I cant get past noob filter, i get access to WAF but i dont know what to do after that..

http://www.securityfocus.com/archive/1/508124/30/0/threaded  < i dont understand this..

Anyone else from EHNet pwned phase 1? I see Ketchup and xXxKrisxXx only.
I'm still not able to authenticate to the website.

I've tried for a bit last night. And now I'm gonna try again lol. Don't have much time for this, cause of exams going on.

I'm not sure if I should look for some server misconfiguration or bypass the login script 

Oh lol, didn't realise I was actually hitting the WAF

I just want to pwn the noob filter now 

I officially got my butt kicked, big time, and I loved every minute of it.   I thought it was a tough challenge, although I expected nothing less.   I realized how weak my FU is and how much work I need on exploit development.  If nothing else, this should motivate me. 

There were a few EH.net members in IRC, trying to get through it.  Hopefully everyone had a blast like I did.

P.S.  Mark, I read your article (and the links your provided) on SEH Exploits about 10 times this weekend.  

Congrats Ketchup

It was fun, but totally kicked my butt too.  Never got past phase 1.  I didn't get much time besides Saturday morning and a little while Saturday evening to spend on it, though I did spend all weekend thinking about it.  Now I know I need to focus some study on exploiting web apps. 
On another note, I managed to get through the Google Code Jam qualification round, so the weekend wasn't a total loss!

Well the annoying thing was that I pretty much had the solution to phase 1 thanks to What90. Lag prevented me from getting a HTTP response from the exploit  There were a few slots left and I just didn't make it.

I learned something from this though. I was trying to bypass the filter by HTTP Parameter Pollution. So I was skipping through PDF's and PPT's trying to learn as much about it as quickly as I could. Also tried a bunch of other SQL Injection vectors. And in the end I was thinking far too difficult. Though the HPP techniques will come in handy in the future perhaps

Perhaps Ill see if I can install dotDefender and try the exploit in a lab environment And I've heard there will be another contest like this in the future, so hopefully my Fu will be stronger by then