Picture this: it’s 2022. The holidays are over. Our bellies are a few pounds heavier than before (ok, maybe more than a few). And no one remembers how to do their job.
But you know what we DO remember? The Bugcrowd TeamHunt2021 Challenge! 15 teams, countless memes and 1 cash prize. With Bugcrowd’s collaboration in tow, tons of you joined forces to bring down some epic bugs. Ultimately, only one team reigned supreme.
This was an intense event. What made you want to put a team together and participate?
B(bsysop): A challenge is always interesting and also we thought it could be fun (And it was).
R (Restricted): We love challenges, and it was an incredible experience.
Where did the name Retired Hackers come from? It’s safe to say you’re not retired since you just won the event!
B: We were making jokes with different names, “Los Pollos Hermanos”, “Taxi Drivers”, “P5s” and then we thought that “Retired Hackers” could be a cool name, nobody would blame some retired hackers =D
I personally love “Los Pollos Hermanos”. Do you do things outside of hacking together?
PR (P3t3r_R4bb1t): No. All team members are on a different continent, so it is quite challenging to do some in-person or other virtual activities outside of that event.
We love watching researchers do their thang. What inspired you to become a hacker?
DWH (DogWhoHacks): I wasn’t any good at building software, but I was pretty good at finding where it was broken and looking for ways to turn features into security issues.
S(sw33tlie): When I was a teenager, I used to code PHP websites for fun. One day, I woke up and realized one of them had been hacked: there were Turkish memes on the homepage!
I had no security knowledge back then, but I started to investigate how that happened and later figured out the hackers leveraged a flawed file upload script to upload a webshell.
That was when I realized breaking things was way more fun for me…especially when you can do it legally and get paid!
PR: I always loved to break things down or find loopholes everywhere. However, I’ll blame Hollywood with their cult movies like Hackers or Operation Swordfish for the final inspiration. Breaking into government or corporate systems looked so great in these movies. Turns out, several years later and after lots of learning, my day job was to compromise such systems (legally of course!!).
R: Ever since I can remember, I’ve loved computers. Around the age of 13 years old, I became interested in the cybersecurity field. In the beginning, I experienced difficulties while trying to learn about web applications and their related vulnerabilities as I didn’t have any prior knowledge of web development or programming skills.
Those are great stories! Working on a team is so different than working solo. What is the best part about working on a team?
PR: It is different indeed, but I personally found it quite entertaining. While we were all hunting on different programs, bug types or applications, we could always take a break and chat to each other on different subjects totally unrelated to the event. For instance, restricted proudly showed me the weather in his country (it was literally 20 celsius at that time) while at my current location, we just had a casual snowstorm (10 cm of snow).
That is a huge shift in weather between you two! You know what’s coming next; what difficulties did you run into with your team? How did you overcome them?
B: We didn’t really have much, collaborating made everything easier, sometimes we found a potential bug which was almost an RCE and the other member found the perfect payload for the final exploitation.
We saw a huge amount of submissions come in during this challenge. You all were really working hard! What did your day typically look like during this event?
B: We were all in different timezones, every morning we had insights to review, sometimes someone in the other timezone went to sleep with a track to investigate or ideas to keep digging, so we try to work on the most potential bugs.
S: Eat, sleep, pwn, repeat! (and memes).
Now that’s what we call “round-the-clock coverage”. How did you take care of yourselves during this event? Do you have any hobbies outside of hacking?
PR: While this event was challenging, it did not negatively impact our collective mental health. We simply kept our focus on the end goal at all times. About hobbies, since I have a quite busy schedule with my day job, bug bounty hunting is literally the only hobby I have time to do outside business hours.
B: Sports and music are my way to relax, it helps even to have new ideas and find more bugs.
Five personalities, five schedules, five everything. How did you all coordinate efforts?
DWH: We ran an active slack channel.
PR: We all live in the same elderly home, so it was very easy for us to coordinate while playing bridge or eating our buffet dinner (kidding).
At my elderly home, I stick to the tapioca pudding. You know…cause all my teeth are gone. What was your most impactful bug?
B: During the event we found multiple RCEs, SQLis and Authentication Bypasses, but the coolest one was a Full-read SSRF which gave full access to the company’s source code repository.
What was your strategy going into a collaboration challenge?
B: We all have unique skill sets, so the main idea was to let each one hunt by himself, after one member finds something interesting, he brings that to the team and based on that we could join that research to dig a bit more together or give some support with side tasks.
Do you have any tips for researchers that want to start collaborating?
B: Join someone you like to work with, enjoy the journey and give your best.
S: Don’t be greedy when collaborating with other researchers. People are more important than earning a few extra bucks.
R: There is no room for ego while collaborating. Don’t be ungenerous to other researchers, and always remember that sharing is caring!
Please forgive how corny this is, but teamwork makes the dream work. Have you learned anything from your fellow team members?
B: All my teammates are rockstars, during the event everyone brought a new technique or idea, it definitely improved my approach to targets.
PR: I really learned a lot from the team and appreciated their open mind about sharing parts of their trade secrets, especially on how to approach large scope programs.
R: I enjoyed collaborating with each of my teammates and learned a lot from them. We had a case where I found a possible XXE vulnerability but couldn’t find a way to cause the XML parser to initiate an HTTP request to my machine. The remote web application sent only DNS queries to my host. I shared the details with my team, and nukedx came with a brilliant idea to exploit the XXE vulnerability chaining it with internal SSRF vulnerability. This is the beautiful thing in collaboration, everyone has another way of thinking, and in my opinion, we complete each other like a puzzle.
We’re dying to know; got any big plans for your winnings?
DWH: It isn’t fun or exciting, but I will split 50/50 – half of it goes to local charities and nonprofits, and the other half will be invested.
Charities!? Ugh, the Retired Hackers are smart, supportive, strategic AND thoughtful. I would’ve already blown half my earnings on lottery tickets. All jokes, friends.
We want to give a huge thank you to the Retired Hackers and every team that participated. It was a nail-biting event to witness, full of laughs, thrills and supportive collaboration. To learn more about our easy collaboration feature, check out our blog. And hey, don’t forget to stay current on news and announcements through our Twitter and Discord.