a butterfly break out of a cocoon. You may think you're helping, but you're actually doing them a disservice. It's the struggle that makes them stronger.

That perfectly describes what I love about working with the Hack Smarter team. Even after someone captures a flag, they give just enough hints to let others figure it out on their own. It's an awesome learning experience.

CTF Wins (Big and Small)

This time around, I managed to solve three challenges, and I was tickled pink because each one involved techniques that were brand new to me.

Blind NoSQL Injection (Python FTW)

One of the web challenges required a blind NoSQL injection. I started off brute-forcing the flag character-by-character, but I took a break, stepped back, and used a Python script to automate the process.

WebSockets + JavaScript = 2 Million Boxes

Another web challenge used a WebSocket connection and required me to check two million boxes to retrieve a flag. I used a JavaScript script to communicate directly with the server over the socket and automate the process. No manual clicking necessary.

Groovy Scripting in Jenkins

For a DevOps challenge, I explored the Jenkins Script Console and used a Groovy script to extract the flag. Groovy was a new language for me, but its similarity to Java made it fun to explore under pressure.

Key Takeaway: Code Is Power

Scripting is a godsend in CTF competitions! This weekend encouraged me to sharpen my coding skills, and I learned a ton by diving into the Python, JavaScript, and Grovy docs.

Thanks again to the Hack Smarter team for the collaboration, support, and the space to struggle, learn, and grow. I can't wait for the next one!