Compromise the TP-LINK TL-WR1043ND by 6:00 pm and receive a $25 Amazon Gift Card and One No Starch Press Shot Glass!


Show up and show off. This live CTF will run for the duration of Toorcon. Compete to complete over 10 objective-based attack scenarios against (possibly) known vulnerable routers to earn points. Scoring will be based on the number of objectives achieved. Some more difficult than others.


1. Contestants may compete individually, or as teams.
2. Your team will be granted a single switch port; equipment supplies may be limited, so we suggest you supply your own network cables and personal switches.

How to Play

The objective of the game is to take control of the various routers and pull a flag off of the router. In some cases in order to obtain the flag you will need root access and a shell on the router.

To play, you must connect to the contest LAN through one of our switches. Your team gets one port, but you can use as many devices as you'd like providing your have your own switch. One of the routers will assign you an IP address, and all of the routers will then be accessible.

If you notice that a router is not responding, someone may have crashed it. Notify a contest staff member and they will reboot the device.

At scheduled times, certain routers may be taken offline in order to demo an exploit for Track 0. Just deal with it.

As bizarre as it sounds, we ask that you please abide by an honor code and to cooperate with other teams during the contest. This will keep the contest running smoothly, and not require us to disqualify any teams.

  • You're not obligated to, but consider coordinating your hacking with other teams. There are limited routers, and it would be better for all if you know who else is hacking the same router as you. It will avoid your own confusion in debugging attacks.
  • Once you've compromised a router and submited your flag, please leave that device alone from there on. Do not keep hacking it! Give others a chance to win as well. We'll be watching, and we'll disqualify anyone who appears to be disrupting the contest intentionally.
  • Do not DoS the network, attack other contestants, or otherwise disrupt the contest. We will disqualify you.
  • We're trying to have a lot of fun with this. We want you to be very competive, but respectful at the same time.

Here is a list of the flags you need to submit, and their values.

  • RT-AC66U - 3000 points - md5 hash of /dev/mtdblock2
  • F9K1194 - 1000 points - md5 hash of the admin password, and screen shot of the system settings page
  • F7D7301 - 1000 points - md5 hash of the admin password, and screen shot of the system settings page
  • F5D8236-4 - 2000 points - md5 hash of the admin password, and screen shot of the system settings page
  • DIR-865L - 7000 points - md5 hash of /dev/mtd0
  • EA6500 - 6000 points - md5 hash of /dev/mtdblock0
  • TEW-812DRU - 3000 points - md5 hash of /dev/mtdblock0
  • TL-WR1043ND - 8000 points - md5 hash of /dev/mtdblock1
  • WNDR4700 - 1000 points - md5 hash of /dev/mtd1
  • WNR3500 - 7000 points - md5 hash of /dev/mtd1

To submit your flag, send an email to sohopeless@securityevaluators.com with the subject FLAG, and the body containing Team Name, Router model, Flag value.

We're a little manual this year, so be patient and we will either accept or reject your flag as quickly as we can.


Prizes are limited! There will be only 1 first, second, and third place winner, and other prizes will be given while they last. If there is a tie, it is the first to reach that score who is the winner.

First place. Must score +32,000 points.

  • Amazon Gift Card
  • Trophy

Second place. Must score +23,000 points.

  • Amazon Gift Card
  • Trophy

Third place. Must score +17,000 points.

  • Trophy

Non-placing, high acheivement. Must score +4,000.

  • 3x event backpacks with some gear

Non-placing, achievement. Must score.

  • T-shirts! ... and recognition


Scores will be tallied live as flags are submitted.


Available team slots may fill up, so be sure to register early. To register for track 1, please fill out the registration form located here.

Check out our awesome sponsors!

Independent Security Evaluators, ISE, SOHOpelessly Broken and associated logos are registered trademarks of Independent Security Evaluators, LLC. All other materials on this site are free to use under the Creative Commons Attribution License.