[LinXitoW]

This is suprisingly fun. At first, you feel like a badass, reading the documentation for every function call, googling for exotic bugs. Then you feel like a total idiot when you notice how simple it actually is. Finally, you laugh at people in the IRC because you know exactly how stupid they feel.

[FuzzyDunlop]

The most frustrating thing was knowing exactly what the exploit was, but not quite getting how to take advantage of it.

[eli]

Yeah... I can't believe I spent time looking for something wrong with the HMAC used for session cookies. Also, I'm pretty sure I solved #5 the "wrong" way since it didn't actually involve the hint they gave.

[A1kmm]

I didn't use the Level 2 server for #5 either (although I did for #8) - so I suspect that many people solved it the same way.

[staunch]

Yup. Kept overthinking it. Oy.