1. Crack Me 1 (100 pts): strings
2. Crack Me 2 (300 pts): rot
3. Crack Me 3 (500 pts): xor
4. Wargame (200 pts): 7-level web challenge, up to an SQL injection
5. Advanced Injection (400 pts): "blind" SQL injection, but you had errors displayed - use either group by trick, or ExtractValue() since it was supported by the MySQL version. Using sleep/benchmark methods was wrong (in addition to DoS the challenge).
6. File Transfer Daemon (300 pts): we were given the source code and IP/port of a running FTP daemon, and instructed to retrieve the secret file of another user without knowing its password. At the end of the competition, we learned that it was a modification of RuCTFe 2009 "F" challenge (Mark from 0ldEur0pe wanted to thank HackerDom and is sorry for not asking about reusing the code): multiple vulnerabilities, so multiple solutions - my fav' is the remote code execution via pickle ;) See the small FTP client library I implemented (client.py), and different ways to solve the challenge (solve.py).
7. File Transfer Daemon, advanced (600 pts): same context, but we had to retrieve a secret file in the ftp users home directory. Again, multiple solutions (see previous file).
8. Forensic Challenge (800 pts): we were given a network dump file and asked to answer to the following questions:
   • What's wrong with awempire.com?
   • Who plays blackjack?
   • Where's Marvin the Martian?
   • What is the name and type of the file which MD5 sum is 854237a305da92fef796431848d3eaad?
   • What happened at Fort Lauderdale?
   Answers had to be sent by email to Guillaume who would then rate the answers and give points accordingly. Note: the network capture is using Wireshark's pcap-ng format, not yet recognized by tools like NetworkMiner. Workaround is to open the capture with a supported version of Wireshark and export it in classic format.