This repository is for collecting the ctf events which our team had joined including official writeups and attachments.And this README's contents are mainly about these challenges' descriptions.OK,let's go!
499 author: essor. Flag format: ping{.*}
Calculators are cool, right? I have made a simple one for you. It's not perfect, but it works. I hope you will like it! Some people say that it's not secure, but I don't know what they mean. I have tested it on my Windows 10 and it works like a charm!
500 author: essor. Flag format: ping{.*}
Doubly secure double secret double signature file signing application! There is so much secrets you probably will need help from your crypto pals. Please solve challenge locally before trying it on remote.
!!! Please solve challenge locally before trying it on remote !!!
Note: Set this challenge locally and log in with credentials admin:admin on localhost:3000.
50
author: mobaradev
Flag format: ping{.*}
Can you run Internet Explorer on Linux?
https://internet-explorer.knping.pl
author: tomek7667
With AI we are entering a new era! Join us in this exciting journey with our visionary app!
When solving this challenge a new one will be unlocked which is a sequel to this one.
https://i-see-no-vulnerability.knping.pl/
491 author: tomek7667
Flag format: ping{.*}
Did you know that Robert J. Kubica has birthday on 7.12?
50 author: tomek7667
Flag format: ping{.*}
Can you pass the path traversal exam? š There might be some requirements tho for your specie...
https://path-traversal-101.knping.pl
499 author: tomek7667
Flag format: ping{.*}
I hate backend so much as it's very hard to write it securely. Fortunately nowadays there are plenty of ready to use and secure out of the box solutions.
50 author: tomek7667
Flag format: ping{.*}
Welcome the the 3rd edition of pingCTF! Make sure to read the rules and then grab the first flag! discord link
50 author: mobaradev & P1T4G0R45
Flag format: ping{.*}
Watch the PING CTF 2023 official trailer and find the flag!
500 author: mobaradev
Flag format: ping{.*}
Beat the rigged arcade game and get the flag.
50 author: Dawid Åuszcz
Flag format: ping{.*}
This is the hardest reversing challenge I've ever met!!! Can you please help me? It even has source code attached to it.
31201020812a2cc96988054c9661143d.zip
289 author: tomek7667 Flag format: ping{.*}
I heard that there are is no official nc for windows and I love this OS! Fortunately, my black hat hacker colleague has sent me his forged copy that he intercepted from other hackers which have intercepted it from others and that from others... I don't know how many times it was intercepted but it works! I have tested it on my Windows 10 and it works like a charm!
500 author: essor
Flag format: ping{.*}
Our university created a new quiz system. It's very secure, so we can't cheat on it. We can't even see the possible answers and the questions don't make sense to me anymore. I suspect that our professor is choosing the answers randomly... Can you help me?
nc quiz.knping.pl 20003
418 author: tomek7667
Flag format: ping{.*}
This game is AWESOME! But I can't win with the opponent.. He simply has too much money. I suspect he cheated in the past.. Can you help me beat him?
nc wow.knping.pl 20001
448 author: tomek7667
Flag format: ping{.*}
That's a quite musical robot! Can you convince it that you are a robot too?
nc you-spin-me-round.knping.pl 20000
50 author: P1T4G0R45
Flag format: ping{.*}
In the late 13th century, the renowned mathematician name missing lay on his deathbed. Before his passing, he decided to leave a cryptic message on his grave, an enigmatic sequence of numbers. These numbers appeared to be unrelated, lacking the characteristic pattern.
As time went by, mathematicians and scholars puzzled over these seemingly random numbers, attempting to decipher their meaning. It became a mathematical mystery, a challenge to uncover the hidden message left by the brilliant mind of a mysterious person. Despite numerous attempts, the code remained unbroken.
To this day, the numbers on the grave of this mysterious person continue to perplex and intrigue those who come across them, a testament to the enduring legacy of a mathematical genius who left a final puzzle for the world to unravel.
The photograph of the grave:
495 author: essor.
Flag format: ping{.*}
Breaking RSA is easy - right? Just factorize the N
bb7c2689669cf08f9c315c708ec721ae.zip
147 author: P1T4G0R45
Flag format: ping{.*}
You've received a cryptic message from your boss at the company. Apparently, your aggressive demeanor has raised concerns, and your paycheck is on hold until you decipher the hidden magic message.
9cddbd472fe3ad694468f3799cb80e08.zip
50 author: P1T4G0R45
In this challenge, your school teacher dismissed your abilities by calling you a lame loser. Now, you have the chance to prove her wrong by showcasing your skills in solving equations of the form ax + by = 0. You already know x,y! If you get a,b you can decrypt ct.
418 author: P1T4G0R45
Flag format: ping{.*}
You've stumbled upon an encrypted message from the past, a mysterious code left behind by a figure from history. Your mission is to unravel the secrets hidden within. The code seems to be a form of ancient encryption, rumored to have been used by historical figures to secure their confidential messages.
Attached to this challenge is an enigmatic image that may provide you with clues to crack the code. Delve into the realm of cryptic communication and use your skills to reveal the hidden message. The encryption method involves the manipulation of alphabetic characters, a technique that has intrigued cryptographers throughout history.
Take a closer look at the accompanying image; it might hold the key to unlocking the encrypted text. Your goal is to decipher the hidden message and discover the wisdom or intrigue concealed within this historical enigma.
Note: The image does not contain anything necessary for the solution.
50 author: P1T4G0R45
Flag format: ping{.*}
Welcome to the "private-conversation" challenge, where you find yourself in the role of a cryptanalyst facing an intriguing encrypted message.
Scenario
In the midst of your cryptographic investigations, you stumble upon a fragment of a conversation that appears to be encoded in a highly unusual and complex manner. The content of this conversation could potentially hold significant information or secrets.
Your challenge is to decrypt the message and reveal its content. The fate of uncovering valuable information lies in your decryption skills. Can you decipher the message and unveil the hidden message within?
406 author: P1T4G0R45 Flag format: ping{.*}
Our team intercepted an machine from the enemy, but it suffered damage during transport, causing rotor and plugboard disarray. Your mission is to reconstruct the machine configuration, determine the missing plugboard connection, and decrypt the given ciphertext. Key components:
Rotors: BDFHJLCPRTXVZNYEIWGAKMUSQO, AJDKSIRUXBLHWTMCQGZNPYFVOE, EKMFLGDQVZNTOWYHXUSPAIBRCJ Reflector: EJMZALYXVBWFCRQUONTSPIKHGD Partial plugboard image provided. Ciphertext: dvgs{atrpwb_pxr_mwqlqrxsqggc_crsrv_xiwdtyu_fdp}
500 author: essor.
Flag format: ping{.*}
Somebody once told me... But I don't get it.
nc shrek.knping.pl 50000
500 author: essor.
Flag format: ping{.*}
Can you prove your excel skills? Copy the document and find valid flag!
Checkout my sheet here
500 author: lexu
Flag format: ping{.*}
Bajtek, the coding daredevil, stumbled upon semi-legal access to GTA VI's source code. Excitedly attempting to reverse engineer it, he found a digital labyrinth of inefficiency.The loading screen moved at a pace slower than Internet Explorer on a dial-up connection. Help Bajtek get past the loading screen and finaly get to the actual game.
456 author: lexu
Flag format: ping{.*}
Meet Bajtek, the coding virtuoso at GdaÅsk University of Technology. After a wild night of celebrating a successful compile, fueled by too much caffene (and probably something stronger) Bajtek awoke with a colossal hangover. The room echoed with the triumphant cheers of his algorithms from the night before, but there was one tiny hiccupāhe couldn't remember his password.
As Bajtek squinted at the screen, even the gentle hum of his computer seemed as loud as a rock concert. With a head pounding like a runaway while loop, he asked you for help.
482 author: tomek7667
Flag format: ping{.*}
This is no ordinary reversing challenge! As the Christmas season is coming, we thought that a real elf would be a great addition to our team. Unfortunately, the image of the elf got completely smashed and we can't see anything. Can you help us recover the elf? Please DON'T confuse a leprechaun with an elf!
50 author: lexu
Flag format: ping{.*}
In the last programming session, Bajtek unleashed a coding catastrophe ā his spaghetti code was so messy that even the compiler threw up its hands in surrender. Colleagues attempted to debug it, but the code was like a Rubik's Cube on a caffeine overdose. Bajtek proudly declared it an avant-garde programming masterpiece, leaving his coworkers wondering if they should call a programmer's version of an exorcist. In the end, they renamed his file "spaghetti.cpp" to "noodleNightmare.cpp" as a memorial to the chaotic session.
500 author: toripizi#0611
Flag format: ping{.*}
My crazy colleague just send me this file and told me to run it with python but i'm scared of running it as he is literally CRAZY. Can you help me figure out what this script does?
50 author: tomek7667
Flag format: ping{.*}
Don't smoke zigarettes, kids!
500 author: brzeks
Flag format: ping{.*}
Are you ready to ascend and receive wisdom? If you're worthy enough, the Goddess may even spill some indisputable truths about her world...
nc dangle-me.knping.pl 30000
500 author: brzeks
Flag format: ping{.*}
Polish Post is trying out a brand new parcel shipping service tailored specifically for CLI enthusiasts. We're almost sure it was made by the lowest bidder though!
nc post-office.knping.pl 30002
499 author: brzeks
Flag format: ping{.*}
Mother, you scooped out my eyes with a spoon so I wouldn't see the filth.
nc without-love-it-cannot-be-seen.knping.pl 30001
"Made a myCloud drive website for upload and download files with ChatGPT! Feel free to try it"
Explore our online pet store for adorable companions ā from playful kittens to charming chickens. Find your perfect pet today. Buy now and bring home a new friend!
Connect here: 13.215.209.185:8222
What's wrong with Google?!
Languages have dialect, but do you know programming Languages have dialect too?
Sayur Kemudian Lebih Latih
Someone corrupted my QR code! Fortunately I got backup. Someone corrupted my backup!
It's cold, we need to warmup
Sending files the safe way
Where aRe you?
"Our analysts have discovered that a file has been compromised and transferred to another internal computer. Could you assist us in investigating this incident?"
None description,all in attachments.
"Santa is coming to town! Send wishes to santa by connect to the netcat service"
Connect here: 13.215.209.185:2000
Someone exploited the service! Disabled the registration for the service
Connect here 13.215.209.1852001
Endless RSA?
Defeat the boss and you get the flag, probably, maybe, I think, hmmm
Download here: https://www.dropbox.com/scl/fi/cvycpygrq759vqd5lfgsb/Game_boxed-1.exe?rlkey=pmel11rq3xp8m8swaeqelfhgt
Mirror: https://drive.google.com/file/d/1kmAUlT2Mf8myr8XsJYF3liSOfDVgM1e7/view?usp=sharing
If the application stuck on white screen when start, kill it and restart it.
Check SHA1 hash before start: 760e2ac6243bd8e78747f8fdf8bf329ee5da5b47
"What happened to my system? It has been working perfectly for more than 20 years."
pass: wgmy
Free food always tastes good. Free drinks even better
Connect here: 13.215.209.185:10001
Knock Knock open the door please
Connect here: 13.215.209.185:10002
Delight in Pak Mat's exclusive burger, reserved just for our special customers
Connect here: 13.215.209.185:10003
352 Author: ravinesPlains
moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo etc moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo etc moo moo moo moo moo etc moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo moo etc moo moo moo moo etc/cowsay/falg.txt
470 Author: T3mpā$+
View your photo gallery using our super Secure image gallery. we offer free 1 terabyte of storage of high-Quality images, showcased in a personalized custom aLbum.
link: https://imgy-gal.nitectf.live/ bakup link: https://imgy-galll.nitectf.live/
480 Author: Vikaran
Please answer this survey for the better of all
- Minnesota Dept of Roads & Railways
http://mini-survey.web.nitectf.live/
50 Author: ravinesPlains
Emergency response? Afraid not.
http://eraas.web.nitectf.live/
437 Author: ravinesPlains
Testing in prod. No worries are long as we are lighte :)
http://litelibrary.web.nitectf.live/
500 Author: ravinesPlains
It's done. We are live. Our IT guy barked at stuff. We barked counter stuff back at him. The point is that the lite-ness continues to be maintained.
http://litelibrary-v2.web.nitectf.live/
480 Embark on a silent adventure between a web browser and server. No clues, just mystery. Good luck, detective of the unknown!
"Flag format : NITE{FLAG}"
496 Author: caligo_phantom
Can you help me pull for the SSR?
499 Authors: YouGuess, D3V4, aRacHn0!D
Welcome to Unfair Chess! You always get to play White, but there's a catch, a couple actually!
For every move you play, Black gets two! Stockfish plays against you!
Really straight forward, survive 50 moves, you win.
You can get your Italians ready by 1. e2e4 or play Queen's Gambit with 1. d2d4
I played 1. d2d4 then 2. c2c4 then 3. d1d4 and lost my Queen :'(
Good luck to you though!
nc 34.93.104.246 1337
500 Author: ravinesPlains
Tuition fees have gotten so pricey. Check out the email this mum's sent.
500 Author: ravinesPlains
Porter has gone MIA. Yes there is some action happening. But right now we need to focus on finding her. The following evidence was found at one of the multiple condos she had rented. Can you figure out where she went?
Flag format: nite{}
50 Author: aRacHn0!D, D3V4
There is no escape, sometimes going in blind makes other attributes stronger.
nc 34.100.177.188 1337
425 Author: shreyyyk,spiderdrive is it MatPat , because welcome to GameTheory
If nothing seems to work NOTHING WORKS
nc 35.200.129.176 1337
500 Author: ravinesPlains
bored of solitude and lonesomeness we made an ad
yes this is an ad. Isn't it OG enough?
as I said, we were bored so we didn't go for anything too shiny
link: https://welcome2.nitectf.live/ bakup link: https://welcome-to.nitectf.live/
The flag is split into 3 parts. These parts are to be obtained with the same method after a minor modification for each part.
500 Author: T3mpā$+
John Doe, the admin of a very famous meme page, has been missing for quite a while. I was analysing the last video he was working on, but the frames I extracted are corrupted. I am sending the frames and audio to you; I give up.
Hint:- Do the frames actually lead to the flag, xor it's just another rickroll? Where's the key tho...
466 Author: YouGuess
: I think we should have a matryoshka challenge..
: Sure! Go ahead.
: Let's make it different this time. HEhe!
: *-+
473 Author: YouGuess, Asturias
Perchance, Professor Paranoid purposefully painted this puzzling picture to prompt his pupils. Perhaps, you can procure the passphrase.
437 Author: SG14
After accessing our private network, the hacker skillfully maneuvered through files, leaving behind a virtual trail of mystery. We managed to capture the packets, exposing the encrypted breadcrumbs scattered across the network. Before slipping away into the digital abyss, the intruder left a deliberate hintāa cryptic message that conceals the essence of their next move. Decrypt the message and unveil the obscured 'crypto' to thwart their cunning plan.
Taupe will be visible after this challenge
256 Author: unspecialfx
Our company is dealing with a possible case of corporate espionage. The credentials of one of our systems were changed and it was used to gain access to our internal network.
Help us gain access to the system before its too late.
Flag Format: nite{user_password}
coup de rƩseau will be visible after solving this challenge.
384 Author: unspecialfx
Too late. The network admin's system was compromised and we can't access our network anymore. Investigate the memory dump.
Amour Plastique will be visible after solving this challenge.
500 Author: unspecialfx
No wonder we were so easily hacked. Our investigation revealed that one of our employees has been communicating with the hacker. However, without any proof, there is no way to take action. Find the secret message.
384 Author: unspecialfx
It seems the intruder likes to hack in style. Analysis reveals the hacker was listening to a playlist while destroying the admin's system. Surely they might have left their tracks. Use dump2 to investigate.
cheval de troie will be visible after solving this challenge.
50 Author : Aditii,Asturias
RSA in haystack
500 Author:Asturias
oracles...hmm..
nc 35.204.210.148 1337
499 Author: Asturias
I need a new admin for my AES encryption service, but sigh, no one seems to make the cut :/
nc 34.90.85.37 1337
470 Author: gurmann
Can you find the flag among the noise?(a lone X is unknown )
Wrap flag in nite{ }
495 Author: Aditii
crack your neck for the unimportant bits. mr.hamming might help out iykyk
Wrap flag in nite{}
500 Authors: Definately_Not_A_Bot
Even Antman can't explain how to decrypt this by using the word 'quantum'
499 Author: D
Panther is engaged in a game of cards, yet it seems that he has not utilized the entire deck.
Wrap flag in nite{}
497 Author: D
You have intercepted a message from an encrypted communication channel, but it appears that the sender has implemented additional measures to safeguard the information. Are you able to decrypt it?
277 Author: ravinesPlains
Do you have an Albert Einstein in you? If not you better find one cuz you gonna need em else you gunna faint rottin
/var/quantumLava/flag.txt
nc 35.244.43.8 1337
499 Author: 0xB0Z0
decompiling the binary while drinking Lipton Ice Tea, is there anything better? Sips the Tea
499 Author: gurmann
Like everyone in this world, John Doe has a lock and a key. He knows the 3 bit lock is 110 but he has lost all the 8 bit keys. Help him find all the keys.
Flag format: Arrange all keys in ascending order, join with _ and wrap it with nite{}
495 Author: YouGuess, spiderdrive
We were able to intercept a transmission signal to end up getting an image from an criminal firm and one of our spies was able to send us an program which was used to encrypt it but he was caught right after that and lost some part of it before he could send it can u help us decrypt the transmission.
483 Author: Valvahen
You find yourself in a strange 2D world and the only way to escape is by finding the flag hidden in your surroundings. Look in every nook and cranny for it and be very patient because even a small slip up lands you back at the beginning.
You Collide, You lose - II will be visible after solving this challenge.
495 Author: Valvahen
Turns out one flag ain't gonna be enough. To get out, you need the secret code sung by the mystic P13t P1p3r whose ardent rings can forever be heard in an eerie corner of the world. Best of luck.
50 Author:0xB0Z0
Follow the commandments and you shall be worthy enough to lift the sword of Zealot
nc 34.93.183.186 1337
500 Author: skryptonyte
Note: You may use QEMU userspace emulation for testing your exploit but the way address spaces are created may cause issues.
nc 35.247.159.106 5000
500 Author: Skryptonyte We are experimenting on a new extension of the ARMv8 spec! Introducing ARMv8-NITE with blazing fast registers to crush those benchmarks!
nc 34.125.89.18 5000
50 Author: spiderdrive
Show me the right path to reach my final destination
nc 34.100.142.216 1337
442 I made this cool guestbook for the CTF. Please sign it.
Author: Ido
499 My bank is still in pre-alpha-alpha-alpha stage, but I'm sure it's secure enough to keep all of your information safe.
Author: SteakEnthusiast
494 I'm not much of a web developer, so my friends advised me to pay for a very expensive firewall to keep my first app secure from pesky hackers. Come check it out!
Author: SteakEnthusiast
https://uoftctf-my-first-app.chals.io/
362 I made a web app that lets you run any code you want. Just kidding!
Author: SteakEnthusiast
https://uoftctf-no-code.chals.io/
293 Come read our newspaper! Be sure to subscribe if you want access to the entire catalogue, including the latest issue.
Author: SteakEnthusiast
uoftctf-the-varsity.chals.io
232 I made a cool app that changes your voice.
Author: Ido
https://uoftctf-voice-changer.chals.io/
100 Check out my flag website!
Author: windex
https://storage.googleapis.com/out-of-the-bucket/src/index.html
407 This is a continuation of "Out of the Bucket". Take a look around and see if you find anything!
Author: windex
500 I downloaded a model that performs categorical classification on images. I want to use this model in a web application, but it doesn't seem to be very accurate. Can you check out the weights and see if you can figure out what's wrong?
Author: windex
hint: The groundbreaking paper presenting model extraction attacks is listed here: https://arxiv.org/abs/1609.02943
There are other more recent papers that go over this, perhaps you can find it!
Prediction responses are returned in the same order as in Python's sorted(os.listdir()).
500 Oops I deleted the source code, do you mind recovering it?
Author: nullptr
nc 35.202.233.94 1337 < solution.c
358 You've received a confidential document! Follow the instructions to unlock it.
Note: This is not malware
Author: SteakEnthusiast
481 No EDR agent once again, we imaged this workstation for you to find the evil !
Download Link : https://storage.googleapis.com/hourglass-uoftctf/ctf_vm.zip
( Updated Link, attachments remain the same, nothing was changed. )
Author: 0x157
499 Good Luck.
Author: 0x157
475 Use the VM from Hourglass to find the 2nd flag on the system !
Author: 0x157
100 We swiped a top-secret file from the vaults of a very secret organization, but all the juicy details are craftily concealed. Can you help me uncover them?
Author: SteakEnthusiast
500 The super secret organization changed their flag again. Can you work your magic again?
Hint: The flag characters contain abcdefghijklmnopqrstuvwxyz_
Author: SteakEnthusiast
100 I'm trying to find a flight I took back in 2012. I forgot the airport and the plane, but I know it is the one with an orange/red logo on the right side of this photo I took. Can you help me identify it?
The flag format is UofTCTF{AIRPORT_AIRLINE_AIRCRAFT}. AIRPORT is the 3 letter IATA code, AIRLINE is the name of the airline (dash-separated if required), and AIRCRAFT is the aircraft model and variant (omit manufacturer name). For example, UofTCTF{YYZ_Air-Canada_A320-200} or UofTCTF{YYZ_Delta_767-300}.
Note: The aircraft variant should be of X00 format; ie. there may be models with XYZ-432, but the accepted variant will be XYZ-400.
Author: windex
466 I hate functions. I hate them so much, that I made it so that you can never call them!
Note: Solving this challenge will unlock another challenge, "JS Blacklist".
Author: SteakEnthusiast
nc 34.172.149.49 5000
100 @windex told me that jails should be sourceless. So no source for you.
Author: SteakEnthusiast
nc 35.226.249.45 5000
500 "use really_really_really_strict";
Can you escape my jail now?
Author: SteakEnthusiast
nc 35.239.253.188 5000
500 Last year, I found a critical security vulnerability in Babel. I heard path.evaluate() is secure now, but it still wasn't useful enough for me. I added some code to enhance the functionality, without impacting the security!
Author: SteakEnthusiast
nc 35.193.215.35 5000
494 Zero letters, zero numbers, zero underscores, zero builtins, and zero hope of escaping
Author: SteakEnthusiast
nc 35.222.133.12 5000
442 I think that Diffie-Hellman is better with some curves, maybe elliptic ones. Let's share a secret!
Wrap the secret (which is a point) in uoftctf{(x:y:z)}, where (x:y:z) are homogeneous coordinates.
Author: Phoenix
500 This "state of the art"ā¢ cipher can be exported to your enemies without restriction.
Author: nullptr
nc 0.cloud.chals.io 23753
324 Windy, a piano prodigy, believes that RSA encryption may not provide sufficient security to safeguard his invaluable piano mastery secrets. So, he uses his musical talents to add another layer of security to the RSA encryption scheme. Now, no one will be able to figure out his secrets!
Note: The flag is UofTCTF{plaintext}.
Author: XiaoXiangjiao
100 I'm a known repeat offender when it comes to bad encryption habits. But the secrets module is secure, so you'll never be able to guess my key!
Author: SteakEnthusiast
442 A wheelbarrow ran over the flag. Can you fix it?
Please wrap the flag in uoftctf{}. Please keep the $ in the flag when submitting.
Author: notnotpuns
493 last time we had a worbler, it failed miserably and left everyone sad, and no one got their flags. now we have another one, maybe it'll work this time?
output:
_ _
| | | |
__ _____ _ __| |__ | | ___ _ __
\ \ /\ / / _ \| '__| '_ \| |/ _ \ '__|
\ V V / (_) | | | |_) | | __/ |
\_/\_/ \___/|_| |_.__/|_|\___|_|
==========================================
Enter flag: *redacted*
Here's your flag: a81c0750d48f0750
Author: cartoonraccoon
Unlock Hint for 0 points: try not to byte off more than you can chew! what does your code look like?
499 Hello there brave programmer!
I am the CEO of TotallySecureBankā¢, I have a lot of money in my bank account but I forgot my password! My username is admin and I have $100000 in my account.
If you could recover my account you can use my password as a flag (flag would be uoftctf{MyPasswordHere})
You can try the bank software by running java -jar BankChallenge.jar and use the admin user user with the password
Author: Ido
480 My web developer friend said JavaScript is insecure so he made a password vault with CSS. Can you find the password to open the vault?
Wrap the flag in uoftctf{}
Make sure to use a browser that supports the CSS :has selector, such as Firefox 121+ or Chrome 105+. The challenge is verified to work for Firefox 121.0.
Author: notnotpuns
500 If you send this to someone, you'll be dumped... unless it's someone who knows a thing or two about reverse engineering...
Side Note: A love letter (https://en.wikipedia.org/wiki/ILOVEYOU) is what inspired the author to become a hacker.
Unlock Hint for 0 points if you see awww on the output, your input is the correct flag. if you see nope, please try again
499 a little maze for you! just don't get lost! :3 remember, if you end up somewhere that doesn't look right, it probably isn't!
free hint: the entire flag is lower-alphanumeric ASCII.
Author: cartoonraccoon
Unlock Hint for 0 points you're a l33t h4xxor aren't you? i'm sure you can figure it out.
326 This challenge is a test to see if you know how to write programs that machines can understand.
Oh, you know how to code?
Write some code into this program, and the program will run it for you.
What programming language, you ask? Well... I said it's the language that machines can understand.
Author: drec
nc 34.28.147.7 5000
176 This challenge is simple.
It just gets input, stores it to a buffer.
It calls gets to read input, stores the read bytes to a buffer, then exits.
What is gets, you ask? Well, it's time you read the manual, no?
man 3 gets
Cryptic message from author: There are times when you tell them something, but they don't reply. In those cases, you must try again. Don't just shoot one shot; sometimes, they're just not ready yet.
Author: drec
nc 34.123.15.202 5000 Unlock Hint for 0 points If you don't have the manual in your machine, you can enter the command in google to read it online :)
Unlock Hint for 0 points There are a lot of nice ways to see how the program works!
There's IDA (very expensive software!) Ghidra is a free one, made by the NSA And there's good old objdump, a lightweight disassembler
Why don't you try one of these while you're waiting for output?
444 Now this challenge has a binary of a very small size.
"The binary has no useful gadgets! There is just nothing to return to!"
nice try... ntr
Author: drec
nc 34.30.126.104 5000
371 Okay, okay. So you were smart enough to do basic overflow huh...
Now try this challenge! I patched the shell function so it calls system instead of execve... so now your exploit shouldn't work! bwahahahahaha
Note: due to the copycat nature of this challenge, it suffers from the same bug that was in basic-overflow. see the cryptic message there for more information.
Author: drec
nc 34.134.173.142 5000
Flag 1 - Here is an FCC ID, Q87-WRT54GV81, what is the frequency in MHz for Channel 6 for that device? Submit the answer to port 3895.
Flag 2 - What company makes the processor for this device? https://fccid.io/Q87-WRT54GV81/Internal-Photos/Internal-Photos-861588. Submit the answer to port 6318.
Flag 3 - Submit the command used in U-Boot to look at the system variables to port 1337 as a GET request ex. http://35.225.17.48:1337/{command}. This output is needed for another challenge.
Flag 4 ā Submit the full command you would use in U-Boot to set the proper environment variable to a /bin/sh process upon boot to get the flag on the webserver at port 7777. Do not include the ābootcmdā command. It will be in the format of "something something=${something} something=something" Submit the answer on port 9123.
Flag 5 - At http://35.225.17.48:1234/firmware1.bin you will find the firmware. Extract the contents, find the hidden back door in the file that is the first process to run on Linux, connect to the backdoor, submit the password to get the flag. Submit the password to port 4545.
Flag 6 - At http://35.225.17.48:7777/firmware2.bin you will find another firmware, submit the number of lines in the āethertypesā file multiplied by 74598 for the flag on port 8888.
Hint: If there is an issue with submitting an answer with a challenge, try including newlines and null characters. For example: āprintf 'answer\n\0' | nc 35.225.17.48 portā
Submit the second flag of "Novel Reader" here
Hopefully you know how web works...
My homework was to write a JSON beautifier. Just Indenting JSON files was too boring that's why I decided to add some features to my project using a popular (More than 1k stars on GitHub!! ) library to make my project more exciting.
Important: You can't read any file other than /flag.txt on the remote environment.
We have many fun novels for ya...
I think I downloaded the wrong DOMPurify.
Website: http://91.107.157.58:7000/ Admin bot: http://91.107.157.58:7001/
I got your csp from asisctf 2023 finals, now gimme your content type!
Hint: app.alert
google-chrome '--unsafely-treat-insecure-origin-as-secure=http://91.107.157.58:8000' website: http://91.107.157.58:8000 admin bot: http://91.107.157.58:8001
The MAPNA CERT team has identified an intrusion into the plant's PLCs, discovering a covert message transferred to the PLC. Can you uncover this secret message?
After extensive investigations, the MAPNA forensics team discovered that the attackers attempted to manipulate the PLC time. Please identify the precise time in the following format:
year:month:day:hour:minute:second:millisecond
The flag is MAPNA{sha256(datetime)}.
Our MAPNA flags repository was compromised, with attackers introducing one invalid flag. Can you identify the counterfeit flag?
Note: Forgot the flag format in the rules pages, just find the tampered one.
You are not allowed to brute-force the flag in scoreboard, this will result in your team being blocked.
In the MAPNA field, a malicious traffic, was intercepted, with an unidentified protocol. Investigators suspect file transmission. Seek secret message.
Note: The file is updated, please download again.
Jigboy, the superhero, possesses the remarkable ability to reel in colossal fish from the depths of the deep blue sea.
Welcome to the Forensics XXG challenge! Our investigator stumbled upon a mysterious file. Can you uncover the hidden message?
In this task, we explore the realm of cryptographically secure random generators, where predicting the next output is deemed impossible. Are you ready to test your luck and skill?
Again, in this task, we explore the realm of cryptographically secure random generators, where predicting the next output is deemed impossible. Are you ready to test your luck and skill this time?
Rapid mastery of breaking symmetric encryption, deciphering codes with precision, and navigating complexities with unprecedented speed and efficiency are requirements for every professional cryptographer. So, be fast.
nc 3.75.180.117 37773
Solving the DLP in matrices over a finite field is no trivial task. What are your thoughts on this GLNQ belief?
Note: flag = MAPNA{m}, Don't convert m to bytes.
Dive into a cryptographic maze, untangle intricate codes, and unleash your creativity in this unique CTF experience by conquering the Shibs challenge.
Explore the strange world of isogenies in cryptosystems to uncover the secret flag.
Compile the given code and execute the resulting binary, passing the source code file as an argument, to obtain the flag.
Welcome,to,MAPNA,CTF,Year_2k24;main(){for(++CTF;to=-~getchar();Welcome+=11==to,Year_2k24++)CTF=to>0xe^012>to&&'`'^to^65?!to:!CTF?++MAPNA:CTF;printf("MAPNA{%4d__%d__%d_!}\n",(to+20)^(Welcome+24)+1390,MAPNA+=(!CTF&&Year_2k24)+10,Year_2k24+31337);}
Guys, in this reverse engineering challenge, your task is to skillfully locate me within the intricate digital labyrinth.
nc 95.216.191.248 13770
Enjoy the vintage with a time traveler!
Note: Do not forget to add MAPNA at the beginning of flag!
Heaverse, a paradoxical binary that defies logic: reverse it without reversing it. Can you navigate its enigmatic depths?
Flag format: MAPNA{CAPITAL_WORDS_THAT_YOU_FIND}
Prism has implemented a sophisticated anti-reverse engineering technique in the binary. Can you bypass this mechanism to obtain the flag?
Begin on a formidable journey into the realm of Zig reverse with tetim, a challenging and intricate reverse engineering task. Unusual for CTFs, it features Zig language binaries and promises a riveting experience, designed for those seeking revenge at MAPNA CTF.
pwn ^ pwn ^ pwn ^ pwn ^ pwn ^ pwn
nc 3.75.185.198 7000
I just changed S2U to U2S... This shouldn't lead to scary things right?
nc 3.75.185.198 6666
my flag is protected! what are you gonna do
nc 3.75.185.198 10000
I wrote a paint for myself but It seems kinda buggy
nc 3.75.185.198 2000
Hi! It's good to see you again in my networking series. There are total 18 challenges in this series & based on real life events of how can a server be compromised. Please download the attachment which will be used to answer all the questions. Don't make it too complex. Just keep it simple. Hope you'll solve them all. Wish you all a very good luck.
Scenario: Recently one of Knight Squad's asset was compromised. We've figured out most but need your help to investigate the case deeply. As a SOC analyst, analyze the pacp file & identify the issues.
So let's start with the basic.
What's the API Key?
Please use the attachment of the first challenge.
Can you find the Admin Flag of the web server.?
Please use the attachment of the first challenge.
What is the backdoor file name?
Please use the attachment of the first challenge.
What tool did the attacker use to do basic enumeration of the server?
Please use the attachment of the first challenge.
What's the CVE id for the vulnerable service?
Please use the attachment of the first challenge.
There's something confidential. Can you find it?
Please use the attachment of the first challenge.
What is the database username & databasename?
Please use the attachment of the first challenge. And keep in mind that the file you have is the backup file. There might be an update to the database.
The attacker used a popular tool to gain access of the server. Can you name it?
Please use the attachment of the first challenge.
What tool did the attacker use to identify the vulnerability of edit task page?
Please use the attachment of the first challenge.
Hidden_File
What's the flag of the hidden file?
Please use the attachment of the first challenge.
Hidden_Page
There was a hidden page which was only accessible to root & was removed from the web app for security purpose. Can you find it?
Please use the attachment of the first challenge.
What was the port number of the reverse shell of the server?
Please use the attachment of the first challenge.
There's something interesting. Can you find it?
Please use the attachment of the first challenge.
What is the super admin password in the web application?
What was the vulnerability on the edit task page & what parameter was vulnerable?
Please use the attachment of the first challenge.
What service was vulnerable to the main server?
Please use the attachment of the first challenge.
The ocean's beauty is in its clear waters, but its strength lies in its dark depths.
This standard cipher comes with a twist!
In the mystical land of Eldoria, a fierce dragon had captured the kingdom's most precious treasure, hiding it behind a magical binary. The bravest knight of the realm, Sir Emeric, known for both sword and wit, embarked on a quest to retrieve the treasure. To succeed, he must reverse the dragon's binary. As Sir Emeric's trusted apprentice in "Dragon's Binary" you are tasked with solving the cipher to reveal the hidden treasure and help vanquish the dragon's spell. Your journey is filled with mystery and danger, where only the sharpest mind can prevail. . Right Passcode is the flag.
In a realm where magic and technology merge, lies the Knight Armoury, home to the legendary "Sword of Bytes." Forged by Knight Squad, this digital sword holds immense power. Your mission: reverse the ancient binary guarding the Armoury and claim the sword to become the protector of the digital kingdom. Only the wisest and most skilled in reverse engineering can succeed. Are you ready to embark on this epic journey?
In a land shadowed by the dragon Saphira, legends whispered of a powerful weapon, the Valyrian sword, lost in the mists of time. It was said that only those who could reverse the ancient binary, a mystical code from the forgotten ages, would uncover the sword's location. Brave challengers, your quest beckons you to unravel this riddle. Succeed, and the Valyrian sword shall be yours to wield against Saphira, bringing an end to her reign. The destiny of the land rests in your hands.
Can you get the sword ?
You are a skilled hacker known for your expertise in binary exploitation. One day, you receive an anonymous message challenging your abilities. The message contains a mysterious binary file. Now you decide to analyze the file.
score:500 solve_count:1
Pwn,difficulty:Normal
In the digital realm, three Cyber Boxes existed, which We called Trinity Box or T-Box.
The first jumpbox, the second gatebox, and the final flagbox. Summon a flag when gathered all three box
nc 47.251.11.236 8888
score:194 solve_count:21
Web,difficulty:Normal
i wanna inject sth in my Box what should i do?
nc 47.89.225.36 9999
cn-oss: update attachment
accelerate-oss: update attachmen
score:290 solve_count:11
Web, difficulty:Baby
Old CVEs, try to pwn it for fun.
nc 47.251.10.169 8888
score:224 solve_count:17
Blockchain, difficulty:hard
I've crafted what I believed to be an ultra-safe token bridge. Don't believe it?
nc 47.251.56.125 1337
score:84 solve_count:66
Misc, difficulty:Baby
Show your jailbreaking techniques and get the flag.
nc -v -N 47.89.192.246 1337
score:320 solve_count:9
Misc, difficulty:Baby
Of late, whispers doth persist behind mine back. Yesterday, under the studio tower, a peculiar contraption was found by me. I am most intrigued to discover the content of their discourse.
score:338 solve_count:8
Misc, Web, difficulty:Baby
Write down your best, most precise vulnerability-matching CodeQL query here. I will use it to defeat LLM and stop the endless layoffs to save our jobs!
nc 47.254.70.30 9999
score:87 solve_count:63
Misc, Crypto, difficulty:Baby
You are right, but "CTF" originated from the DEFCON global hacker conference in 1996. It is a competitive game among network security enthusiasts. This game takes place in a competition called "RealWorld", where those who solve the challenge will be awarded a "Flag". You will play a character named "CTFer" and work with your teammates in the game, using knowledge and skills to solve various challenges - and at the same time, gradually discover the truth of "Plain".
Repository: https://github.com/gwuhaolin/lightsocks
score:500 solve_count:0
Forensics, difficulty: Normal
Unfortunately, my grandma has passed away recently. The photos in her laptop
are the only memory of her that I have. However, I could not remember the
password of her laptop. The photos are protected by BitLocker and cannot be
read out directly from the disk. I am trying to restore the photos. I really
need your help.
Grandma's Laptop is available at https://47.88.103.9:1337/.
Hint for Grandma's Laptop: pick your favorite from https://github.com/Wack0/bitlocker-attacks#software-attacks
score:500 solve_count:1
Pwn,difficulty:Normal
In the realm of code, where the brave ones dwell,
Seek the treasure hidden, in CGI's shell.
Courageous hackers, let your skills unfold,
Break the chain, let the story be told.
For glory awaits those who unveil the unknown,
In the digital world, let your prowess be shown.
nc 47.88.19.153 12345
score:378 solve_count:6
Pwn, Panasonic (PCSL), difficulty:Schrƶdinger
Oh, no, in the middle of our party, there was a strange baby cry coming from the IP Camera.
There is only one service in the device, can you figure out the baby crying? flag path: /flag
nc 47.88.48.133 7777
score:477 solve_count:2
Pwn, difficulty:Normal
We have added sum support for string to postgresql! Try it out!
nc 47.88.60.165 6666
score:500 solve_count:1
"Pwn, difficulty:Hard
Lyrics: RIPTC
Composer: Krias aka Digging into kernel
I'm fond of the days that are retro
Hate the future's unpredictable echo
Peep into the kernel, take a look
Revive the code that the attack took
Found one new 0 day, what a magic
Triggering the moment, I've lost the knack
Patching up the class, secrets I pack
Source code added a few files, ain't no pretense
Three characters added in another file, spotted only in vmlinux, no defense
Friends from afar, they arrive
Could you help me thrive, like eating greens, time
nc 47.88.23.76 7788
Hint1 for RIPTC:
Source code added a few files, ain't no pretense
By learning from CVE-2023-1829, CVE-2023-3776 and CVE-2023-4206, you will find a new bug in cls_tcindex.c"
score:451 solve_count:3
Pwn, Clone-and-Pwn, difficulty: Hard
The great magician Merlin created this magical device, but accidentally left a vulnerability in it. And you, as an extraordinary hacker, now have this magical device in front of you. Can you discover this vulnerability and use your 'magical skills' to break through it?
** Please select your target from the following: **
nc hk.router4.exp.sh 8888
nc us.router4.exp.sh 8888
nc eu.router4.exp.sh 8888
score:500 solve_count:0
Pwn, difficulty:Normal
Make sure to be very very far away from my b"\xCC\xCC\xCC\xCC\xCC\xCC" unless you want to be badly burned.
nc 47.251.60.42 1337
score:500 solve_count:0
Pwn, Misc, demo, difficulty: Schrƶdinger
This is an LPE(Local Privilege Escalation) challenge. Your task is to pop a highly-privileged(nt authority\\system) cmd.exe as a low-privileged user. Follow these steps to deploy the challenge locally:
- download and install the virtual machine from: https://developer.microsoft.com/en-us/windows/downloads/virtual-machines/
- execute the installer (installer.exe in the attachment) as Administrator
- the installer will set up the vulnerable component. You can then attempt to find the vulnerability and exploit it
Notes about the demo:
- Send your
exploit archive fileto demo@realworldctf.com and DM @M4x on Discord when you're ready. Meanwhile, the email should also contains your team name and team token - You can choose to demo your exploit publicly or privately, according to your preference. If you choose to demo publicly, the entire process will be visible to everyone, so remember to remove sensitive information. If you choose to demo privately, we will set up a private discord channel that only includes the admin and your team members
- Our demo VM is slightly configured, including:
a. Windows Defender is disabled. You don't have to contend with it.
b. A standard user(not in the Administrator group, with the username beingctf) is created for demo purposes. We will run your exploit in the context of the standard user. - If your exploit needs multiple steps, please batch them in a single file. We will only execute one of your files and then wait for the result without more user interaction
I will not accept more than 3 emails per team. If you really need more, you will need to explain to me in detail why you messed up your first 3 tries and convince me that you deserve a 4th chance.
The running time for each try cannot exceed 3 minutes.
I will reward you with the flag if the highly-privileged cmd.exe pops up.
score:93 solve_count:57
Misc, Clone-and-Pwn, difficulty:Baby
I like eat domato, it''s excellent for dom fuzz, try to use your rule!
nc 47.251.60.74 9999
score:500 solve_count:0
Web, Clone-and-Pwn, difficulty:Schr\u00f6dinger
Welcome, seekers of cyber lore,
To a challenge like none before.
In a world where maps are key,
GeoServer's the tool, you see.
It's set on Windows, standing tall,
With Tomcat running, serving all.
But lurking deep, a bug does hide,
An RCE gap, wide and wide.
Your mission, should you choose to play,
Is to exploit in a clever way.
Use your skills, be sharp and keen,
In the code, where not easily seen.
Find the flaw, make your move,
Let your savvy cyber groove
Turn the tide, and gain control,
In this digital escapade role.
So embark on this virtual quest,
Put your hacking skills to the test.
In this GeoServer jive,
Find the hive where RCEs thrive.
Can you dive into the code,
On this cyber treasure road,
And emerge, with flags in hand,
As the finest hacker in the land?
nc 47.89.213.235 1337
Hints 1:
- First of ALL: for the expected solution, you MUST following the README.txt file to deploy the geoserver.
- The expected solution is a combined Pre-auth RCE vulnerability of stable version of geoserver at 2.24.1 (just found that geoserver lastest released version 2.24.2, don't worry, it's is also vulnerable to expected solution), in more detail, it's an pre-auth vulnerability combined with post-auth RCE vulnerability.
- For the pre-auth vulnerability, your mission is to find an 'abitrary file read' vuln (not a really 'abitrary', but is sufficient for you to obtain admin's privilege), after then, you can seek for post-auth RCE on geoserver 2.24.1 or geoserver 2.24.2 if you want ;)
- The deployed machine is in an isolated network therefore it is not vulnerable to any oob attacks.
score:500 solve_count:0
Web, Pwn, difficulty:Schrƶdinger
You sent a nightmail in the moon's pale glare, Then in my slumber, nightmares came to snare.
About the challenge:
-
Environment setup: You can use the software installation package provided in the attachment to build a local environment for test. You can follow the default steps during installation, except for the
Set up encryptionstep, you should chooseContinue without encryptionoption. -
Find the vulnerability: Try to find a Remote Code Execution (RCE) vulnerability in eM Client installed in Windows, the vulnerability should be triggered when the victim clicks the malicious email sent by you.
-
Capture the flag: After your exploit successfully works in your local environment, you can connect to
nc 47.89.252.163:1337to apply for your team's independent vm environment and then try to obtain the flag.
About the vm:
- OS: Windows Server 2022 x64
- Software version: eM Client v9.2.2157
- Path to flag:
C:\\flag - After the vm starts, an automated script will simulate logging into eM Client with the victim email address. After waiting for 5 minutes, it will click on the most recent email in the inbox.
- The vm will be destroyed after 15 minutes.
- If you are sure that your exploit can work locally but keeps failing in the remote vm environment, please contact me (@voidfyoo) on discord channel.
score:500 solve_count:1
shellcode, difficulty:Hard
Thanks to Qiangwangbei organizers for the gueststolen challenge!
nc 47.89.227.164 1337
NotDeGhost 445 solves / 105 points
Follow the leader.
strellic 269 solves / 109 points
can you login as admin?
NOTE: no bruteforcing is required for this challenge! please do not bruteforce the challenge.
Downloads
larry 180 solves / 115 points
i made a ejs renderer, its 100% hack proof im using gpt to check all your queries!
please note that the backend for this challenge is not the same as the one given to avoid leaking our API key, but the queries to the OpenAI API are exactly the same.
(Instancer)[https://instancer.mc.ax/challenge/gpwaf]
Downloads
(gpwaf.tar.gz)[https://static.dicega.ng/uploads/bd158456c1a33a1d574c7df5400636d86739a738b12889e3da13f52d7e2282c1/gpwaf.tar.gz]
BrownieInMotion 59 solves / 119 points
beep boop
Downloads
BrownieInMotion 33 solves / 135 points
beep boop, again
Downloads
larry 16 solves / 272 points
i've made too many csp challenges, but every year another funny one comes up.
Downloads
strellic 2 solves / 481 points
safelist had some flaws, but now they're fixed! It's now perfectly secure, perfect for all your list needs!
Hint: Flag is in the format dice{[a-z]+}
Downloads
strellic 1 solve / 500 points
The most secure place to create and store private pastes that can only be read once.
Downloads
defund 947 solves / 1 point
Join us at discord.gg/dicectf and read the #rules channel to get the flag!
defund 253 solves / 1 point
Thanks for participating in DiceCTF Quals! Fill out this survey to get the flag here. We hope to see you in NYC for Finals!
arxenix 107 solves / 127 points
may your code be under par. execute the getflag binary somewhere in the filesystem to win
nc mc.ax 31774
Downloads
kmh 68 solves / 144 points
pickle
nc mc.ax 31773
Downloads
aplet123 15 solves / 281 points
I hired an auditor to secure my python interpreter!
nc mc.ax 31130
Downloads
orion, hpmv 9 solves / 347 points
(adj.) spellā¢bound (spel'bound') : held by or as if by a spell.
Submit your APK here: spellbound.mc.ax
The evaluation process is as follows. A fresh Android emulator is started using the Docker image us-docker.pkg.dev/android-emulator-268719/images/30-google-x64:30.1.2 and the DictionaryService, DictionaryApp, and your APK are installed. It then launches your APK with the command am start -n com.dicectf2024.attackerapp/com.dicectf2024.attackerapp.MainActivity waits for 20 seconds, and then returns you the output of logcat -d dicectf:V *:S Make sure you sign your APK, or else it will not install.
Your goal is to access the random flag generated by the DictionaryService, and log it to logcat so that you can see the random flag. Then, exchange that flag for a real flag using the "get flag" page. The random flag is different for every submission. You must submit the correct random flag generated for that submission in order to get the real flag.
DO NOT attack anything outside of the Android emulator. This includes the CTF infrastructure, the UI for submitting APKs, viewing the results, etc. Also, the Android emulator does not have any network access. This is purely an Android challenge.
Downloads
hpmv, orion 8 solves / 362 points
Ever heard of airdrops? Well, we're doing a floordrop. We're dropping the flag on the floor. Go pick it up.
This challenge happens on DiceChain, an Ethereum-compatible network started using go-ethereum with the genesis.json provided to you. You may start a challenge attempt at any time by connecting to the provided nc.
During each challenge attempt,
- The server will generate a challenge for you to solve and send a transaction that calls
setChallenge(the challenge)on the ProofOfWork contract. - Two seconds later, the server will send another transaction that calls
expireChallenge()on the same contract. - Your goal is to solve the challenge and submit the solution by calling
solveChallenge(the solution encoded in bigendian bytes, random nonce), before the challenge expires. A script to solve the challenge has been provided to you insolve.py. - If you submit the correct solution before the challenge expires, a flag will be printed in the same nc session. You're encouraged to use the mock challenge (menu option 1) to familiarize yourself with the challenge setup. Also, to help with your understanding, an example series of transactions that would yield a successful solve can be found in block 154.
Links:
Block explorer: https://floordrop.hpmv.dev/
RPC: https://floordrop-rpc.hpmv.dev/
Faucet: floordrop-faucet.mc.ax (use to get some free DICE!).
nc mc.ax 32123
Downloads
ireland 6 solves / 396 points
I just want a picture of a god-dang Madagascar cat
nc mc.ax 31373
Downloads
kmh 2 solves / 481 points
The Internal Restrictedpythonexecution Service has established a new automated auditing pipeline. Can you remain undetected?
nc mc.ax 31337
Downloads
irs.c irs audit.py build.sh run.sh Dockerfile
defund 169 solves / 116 points
A simple implementation of the Winternitz signature scheme.
nc mc.ax 31001
Downloads
ireland 40 solves / 129 points
Have you ever heard of homomorphic encryption?
This is the first part of a two-part challenge.
nc mc.ax 30662
Downloads
server.py generate.py public.key x.ctxt
clam 94 solves / 131 points
We're opening a new casino! The only game is rock-paper-scissors though...
nc mc.ax 31234
Downloads
defund 38 solves / 181 points
Key...no, that's just the letters and numbers that were on that little sheet of paper
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null yaonet@mc.ax -p 31000 -i id_ecdsa
Downloads
ireland 1 solve / 250 points
what if we made it good?
This is the second part of a two-part challenge.
nc mc.ax 30663
Downloads
server.py generate.py public.key x_hard.ctxt
gripingberry 10 solves / 334 points
I decided that CSIDH needed a bit more entropy! Now, not only do we have a random starting curve, but also a random point!
nc mc.ax 30893
Downloads
ireland 0 solves / 500 points
My new quantum computer has no issue running Shor's algorithm, but the readout error is still pretty high.
Downloads
publickey.pem ciphertext.bin setup.py mea_shor_ment_error.py shor.txt
defund 0 solves / 500 points
AI meets cryptography! DiceNet is a cutting-edge flag checker which leverages multi-party computation to perform secure inference.
There is a bug in the construction described in the papers (see README.txt), which is implemented by swanky. You do not need to comb through the library's code to find the bug. Read the papers!
Hint: what happens when you use a composite modulus?
./client --model model.json --weights dummy_weights.json --file sheep.png mc.ax:31002
Downloads
clubby 107 solves / 127 points
Try 2024's hottest game so far - DiceQuest! Can you survive the onslaught? Custom sprites made by Gold
note: the flag matches the regex dice{[a-z_]+}
Downloads
solomon-ucko 69 solves / 144 points
Pain++
I'd recommend reading the x86-64 System V ABI documentation and the libstdc++ source code while attempting this.
Downloads
BrownieInMotion 34 solves / 191 points
no more, but sometimes less
Downloads
hgarrereyn 14 solves / 290 points
Just some creative accounting...
Downloads
DiceTax.catala_en Dockerfile tax.py
infuzion 8 solves / 362 points
This flag checker sure looks like it went through a blender.
Note: Run the challenge inside a ubuntu:22.04 docker container if you run into libc issues or crashes inside libc during startup.
Downloads
hgarrereyn 7 solves / 378 points
mushy
Downloads
kfb 80 solves / 137 points
take it easy baby, don't you ever grow up, just stay this simple
nc mc.ax 32526
Downloads
chop0 52 solves / 159 points
Can you find a logic flaw in this 3-issue, 5-execute, 1-retire RISC-V CPU?
nc mc.ax 31441
Downloads
chop0 14 solves / 290 points
Can you exploit a race condition in this 3-issue, 5-execute, 1-retire RISC-V CPU?
nc mc.ax 31442
Downloads
clubby 29 solves / 205 points
Using 32 bits to encode a short jump is so wasteful... this will surely be betteršš¤
nc mc.ax 32421
Downloads
pepsipu 9 solves / 347 points
i've been watching too much jjk
due to super bruteforce, we are forced to add POW. this is why we can't have nice things
nc mc.ax 31040
Downloads
boogie-woogie Dockerfile hook.sh run.sh chroot.sh
NotDeGhost 3 solves / 458 points
Escape the game.
Submit your URL: adminbot-ddg.mc.ax
Downloads
dicedicegoose.tar.gz solana_prog.so
web http easy begula
I made a simple web application to teach you guys how HTTP responses work, I hope you enjoy :)
web php wasm medium begula
A journey only brave can travel.
medium n0tsane
My electronics engineer friend is working on some secret project.
However, he deleted the documents containing the circuit designs by mistake and needs to recover them from a set of suitably modified source files. Could you help him in this?
Wrap the flag in pearl{}.
medium kannaya
Looks like they are random, aren't they?
easy e4stw1nd
Just a baby jail. Nothing special!
medium Masrt
after 4 years of college, I finally got to learn complex analysis. I also took PDE that semester ĀÆ(ć)/ĀÆ
medium e4stw1nd
You just need to escape the jail. How hard can that be?
packet-analysis easy Pr0meth3u5
I have intercepted a pcap file on the dark web between unknown agents. Help me decrypt it and find out what they're upto!!
medium drago steg
This time you ran across their activities in an illegal game server using a suspicious protocol, analyze the pcap and get the flag!!
audio easy begula
I hate frequencies which are multiple of 50, they ruin the song.
easy e4stw1nd
I suspect my former friend is upto something wrong. I tried to access his network but for that, I need the password to his wifi. Enclose the password in pearl{} when you find it.
forensics medium Pr0meth3u5 steg
I requested my friend who was just at the beach to send me some photos of the ocean. Instead, he handed me audio files and stated that this was the image. Please find the image for me and in return, I'll give you the flag.
easy kannaya
This excel sheet is troubling me a lot !! help me find the flag . Enclose the flag in pearl{}
kannaya easy
Now that you've discovered the letter, it falls upon you to ensure its safe journey to its intended destination. Enclose city name and state name in lower case alphabets seperated with underscore in pearl{}
medium SRPG
A notorious hacker group known as āThe Cipher Syndicateā has stolen sensitive data and hidden it within a smart contract on the Ethereum blockchain. The stolen information is crucial for a covert operation, and your team has been tasked with retrieving it. Your mission is to crack the safe (smart contract) and extract the concealed data. The smart contract address where the data is stored is 0xE2f01984b5B70d4b1Dae98e060f4eA4D96824120.
SRPG easy
Welcome to Mumbai, the city of crime and chaos. You are a hacker who wants to infiltrate the network of a notorious gang leader, Franklin Clinton. He has deployed a smart contract on a layer-two (L2) scaling platform for the Ethereum blockchain that contains some information about his associates, such as Markus and Trevor Philips. The contract address is 0x9562029A39BF4E0F1e2811a97f0962B70E97e7c8. You need to interact with the contract and decode the output.
Get to this contract address to get the hash value.
4darsh easy
The Government intercepted three spies named Rivest, Shamir, Adleman.The content of these messages could be vital for national security,Decrypt their comms!!
easy s4ych33se!
"Baby's first steps are important, so I increased the number of primes"
binary cyb3rpunk_b4ddi3
linear feedback shift of bits ?
realworld a gopher hard
It's March but its raining like June... anyway, you just found this cool interface
ps: these peeps start their comms with a Good Morning
easy SRPG
I hope you know your crypto basics.
easy n0tsane
More keys = More security. Prove me wrong!
equations Masrt hard
naughtyb0y: This is impossible if you haven't realised.
masrt: It's just equation solving, how hard can it be?
coding theory medium masrt
I've been delving into Matrix Product Codes and found a novel way to hide intriguing "stuff". Care to uncover the mystery?
Note: flag is lowercase and add underscores between words Example: if you found the words "BIG SUMMER BLOWOUT", then flag is pearl{big_summer_blowout}
xbox hard masrt
Games are wonderful, aren't they? Here's the first build copy of W.o.W (not World of Warcraft), hope you are able to uncover the secrets. Install any libraries if required~
made with ā” by Team Orange
medium Al13n
My friend is consistently engrossed in reading Google News, and lately, he has been incessantly discussing the concept of dimensionsāspecifically, a staggering 300 of them. He fervently insists that words can be represented as vectors, a notion that seems perplexing at best. In the midst of his enthusiasm, he has even developed a game centered around guessing words. Can you solve his game?
medium naughtyb0y
This doesn't make sense at all, How is this file even getting executed? Oh you got something useful? Now keep searching more. Remember the journey matters more than the destination
hard naughtyb0y
Some C + assembly + some Java and you get a super secure vault made Just-In-Time before the CTF.
python bytecode medium TheAlpha
I know you are a python expert, but can you reverse this?
reversing docker easy TheAlpha
Process this whale to get floating gold
easy v1per
Can you find the correct input?
rev medium v1per
Reversing a binary is pretty easy innit? But what if there are 200 of them?
rev rust hard begula
I developed a proxy for my organisation in rust to complicate things, can you test it's complication?
easy Naughtyb0y
Let us go on a quest for adventure and thrill!
hard v1per
Ares, the God of war has sent his champion to destroy Athens. Destroy his champion with your own heroes and save the city!
easy s4yCh33se
Somedays, I just want to return......
medium Al13n
Step into the prestigious world of culinary excellence where only the elite prevail. Your culinary prowess is renowned, but now, a challenge awaits that will truly test your skills. Can you create a masterpiece sauce worthy of an elite chef?
pwn naughtyb0y easy
Just a normal note taking app...
medium Naughtyb0y
I am wondering can you find the needle in the haystack (Not with your eyes but just binary)???
medium v1per
My friend created this security check for a file he didn't want me to see. I need a passphrase to unlock it. I tried everything but it seems impossible. Can you help me get the file?
A modern java challenge prepared for u ! Bypass it and achieve RCE !
Ich habe eine Tagebuch-Website von jemand anderem kopiert, wie kƶnnte das ein Problem sein?
ę²”ęäŗŗęÆęę“ä¼ē½čļ¼
PoWčę¬åÆåčļ¼
https://github.com/KingBridgeSS/ctf-pow-for-docker-compose/blob/main/client.py
Swap is a kind of magical magic, and I am deeply impressed.
How can things go wrong when using a proxy server?
ååę°å¹“åēē¬¬äøäøŖXCTFē¾å°
Do you know xlog? I also wrote a solog, but it seems that I forgot to delete some test codeā¦
ä½ ē„é xlog åļ¼ęä¹åäŗäøäøŖ sologļ¼ä½ęÆę儽ååæč®°å ęäøäŗęµčÆ代ē äŗććć
none
åÆę²”é čæęÆCommon Prime RSA
ēęÆē®ē®ååååļ¼ä½ 们ęåčæčæę ·ē®åēé¢åļ¼
just a ezcrc :)
äŗŗę»åä¼å»åä½ę¹ļ¼
ā¦ęč ļ¼äŗŗä¹éä¹ć ä¼äŗęä¹ē¾ć ē¶ę¶čæå¢čæļ¼ę±å¤č§ä¹ļ¼å ¶é¢å ä½åļ¼ åæä¹ęå±ļ¼éä¹ęå½ļ¼ēå°½ē “ē¢åę£ć ē»ēä¹å»ļ¼å¾ēēåčŗ«äøŗęļ¼ęÆ仄äøå Ŗå”čŗÆä¹ć
Do you know what VMT is? Can you find the strings?
A baby Problem
none
A simple vk program
none
Tiny allocator for memory allocation and remote code execution.
Hack the Cache
none
UEFI SMM U know? : )
A simple VM
Note: This challenge is completely different from reverse-cvm
Who am I?
431 Passengers 105 Solves Author: Minh
I keep trying to log in, but it's not working :'(
http://log-action.challenge.uiuc.tf/
370 Passengers 173 Solves Author: Louis
SIGPwny Transit Authority needs your fares, but the system is acting a tad odd. We'll let you sign your tickets this time!
https://fare-evasion.chal.uiuc.tf/
495 Passengers 9 Solves Author: arxenix
We're working on a cool password manager extension for SIGPwny members. Can you break it?
ncat --ssl pwnypass-bot.chal.uiuc.tf 1337
498 Passengers 3 Solves Author: arxenix
This is the second flag for pwnypass.
ncat --ssl pwnypass-bot.chal.uiuc.tf 1337
-1 Passengers 10 Solves Author: Richard
This is a PIC16 coding challenge. Note: the flag format is <sha256>.<number>.
This challenge is scored differently from other challenges. Competitors receive a score based on their ranking compared to others in a compression contest. See README in attached zip for more information.
ncat --ssl picoify.chal.uiuc.tf 1337
470 Passengers 52 Solves Author: Cameron
I heard you can get sent to jail for refusing a cup of tea in England.
ncat --ssl astea.chal.uiuc.tf 1337
453 Passengers 76 Solves Author: Jake
We have onboard entertainment! Try your luck on our newly installed slot machine.
ncat --ssl slot-machine.chal.uiuc.tf 1337
468 Passengers 55 Solves Author: Cameron
I love how there are so many different types of pickles. I tried experimenting with two of them.
ncat --ssl push-and-pickle.chal.uiuc.tf 1337
393 Passengers 149 Solves Author: Emma
LISA and the secret business partner have a secret Spotify collaboration planned together. Unfortunately, neither of them have the opsec to keep it private. See if you can figure out what it is!
This is part three of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. I recommend starting with the other two challenges!
100 Passengers 511 Solves Author: Emma
It appears that the Long Island Subway Authority (LISA) has made a strategic business partnership with a surprise influencer! See if you can figure out who.
This is part two of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. This challenge is possible without Hip With the Youth but will be easier if you start there.
81 Passengers 567 Solves Author: Emma
The Long Island Subway Authority (LISA), in an attempt to appeal to the younger generations, has begun experimenting with social media! See if you can find a way to a flag through their Instagram.
This is part one of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. I recommend starting here!
121 Passengers 466 Solves Author: CBCicada
That was quite a pretty night view, can you find where I took it? Flag format: uiuctf{street name, city name} Example: uiuctf{East Green Street, Champaign}
Some words are blurred out to make the challenge harder, hopefully.
Flag format clarification: Use the full type, e.g. Avenue, Street, Road, etc., and include a space between the comma and city name.
466 Passengers 57 Solves Author: CBCicada
Super wide roads with trains... Is this the new Dallas? Flag format: uiuctf{coordinates of intersection between the rail and the road} Example: uiuctf{41.847, -87.626}
Flag format clarification: Use three decimal points of precision, truncate, and do not round. Use Google Maps location for reference. The last digit of the first cooordinate is odd, and the last digit of the second coordinate is even.
319 Passengers 225 Solves Author: CBCicada, Emma
Now that's a BIG plane! I wonder where it is. Flag format: uiuctf{plane type, coordinates of the aircraft} Example: uiuctf{Airbus A380-800, 40.036, -88.264}
For coordinates, just omit the digits, do not round up. Precision is the same as the one in the example. The aircraft name is the same as Wikipedia page title. You can extract enough information from this image to answer this. You DO NOT need to register any accounts, all the information is public.
Flag format clarification: The last digit of the first coordinate is even, and the last digit of the second coordinate is odd.
431 Passengers 105 Solves Author: Nikhil
My friend told me that cryptography is unbreakable if moduli are Carmichael numbers instead of primes. I decided to use this CTF to test out this theory.
ncat --ssl groups.chal.uiuc.tf 1337
461 Passengers 65 Solves Author: Husnain
I encrpyted the flag, but I lost my key in an annoyingly large haystack. Can you help me find it and decrypt the flag?
ncat --ssl key-in-a-haystack.chal.uiuc.tf 1337
416 Passengers 122 Solves Author: Richard
These signatures are a bore!
ncat --ssl snore-signatures.chal.uiuc.tf 1337
246 Passengers 298 Solves Author: Anakin
Gone with the wind, can you find my flag?
ncat --ssl without-a-trace.chal.uiuc.tf 1337
322 Passengers 222 Solves Author: Anakin
"It is my experience that proofs involving matrices can be shortened by 50% if one throws the matrices out."
Emil Artin
ncat --ssl determined.chal.uiuc.tf 1337
93 Passengers 531 Solves Author: Anakin
A perfect first challenge for beginners. Who said pirates can't ride trains...
363 Passengers 180 Solves Author: Anakin
I'm pretty tired. Don't leak my flag while I'm asleep.
496 Passengers 7 Solves Author: 32121
I used multithreading to check your flag so much slower that it almost feels like time travel.
483 Passengers 30 Solves Author: spicypete
My friend gave me his address, but the coords he gave are n dimensional... Can you help me setup my GPS to find him?
Once you pass all checks, you need to plot all the x, y points in order as a line plot in order to reveal the flag. The flag consists of three valid words seperated by underscores, wrapped in the flag format, and all lowercase.
381 Passengers 161 Solves Author: Nikhil
All you have to do is find six numbers. How hard can that be?
497 Passengers 6 Solves Author: spicypete
I really hope this challenge TiCkLes your fancy! It is my most cursed challenge yet.
440 Passengers 93 Solves Author: ronanboyarski
The threat group GREGARIOUS GOOSE has hacked into SIGPwny servers and stolen one of our flags! Can you use the evidence to recover the flag?
WARNING: This challenge contains malware that may read images on your hard disk. Ensure that you do not have anything sensitive present.
482 Passengers 32 Solves Author: spicypete
Damn, I lost my canary at one of the train stations. Can you help me find it?
ncat --ssl lost-canary.chal.uiuc.tf 1337
This is a rev/pwn challenge, not just rev.
494 Passengers 12 Solves Author: ronanboyarski
The threat group GREGARIOUS GOOSE has hacked into SIGPwny servers and stolen one of our flags! Can you use the evidence to recover the flag? Now with 100% more goose.
WARNING: This challenge contains malware that may read images on your hard disk. Ensure that you do not have anything sensitive present.
480 Passengers 36 Solves Author: Surg
The government banned C and C++ in federal software, so we had to rewrite our train schedule management program in Rust. Thanks Joe Biden. Because of government compliance, the program is completely memory safe.
ncat --ssl rustyptrs.chal.uiuc.tf 1337
398 Passengers 143 Solves Author: Nikhil
You can't escape this fortress of security.
ncat --ssl syscalls.chal.uiuc.tf 1337
496 Passengers 8 Solves Author: YiFei Zhu
I made it harder ;)
Hint: It's not a bug, it's a feature!
socat file:$(tty),raw,echo=0 openssl:syscalls-2.chal.uiuc.tf:1337
454 Passengers 75 Solves Author: Pete, Julie
Can you turn on the backup generator for the SIGPwny Transit Authority?
ncat --ssl backup-power.chal.uiuc.tf 1337
461 Passengers 65 Solves Author: Akhil
i'm tired of hearing all your complaints. pwnymalloc never complains.
ncat --ssl pwnymalloc.chal.uiuc.tf 1337
A group of students who don't like to do things the "conventional" way decided to come up with a CyberSecurity Blog post. You've been hired to perform an in-depth whitebox test on their web application. äøē¾¤äøåę¬¢ēØ "ä¼ ē» "ę¹å¼åäŗēå¦ēå³å®ę°åäøēÆē½ē»å®å Øå客ęē« ćä½ åéåƹä»ä»¬ēē½ē»åŗēØēØåŗčæč”ę·±å „ēē½ēęµčÆć
Author: n00b.master. ä½č ļ¼n00b.master.
Well the last time they made a big mistake with the flag endpoint, now we don't even have it anymore. It's time for a second pentest for some new functionality they have been working on. äøꬔä»ä»¬åØęåøē«Æē¹äøēÆäŗ大éļ¼ē°åØę们ēč³čæęåøē«Æē¹é½ę²”ęäŗć ē°åØęÆåƹä»ä»¬äøē“åØå¼åēäøäŗę°åč½čæč”ē¬¬äŗꬔäŗ锹ęµčÆēę¶åäŗć
Author: n00b.master. ä½č ļ¼n00b.master.
The evil hex bug has taken over our administrative interface of our application. It seems that the secret we used to protect our authentication was very easy to guess. We need to get it back! éŖę¶ēå č§å½¢ bug å·²ē»å ę®äŗę们åŗēØēØåŗēē®”ēēé¢ćēę„ļ¼ę们ēØę„äæę¤čŗ«ä»½éŖčÆēē§åÆå¾å®¹ęč¢«ēå°ćę们éč¦ęå®ę¾åę„ļ¼
Author: richighimi ä½č ļ¼ richighimi
https://i-am-confusion.2024.ductf.dev:30001
Visit our sanctuary to hear the sounds of the Kookaburras! åč§ę们ēäæę¤åŗļ¼čå¬ Kookaburras ē声é³ļ¼
Author: hashkitten ä½č ļ¼ååøå°ē«
https://web-sniffy-d9920bbcf9df.2024.ductf.dev
Deez nutz
Hah got em
...
Oh by the way I love using my new microservice parsing these arrest reports to PDF é”ŗä¾æčÆ“äøå„ļ¼ęå¾åę¬¢ēØęēę°å¾®ęå”å°čæäŗé®ęę„åč§£ęę PDF ę ¼å¼
The evil bot (2024) éŖę¶ęŗåØäŗŗļ¼2024ļ¼
Author: ghostccamm ä½č : ghostccamm
https://web-hah-got-em-20ac16c4b909.2024.ductf.dev
The big bad bot got a bit lonely after a hard day of work and made a Web Artificial Intelligence Firewall Utiliy (WAIFU) to talk with and block hacking attempts. č¾č¦å·„ä½äŗäø天ē大åčęŗåØäŗŗęē¹åÆåÆļ¼äŗęÆå¶ä½äŗäøäøŖē½ē»äŗŗå·„ęŗč½é²ē«å¢å·„å ·å ļ¼WAIFUļ¼ę„äøé»å®¢åƹčÆ并é»ę¢é»å®¢ēå „ä¾µä¼å¾ć
Can you bypass the bot's WAIFU? ä½ č½ē»čæęŗåØäŗŗē WAIFU åļ¼
Important Note éč¦čÆ“ę
Use 127.0.0.1 (not localhost) instead of container names (the ports the services are listening on are the same). ä½æēØ 127.0.0.1 ļ¼čäøęÆ localhostļ¼ä»£ęæ容åØåē§°ļ¼ęå”ēå¬ēē«Æå£ēøåļ¼ć Author: ghostccamm ä½č : ghostccamm
The bug had a microservice for conveting JSON to YAML to assist with processing prisoners it has captured. čÆ„éčÆÆęäøäøŖå¾®ęå”ļ¼ēØäŗå° JSON č½¬ę¢äøŗ YAMLļ¼ä»„åå©å¤ēęč·ēåēÆć
Can you try to find a way to hack this microservice so we can get an initial foothold into the bug's prison system? ä½ č½ę³åę³é»čæčæäøŖå¾®ęå”åļ¼čæę ·ę们就č½åØč«åēēē±ē³»ē»äøę¾å°ęåēē«č¶³ē¹ć
Author: ghostccamm ä½č : ghostccamm
Easy 容ę Welcome to Emoji Stack, the brand new stack based emoji language! Instead of other stack based turing machines that use difficult to read and challenging characters like + - and [], Emoji Stack uses our proprietary patent pending emoji system. ę¬¢čæä½æēØ Emoji Stackļ¼čæęÆäøē§å Øę°ēåŗäŗå ę ēč”Øę ē¬¦å·čÆčØļ¼Emoji Stack ä½æēØę们äøęēę£åØē³čÆ·äøå©ēč”Øę ē¬¦å·ē³»ē»ļ¼čäøęÆå ¶ä»åŗäŗå ę ēå¾ēµęŗä½æēØé¾ä»„é čÆ»äøå ·ęęęę§ēåē¬¦ļ¼å¦ + - å [ļ¼ć
The details of our implentation is below: ę们å®ę½ēčƦē»äæ”ęÆå¦äøļ¼
š: Move the stack pointer one cell to the right š ļ¼å°å ę ęéåå³ē§»åØäøäøŖåå ę ¼ š: Move the stack pointer one cell to the lef š ļ¼å°å ę ęéå lef ē§»åØäøäøŖåå ę ¼ š: Increment the current cell by one, bounded by 255 š ļ¼å°å½ååå ę ¼éå¢ 1ļ¼ä»„ 255 äøŗē š: Decrement the current cell by one, bounded by 0 š ļ¼å°å½ååå ę ¼å 1ļ¼ä»„ 0 äøŗē š¬: Print the ASCII value of the current cell š¬ ļ¼ęå°å½ååå ę ¼ē ASCII å¼ š##: Repeat the previous instruction 0x## times š ##ļ¼éå¤åé¢ēę令 0x## ꬔ The Emoji Stack is 256 cells long, with each cell supporting a value between 0 - 255. č”Øę ē¬¦å·å ę éæåŗ¦äøŗ 256 äøŖåå ę ¼ļ¼ęÆäøŖåå ę ¼ęÆę 0 - 255 ä¹é“ēå¼ć
As an example, the program "šš47š¬ššš68š¬ššš20š¬" Would output "Hi!" with the following execution flow: ä¾å¦ļ¼ēØåŗ āšš47š¬ššš68š¬ššš20š¬ā å°č¾åŗ āHiļ¼āļ¼ę§č”ęµēØå¦äøļ¼
[0, 0, 0, 0] šš47
[0x48, 0, 0, 0] š¬š: H
[0x48, 0, 0, 0] šš68
[0x48, 0x69, 0, 0] š¬š: i
[0x48, 0x69, 0, 0] šš20
[0x48, 0x69, 0x21, 0] š¬: !
Flag format: CACI{.} ę åæę ¼å¼ļ¼CACI{.}
Author: CACI ä½č ļ¼ CACI
Easy 容ę How many layers are on your pancakes? ä½ ēē 鄼äøęå¤å°å±ļ¼
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
nc chal.pctf.competitivecyber.club 9001
Beginner åå¦č Let's Warm up. Spartan's wanted to create their own ASIC, to secure doors. One of the spy was able to extract the simulation file, can you find the password to the door? 让ę们ēčŗ«äøäøćSpartan's åøęåå»ŗčŖå·±ē ASICļ¼ä»„äæę¤éØēå®å Øćå ¶äøäøåé“č°č½å¤ęåä»æēę件ļ¼ä½ č½ę¾å°éØå£ēåÆē åļ¼
Note: The spaces are _ ę³Øęļ¼ē©ŗę ¼äøŗ _
Author: Databuoy ä½č ļ¼ Databuoy
Easy 容ę Hey, I have made a terminal that only uses echo, can you find the flag? åæļ¼ęåäŗäøäøŖåŖēØ echo ēē»ē«Æļ¼ä½ č½ę¾å° flag åļ¼
Author: Ryan Wong (shadowbringer007) ä½č ļ¼ Ryan Wong ļ¼shadowbringer007ļ¼
nc chal.competitivecyber.club 3333
Medium äøē Back by popular demand, V2 of EmojiStack is ready to release! Following user feedback, we've made some changes to how things work: åŗ大ä¼éę±ļ¼EmojiStack V2 å·²åå¤å„½ååøļ¼ę ¹ę®ēØę·åé¦ļ¼ę们åƹčæä½ę¹å¼čæč”äŗäøäŗę“ę¹ļ¼
It was pointed out that EmojiStack wasn't actually turing complete, and was instead just "A really dumb markup language." To remedy this, we've added three new commands for execution control, please see details below. Sticking with our philosophy of readability, we figured that hex numbers are too complicated and have decided to switch to easily read emoji representations. Numbers will now be encoded in base 12 from š to š. Example: š5f --> šššš For our second release, it only seemed fair to add a second stack dimension! Emoji Stack now supports a 255x255 grid of cells. With the addition of two dimensional stacks, a good idea fairy said it might be cool to represent stack states using images. The state of the stack is now saved as a 255x255 8 bit grey scale image to allow for the pre-initialization of the stack. Images are stored raster-scan order with 0,0 being the top left of the image. ęäŗŗęåŗļ¼EmojiStack å®é äø并äøęÆå¾ēµå®å¤ēļ¼čåŖęÆāäøē§éåøøęč ¢ēę č®°čÆčØāćäøŗäŗč§£å³čæäøŖé®é¢ļ¼ę们귻å äŗäøäøŖēØäŗę§č”ę§å¶ēę°å½ä»¤ļ¼čÆ·åé äøé¢ēčƦē»äæ”ęÆćåęę们ēåÆčÆ»ę§ēåæµļ¼ę们认äøŗåå čæå¶ę°åå¤Ŗå¤ęäŗļ¼å ę¤å³å®ę¹ēØęäŗé čÆ»ēč”Øę ē¬¦å·č”Øē¤ŗćę°åē°åØå°ä»„ 12 čæå¶ē¼ē ļ¼ä» š å° š ćē¤ŗä¾ļ¼š5f --> šššš åƹäŗę们ēē¬¬äŗäøŖēę¬ļ¼ę·»å ē¬¬äŗäøŖå ę ē»“åŗ¦ä¼¼ä¹ęÆå ¬å¹³ēļ¼Emoji Stack ē°åØęÆę 255x255 ēåå ę ¼ē½ę ¼ćéēäŗē»“å ę ēę·»å ļ¼äøäøŖ儽äø»ę Fairy čÆ“ä½æēØå¾åč”Øē¤ŗå ę ē¶ęåÆč½ä¼å¾é ·ćå ę ēē¶ęē°åØäæåäøŗ 255x255 8 ä½ē°åŗ¦å¾åļ¼ä»„å č®øå ę ēé¢åå§åćå¾åęå ę ę«ęé”ŗåŗååØļ¼0,0 ęÆå¾åēå·¦äøč§ć
Commands å½ä»¤
š: Move the stack pointer one cell to the right š ļ¼å°å ę ęéåå³ē§»åØäøäøŖåå ę ¼ š: Move the stack pointer one cell to the left š ļ¼å°å ę ęéåå·¦ē§»åØäøäøŖåå ę ¼ š: Move the stack pointer one cell upwards š ļ¼å°å ę ęéåäøē§»åØäøäøŖåå ę ¼ š: Move the stack pointer one cell downwards š ļ¼å°å ę ęéåäøē§»åØäøäøŖåå ę ¼ š: Increment the current cell by one, bounded by 255 š ļ¼å°å½ååå ę ¼éå¢ 1ļ¼ä»„ 255 äøŗē š: Decrement the current cell by one, bounded by 0 š ļ¼å°å½ååå ę ¼å 1ļ¼ä»„ 0 äøŗē š¬: Print the ASCII value of the current cell š¬ ļ¼ęå°å½ååå ę ¼ē ASCII å¼ š: Read one character of ASCII and store it in the current cell š ļ¼čÆ»å ASCII ēäøäøŖåē¬¦å¹¶å°å ¶ååØåØå½ååå ę ¼äø š«ø: If the current cell is zero, jump to the next instruction after the respective š«· š«ø ļ¼å¦ęå½ååå ę ¼äøŗé¶ļ¼åč·³č½¬å°ēøåŗ š«· š«·: If the current cell is non-zero, jump back to the respective š«ø š«· ļ¼å¦ęå½ååå ę ¼äøŗéé¶ļ¼åč·³åēøåŗē š«ø š###: Repeat the previous instruction ## times š ###ļ¼ éå¤åé¢ēę令 ## ꬔ Flag format: CACI{.} ę åæę ¼å¼ļ¼CACI{.}
Author: CACI ä½č ļ¼ CACI
Easy 容ę They said they added a layer of encryption, do you think you can still get in? ä»ä»¬čÆ“ä»ä»¬å¢å äŗäøå±å åÆļ¼ä½ č§å¾ä½ čæč½čæå»åļ¼
Author: Databuoy ä½č ļ¼ Databuoy
Medium äøē Not much of a backstory here... there is an embedded flag in here somewhere, your job is to find it. čæéę²”ęå¤Ŗå¤ēčęÆę äŗ......čæéēęäøŖå°ę¹ęäøäøŖåµå „å¼ę åæļ¼ä½ ēå·„ä½ęÆę¾å°å®ć
Author: David Morgan (r0m) ä½č ļ¼ David Morgan ļ¼r0mļ¼
Medium äøē We built secure vault to store our secret flag but somehow got the blueprint of the vault leaked.Can you help us to retrieve the secret flag from the vault? ę们ęå»ŗäŗå®å Øēäæé©åŗę„ååØę们ēē§åÆę åæļ¼ä½äøē„ä½ę ļ¼äæé©åŗēčå¾ę³é²äŗćęØč½åø®ę们ä»äæé©åŗäøę£ē“¢ secret ę åæåļ¼
Author: _jungbahadurrana ä½č ļ¼ _jungbahadurrana
Medium äøē A disgruntled timekeeper here at Bell Labs recently exfiltrated some data from our network. The crappy network down there might have caused enough errors to make it useless... right? č“å°å®éŖ室 ļ¼Bell Labsļ¼ ēäøä½åæęäøę»”ēč®”ę¶åęčæä»ę们ēē½ē»äøę³é²äŗäøäŗę°ę®ćé£éēč¹©čē½ē»åÆč½å·²ē»é ęäŗč¶³å¤å¤ēéčÆÆļ¼ä½æå ¶ęÆ«ę ēØå¤......å³ļ¼
Author: Shiloh Smiles (arcticx) ä½č ļ¼ Shiloh Smiles ļ¼arcticxļ¼
Beginner åå¦č I spent a couple of hours with ???; now I am the world's best cryptographer!!! note: the flag contents will just random chars-- not english/leetspeak ęč±äŗå äøŖå°ę¶å???åØäøčµ·;ē°åØęęÆäøēäøę儽ēåÆē å¦å®¶!!ę³Øęļ¼ę åæå 容å°åŖęÆéęŗåē¬¦ - čäøęÆ English/LeetSpeak
Cipher Text: QRVWUFdWEUpdXEVGCF8DVEoYEEIBBlEAE0dQAURFD1I= åÆęļ¼ QRVWUFdWEUpdXEVGCF8DVEoYEEIBBlEAE0dQAURFD1I=
Please wrap the flag with pctf{}. čÆ·ēØ pctf{} å°ę åæę¬čµ·ę„ć
Author: sans909 ä½č ļ¼ sans909
Beginner åå¦č I heard choosing a small value for e when creating an RSA key pair is a bad idea. So I switched it up! ęå¬čÆ“åØåå»ŗ RSA åÆé„åƹę¶äøŗ e éę©č¾å°ēå¼ęÆäøäøŖåäø»ęćę仄ęęå®ę¢äŗļ¼
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
Medium äøē You love to order the same flag every day, but I want a flag as well. How about this, I'll split it with you. I'll take half the bits at random and flip them, keeping them all to myself! No worries, you still have half <3 ęØåę¬¢ęÆå¤©č®¢č“åäøé¢ęåøļ¼ä½ęä¹ę³č¦äøé¢ęåøćčæäøŖęä¹ę ·ļ¼ęč·ä½ å¹³åćęä¼éęŗęæåŗäøåēęÆē¹ļ¼ē¶åēæ»č½¬å®ä»¬ļ¼ęå®ä»¬é½ēē»čŖå·±ļ¼äøēØę åæļ¼ä½ čæęäøåē <3
Author: Samantha Hayden (shayden1337) ä½č ļ¼ Samantha Hayden ļ¼shayden1337ļ¼
Medium äøē We recieved word that a criminal APT had developed their own method for generating secure asymmetric encryption keys. We were able to intercept emails between the group including encrypted comms, and a 7zip file. All we managed to find in the 7zip file they sent out was their public key, and the key generator. Can you decrypt the comms? ę们ę¶å°ę¶ęÆļ¼äøäøŖēÆē½Ŗē APT å·²ē»å¼åäŗčŖå·±ēę¹ę³ę„ēęå®å Øēéåƹē§°å åÆåÆé„ćę们č½å¤ę¦ęŖčÆ„ē»ä¹é“ēēµåé®ä»¶ļ¼å ę¬å åÆéäæ”å 7zip ę件ćę们åØä»ä»¬åéē 7zip ę件äøč®¾ę³ę¾å°ēåŖęÆä»ä»¬ēå ¬é„ååÆé„ēęåØćä½ č½č§£åÆéäæ”åļ¼
pycryptodome v3.20.0
Flag format: CACI{} ę åæę ¼å¼ļ¼CACI{}
Author: CACI ä½č ļ¼ CACI
Easy 容ę I heard one-time pads are unbreakable. ęå¬čÆ“äøꬔę§å«åęÆē¢äøåÆē “ēć
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
Hard ē”¬ Unfortunately, some bad actor got into our last secure channel. This time we've come up with better implementation. Can you access the secured secure console? äøå¹øēęÆļ¼äøäŗäøčÆč”äøŗč čæå „äŗę们ēęåäøäøŖå®å Øééćčæäøꬔļ¼ę们ęåŗäŗę“儽ēå®ē°ćęØč½å¦č®æé®å®å Øę§å¶å°ļ¼
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
Expert äø家 Forge your way through cryptographic deception and impersonate with precision in this challenge! éčæå åÆę¬ŗéŖéÆåŗäøę”č·Æļ¼å¹¶åØę¤ęęäøē²¾ē”®åå ļ¼
Author: c15c01337 ä½č ļ¼ c15c01337
nc chal.competitivecyber.club 6003
medium äøē We found this image that was partially encrypted. We were able to recover the script used to encrypt it, but it was partially encrypted too. We have given you the image and the intelligible part of the script. Please decrypt the image. Note: Forensic evidence indicates that the image was created on August 26th, 2024 at 21:43:20 UTC. ę们åē°äŗčæå¼ éØåå åÆēå¾ēćę们č½å¤ę¢å¤ēØäŗå åÆå®ēčę¬ļ¼ä½å®ä¹č¢«éØåå åÆäŗćę们已ē»äøŗęØęä¾äŗčę¬ēå¾åååÆēč§£ēéØåćčÆ·č§£åÆå¾åćę³Øęļ¼ę³å»čÆę®č”Øęļ¼čÆ„å¾ååå»ŗäŗ 2024 幓 8 ę 26 ę„ 21ļ¼43ļ¼20 UTCć
Author: James Crowley (zephyrone3956) ä½č ļ¼ James Crowley ļ¼zephyrone3956ļ¼
Medium äøē I got sick of people breaking our encryption, so I came up with this custom scrambler program. You have a 0% chance of cracking this one! I even encoded the log! ęåå¦äŗäŗŗ们ē “č§£ę们ēå åÆļ¼ę仄ęę³åŗäŗčæäøŖčŖå®ä¹ē scrambler ēØåŗćä½ ę 0% ēęŗä¼ē “č§£čæäøŖļ¼ęä»č³åƹę„åæčæč”äŗē¼ē ļ¼
Author: salochi ä½č ļ¼ salochi
Easy 容ę We've got some reports about information being sent out of our network. Can you figure out what message was sent out. ę们ę¶å°äŗäøäŗå ³äŗä»ę们ēē½ē»åéåŗå»ēäæ”ęÆēę„åćęØč½å¼ęø ę„ååŗäŗä»ä¹ę¶ęÆåļ¼
Author: Ryan Wong (shadowbringer007) ä½č ļ¼ Ryan Wong ļ¼shadowbringer007ļ¼
Easy 容ę Nothing is more dangerous than a bad guy that used to be a good guy. Something's going on... please talk with our incident response team. ę²”ęä»ä¹ęÆäøäøŖę¾ē»ęÆ儽äŗŗēåäŗŗę“å±é©ēäŗćåēäŗä»ä¹äŗ......čÆ·äøę们ēäŗ件ååŗå¢éčē³»ć
Author: elbee3779 ä½č ļ¼ elbee3779
nc chal.competitivecyber.club 10001
Medium äøē We have recently suffered a data breach, and we need help figuring out if any data was stolen. Can you investigate this pcap file and see if there is any evidence of data exfiltration and if possible, what was stolen. ę们ęčæéåäŗäøꬔę°ę®ę³é²ļ¼ę们éč¦åø®å©ę„ē”®å®ęÆå¦ęä»»ä½ę°ę®č¢«ēćęØč½å¦č°ę„ę¤ pcap ę件ļ¼å¹¶ę„ēęÆå¦ęä»»ä½ę°ę®ę³é²ēčÆę®ļ¼å¦ęåÆč½ļ¼čÆ·ę„ēč¢«ēå 容ć
Author: AJ Hoepfner (greatvaluerice) ä½č ļ¼ AJ Hoepfner ļ¼greatvaluericeļ¼
Hard ē”¬ These J.G. Wentworth ads are getting out of hand! Now we're evem getting reports that they're using malware to try and get people cash for their structured settlements! Luckily, we were able to capture some network traffic of this c2 beacon, along with the binary and a memory capture of the running process. Unfortunately, it seems like the c2 agent contains no static keys and instead generates them at run time. Can you decrypt their comms? čæäŗ J.G. Wentworth ēå¹æåę£åØ失ę§ļ¼ē°åØę们ę¶å°ę„åļ¼ä»ä»¬ę£åØä½æēØę¶ęč½Æ件čÆå¾č®©äŗŗ们äøŗä»ä»¬ēē»ęåē»ē®č·åē°éļ¼å¹øčæēęÆļ¼ę们č½å¤ęč·ę¤ c2 äæ”ę ēäøäŗē½ē»ęµéļ¼ä»„åę£åØčæč”ēčæēØēäŗčæå¶ę件åå åęč·ćéę¾ēęÆļ¼c2 代ēä¼¼ä¹äøå å«éęåÆé„ļ¼čęÆåØčæč”ę¶ēęå®ä»¬ćä½ č½č§£åÆä»ä»¬ēéäæ”åļ¼
Author: Matthew Johnson (meatball5201) ä½č ļ¼ Matthew Johnson ļ¼meatball5201ļ¼
Easy 容ę I really need help with my budget. Let's see if there's anything you can do with my current situation! ęēēéč¦é¢ē®ę¹é¢ēåø®å©ć让ę们ēēä½ ęÆå¦åÆ仄åƹęē®åēę åµåäŗä»ä¹ļ¼
Author: Shiloh Smiles (arcticx) ä½č ļ¼ Shiloh Smiles ļ¼arcticxļ¼
Hard ē”¬ An overseas branch of our company was almost hit by an attack from a well-known ransomeware group, but it seemed their final payload failed. We found a suspicious drive on premises, as well as a common string in our logs: PCTF{d)zn+d$+zqbb!t+h)!#+if+y)u+zi!l}. Can you help us figure out what this payload might have been? ęä»¬å ¬åøēęµ·å¤åå ¬åøå ä¹éå°ę„čŖē„ååē“¢č½Æ件ē»ē»ēę»å»ļ¼ä½ä»ä»¬ēęē»ęęč½½č·ä¼¼ä¹å¤±č“„äŗćę们åØę¬å°åē°äŗäøäøŖåÆēē驱åØåØļ¼å¹¶åØę们ēę„åæäøåē°äŗäøäøŖåøøč§ēåē¬¦äø²ļ¼ PCTF{d)zn+d$+zqbb!t+h)!#+if+y)u+zi!l} ćęØč½åø®ę们å¼ęø ę„čæäøŖęęč½½č·åÆč½ęÆä»ä¹åļ¼
Author: Shiloh Smiles (arcticx) ä½č ļ¼ Shiloh Smiles ļ¼arcticxļ¼
Medium äøē I was told to never write down my passwords on a sticky note, so instead I wrote them down on my computer! ęč¢«åē„ę°øčæäøč¦ęåÆē ååØä¾æå©č““äøļ¼ę仄ęęåÆē ååØäŗēµčäøļ¼
Author: Txnner ä½č ļ¼ Txnner
Medium äøē We have recently discovered tons of traffic leaving our network. We have reason to believe they are using an abnormal method. Can you figure out what data they are exfiltrating? ę们ęčæåē°ę大éęµéē¦»å¼ę们ēē½ē»ćę们ęēē±ēøäæ”ä»ä»¬ä½æēØēęÆäøę£åøøēę¹ę³ćęØč½å¼ęø ę„ä»ä»¬ę³é²äŗåŖäŗę°ę®åļ¼
Author: Ryan Wong (ShadowBringer) ä½č ļ¼Ryan Wong ļ¼ShadowBringerļ¼
Easy I bet you can't access my notes on giraffes! ęę¢ęčµä½ ę ę³č®æé®ęå ³äŗéæé¢é¹æēē¬č®°ļ¼
http://chal.competitivecyber.club:8081
Flag format: CACI
Author: CACI
Medium One may not be the one they claim to be. äøäøŖäŗŗåÆč½äøęÆä»ä»¬å£°ē§°ēé£äøŖäŗŗć
http://chal.competitivecyber.club:9999/
Author: _jungbahadurrana
Easy Does the CLI listen to magic? CLI ęÆå¦ēå¬ magicļ¼
http://chal.competitivecyber.club:13336
Flag format: CACI{.*}
Author: CACI
Medium äøē I love face-book and I love to share my photos with my friends. ęåę¬¢ face-bookļ¼ęåę¬¢äøęååäŗ«ęēē §ēć
http://chal.competitivecyber.club:9090
Author: Kiran Ghimire (sau_12) ä½č ļ¼ Kiran Ghimire ļ¼sau_12ļ¼
Expert äø家 Kiran Ghimire feigned ignorance and said he had no idea what the flag was. Kiran Ghimire åč£ äøē„éčæé¢ęåøęÆä»ä¹ć
http://chal.competitivecyber.club:8090
Author: Kiran Ghimire (sau_12) ä½č ļ¼ Kiran Ghimire ļ¼sau_12ļ¼
Medium äøē Woof woof å
http://chal.competitivecyber.club:7777
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
Medium äøē blob says: blob blob čÆ“ļ¼ blob
http://chal.competitivecyber.club:3000
Flag format: CACI{.} ę åæę ¼å¼ļ¼CACI{.}
Author: CACI ä½č ļ¼ CACI
Medium äøē knock knock... å......
http://chal.competitivecyber.club:1337
Author: sans909 ä½č ļ¼ sans909
Medium äøē nom nom nom nom ļ¼äøē®”ļ¼
http://chal.competitivecyber.club:3002/
Author: sans909 ä½č ļ¼ sans909
Beginner åå¦č Peel back the shell, unless you eat shrimp with the shell. å„ę壳ļ¼é¤éä½ ååø¦å£³ēč¾ć
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
nc chal.competitivecyber.club 8884
Easy 容ę Welcome to navigator! You can change stuff, view stuff and THAT'S IT. ę¬¢čæę„å° navigatorļ¼ä½ åÆ仄ę¹åäøč„æļ¼ę„ēäøč„æļ¼å°±ęÆčæę ·ć
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
nc chal.competitivecyber.club 8887
Easy 容ę I hope you're good at shellcoding... ęåøęä½ ę éæ shellcoding...
Author: Danyaal (draz0x7) ä½č ļ¼ Danyaal ļ¼draz0x7ļ¼
nc chal.competitivecyber.club 3004
Good luck doing something with just strings. I even got rid of the tcache because I heard that makes things easy. ē„ä½ å„½čæļ¼åŖēØē“弦åäøäŗäŗę ćęä»č³å»ęäŗ tcacheļ¼å äøŗęå¬čÆ“čæ让äŗę åå¾ē®åć
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
nc chal.competitivecyber.club 3004
Medium äøē Easy flights just got easier. Add your own logs and scripts to our flight console, now leakless! č½»ę¾ēé£č”åå¾ę“å č½»ę¾ćå°ęØčŖå·±ēę„åæåčę¬ę·»å å°ę们ēé£č”ę§å¶å°ļ¼ē°åØę ę³ę¼ļ¼
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
nc chal.competitivecyber.club 8885
Hard ē”¬ We made a project for our Intro to Networking class! I hope you use it to make the internet a more secure place :) ę们äøŗę们ēē½ē»å „éØčƾēØå¶ä½äŗäøäøŖ锹ē®ļ¼ęåøęęØä½æēØå®ę„ä½æäŗčē½ęäøŗäøäøŖę“å®å Øēå°ę¹:)
Author: Shiloh Smiles (arcticx) and Dylan (elbee3779) ä½č ļ¼Shiloh Smiles ļ¼arcticxļ¼ å Dylan ļ¼elbee3779ļ¼
nc chal.competitivecyber.club 5001
Expert äø家 My kernel is your kernel. Well, some of it. Here's ioctl. ęēå ę øå°±ęÆä½ ēå ę øćåÆļ¼å ¶äøäøéØåćčæęÆ ioctlć
Note: Only one connection per user. Compile off the box. ę³Øęļ¼ęÆäøŖēØę·åŖč½ęäøäøŖčæę„ćå¼ē®±å³ēØć
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
nc chal.competitivecyber.club 8886
Expert äø家 XSS is hard! Let's get some practice in with a javascript REPL first XSS å¾é¾ļ¼č®©ę们å ē»ä¹ äøäø javascript REPL
(flag is at /flag.txt, d8 is built off tag 11.9.99) ļ¼ę åæä½äŗ /flag.txtļ¼D8 åŗäŗę ē¾ 11.9.99 ęå»ŗļ¼
Author: cursedCTF ä½č ļ¼ cursedCTF
nc chal.competitivecyber.club 8889
Easy 容ę We've been after a notorious skiddie who took the "Is it possible to have a completely secure computer system" question a little too literally. After he found out we were looking for them, they moved to live at the bottom of the ocean in a concrete box to hide from the law. Eventually, they'll have to come up for air...or get sick of living in their little watergapped world. They sent us this message and executable. Please get their password so we can be ready. ę们äøē“åØčæ½åÆ»äøäøŖčåęčēę»ēؽč ļ¼ä»åƹāęÆå¦ęåÆč½ę„ęäøäøŖå®å Øå®å Øēč®”ē®ęŗē³»ē»āēé®é¢ęē¹čæäŗåé¢åćåØä»åē°ę们åØę¾ä»ä»¬åļ¼ä»ä»¬ę¬å°äŗęµ·åŗēę··ååēåéēę“»ļ¼ä»„čŗ²éæę³å¾ćęē»ļ¼ä»ä»¬å¾äøę„å¼åøē©ŗę°......ęč åå¦äŗēę“»åØä»ä»¬ēå°ę°“éäøēéćä»ä»¬åę们åéäŗę¤ę¶ęÆååÆę§č”ę件ćčÆ·č·åä»ä»¬ēåÆē ļ¼ä»„ä¾æę们å儽åå¤ć
"Mwahahaha you will nOcmu{9gtufever crack into my passMmQg8G0eCXWi3MY9QfZ0NjCrXhzJEj50fumttU0ympword, i'll even give you the key and the executable:::: Zfo5ibyl6t7WYtr2voUEZ0nSAJeWMcN3Qe3/+MLXoKL/p59K3jgV" āåååååļ¼ä½ ä¼nOcmu{9gtufeverē “č§£ęēéč”čÆMmQg8G0eCXWi3MY9QfZ0NjCrXhzJEj50fumttU0ympwordļ¼ęēč³ä¼ē»ä½ åÆé„ååÆę§č”ę件ļ¼ļ¼ļ¼ļ¼ Zfo5ibyl6t7WYtr2voUEZ0nSAJeWMcN3Qe3/+MLXoKL/p59K3jgVā
Author: zephyrone3956 ä½č ļ¼ zephyrone3956
Easy 容ę Can you unlock the secret formula? ä½ č½č§£å¼ē§åÆé ę¹åļ¼
Author: Shiloh Smiles (arcticx) ä½č ļ¼ Shiloh Smiles ļ¼arcticxļ¼
Easy 容ę As you delve deeper into the tomb in search of answers, you stumble upon a puzzle room, its floor entirely covered in pressure plates. The warnings of the great necromancer, who hid his treasure here, suggest that one wrong step could lead to your doom. å½ä½ ę·±å „åå¢åÆ»ę¾ēę”ę¶ļ¼ä½ å¶ē¶åē°äŗäøäøŖč°é¢å®¤ļ¼å®ēå°ęæå®å Øč¢«ååęæč¦ēćå°å®ččåØčæéēä¼å¤§ę»ēµę³åøēč¦åč”Øęļ¼äøę„éčÆÆå°±åÆč½åƼč“ä½ ēåčæć
You enter from the center of the eastern wall. Although you suspect youāre missing a crucial clue to guide your steps, youāre confident that everything you need to safely navigate the traps is already within reach. ęØä»äøå¢ēäøåæčæå „ćå°½ē®”ęØęēčŖå·±ē¼ŗå°ęåƼęØę„éŖ¤ēå ³é®ēŗæē“¢ļ¼ä½ęØē”®äæ”å®å Øē©æč¶é·é±ęéēäøåå·²ē»č§¦ęåÆåć
At the center of the room lies the key to venturing further into the tomb, along with the promise of powerful treasures to aid you on your quest. Can you find the path, avoid the traps, and claim the treasure (flag) on the central platform? ęæé“ēäø央ęÆčæäøę„åé©čæå „åå¢ēå ³é®ļ¼ä»„åå¼ŗ大ēå®čę„åø®å©ęØå®ęä»»å”ēęæčÆŗćä½ č½ę¾å°č·Æå¾ļ¼éæå¼é·é±ļ¼å¹¶åØäø央平å°äøé¢åå®čļ¼ęåøļ¼åļ¼
Author: Christopher Roberts (caffix) ä½č ļ¼ Christopher Roberts ļ¼caffixļ¼
Easy 容ę I encrypted a file with a secret flag, but now I can't seem to figure out how to decrypt it, can you help? ęēØē§åÆę åæå åÆäŗäøäøŖę件ļ¼ä½ē°åØęä¼¼ä¹äøē„éå¦ä½č§£åÆå®ļ¼ä½ č½åø®åæåļ¼
Author: Txnner ä½č ļ¼ Txnner
Medium äøē Find the flag hidden behind my password protected vault. Sounds easy... right? ę¾å°éčåØååÆē äæę¤ēäæé©åŗåé¢ēę åæćå¬čµ·ę„å¾å®¹ę......å³ļ¼
Author: Txnner ä½č ļ¼ Txnner
Expert äø家 Youāve hacked into a mysterious system, only to find yourself inside a virtual machine, within another virtual machine, like stepping into a never-ending hall of mirrors. The first VM interprets the encrypted bytecode, but every instruction gets passed to a deeper layer. As you explore further, each action plunges you deeper into the abyss, where time and logic twist in ways you've never imagined. ä½ ä¾µå „äŗäøäøŖē„ē§ēē³»ē»ļ¼å“åē°čŖå·±åØäøäøŖčęęŗäøļ¼åØå¦äøäøŖčęęŗäøļ¼å°±åčøå „äŗäøäøŖę°øę ę¢å¢ēéå大å ćē¬¬äøäøŖ VM č§£éå åÆēåčē ļ¼ä½ęÆę”ę令é½ä¼ä¼ éå°ę“ę·±ēå±ćéēä½ čæäøę„ę¢ē“¢ļ¼ęÆäøäøŖåØä½é½ä¼č®©ä½ ę“ę·±å°é·å „ę·±ęøļ¼ę¶é“åé»č¾ä»„ä½ ä»ęŖę³č±”čæēę¹å¼ęę²ć
Will you escape the infinite virtual prison or succumb to its endless loops? The only way out is through... all the layers. ä½ ä¼éē¦»ę éēčęēē±čæęÆå±ęäŗå®ēę éå¾ŖēÆļ¼åÆäøēåŗč·ÆęÆéčæ......ęęå¾å±ć
Author: Christopher Roberts (caffix) ä½č ļ¼ Christopher Roberts ļ¼caffixļ¼
Medium äøē You find yourself locked out of a mysterious terminal in an underground lair thatās rumored to hold the key to a treasure of unimaginable value: the flag. The terminal is powered by an ancient, quirky virtual machine that hasn't been updated since the days of dial-up internet. Your task is simple... on the surface. ä½ åē°čŖå·±č¢«éåØäøäøŖå°äøå·¢ē©“ēē„ē§ē»ē«Æä¹å¤ļ¼ę®čÆ“čæäøŖē»ē«Æęę”ēäø件价å¼é¾ä»„ę³č±”ēå®čēé„åļ¼ęåøćčÆ„ē»ē«Æē±äøäøŖå¤čćå¤ęŖēčęęŗęä¾ęÆęļ¼čÆ„čęęŗčŖęØå·äŗčē½ę¶ä»£ä»„ę„å°±ę²”ęę“ę°čæćä½ ēä»»å”å¾ē®å......åØč”Øé¢äøć
This VM is no ordinary one. Itās got an arcane stack-based architecture, four registers that feel like they've seen better days, and 16KB of memory thatās probably still running on hopes and dreams. But hereās the twist: the terminal was built by a paranoid genius who coded a secret messageāhidden deep within the memoryāwrapped in layers of logic more convoluted than the plot of a sci-fi novel. čæäøŖ VM äøęÆę®éēćå®ęäøäøŖē„ē§ēåŗäŗå ę ēę¶ęļ¼åäøŖęč§ä»ä»¬å·²ē»ēå°äŗę“儽ēę„åļ¼ä»„å 16KB ēå åļ¼åÆč½ä»åØä¾é åøęåę¢¦ę³čæč”ćä½č½¬ęē¹ęÆļ¼ē»ē«ÆęÆē±äøäøŖåę§ē天ęå»ŗé ēļ¼ä»ē¼åäŗäøę”éčåØč®°åæę·±å¤ēē§åÆäæ”ęÆļ¼å č£¹åØęÆē§å¹»å°čÆ“ēę čę“å¤ęēé»č¾å±äøć
Author: Christopher Roberts (caffix) ä½č ļ¼ Christopher Roberts ļ¼caffixļ¼
Easy 容ę I heard those tech cool buzz words use matrices. Well my (very legit) PRNG also uses matricies, can I slap AI/ML/Deep Learning on it too???? Unless??? ęå¬čÆ“é£äŗå¾é ·ēē§ęęµč”čÆä½æēØē©éµć儽å§ļ¼ęēļ¼éåøøåę³ēļ¼PRNG ä¹ä½æēØäŗ matriciesļ¼ęä¹åÆ仄åØäøé¢ä½æēØ AI/ML/Deep Learning å????é¤éļ¼ļ¼ļ¼
Author: Veryyes ä½č ļ¼ Veryyes
Medium äøē De bugs are in me walls
Author: Txnner ä½č ļ¼ Txnner
Hard ē”¬ My friend always sends me random messages before I go to sleep at night. He got tired of me asking what they meant, so he sent me the program used to make them. ęēęåę»ęÆåØęęäøē”č§åéęŗē»ęåäæ”ęÆćä»åå¦äŗęé®ä»ä»¬ęÆä»ä¹ęęļ¼ę仄ä»ęå¶ä½ä»ä»¬ēēØåŗåē»äŗęć
Author: Txnner ä½č ļ¼ Txnner
Easy 容ę We've been tracking the adversary for weeks, and he just slipped up and posted this gorgeous high-rise view on his Twitter. His caption was "awesome meeting with a gorgeous view!" Can you track down his location? ę们已ē»čæ½čøŖäŗåƹęę°åØļ¼ä»åŖęÆęŗčµ°äŗļ¼åØä»ē Twitter äøååøäŗčæå¼ åäø½ēé«å±å»ŗēćä»ēę é¢ęÆāå¾ę£ēä¼č®®ļ¼ē¾äø½ēęÆč²ļ¼ä½ č½čæ½čøŖä»ēä½ē½®åļ¼
Flag format will be PCTF{}. Not a street address. If he were in a WeWork space, it would be PCTF{wework}. ę åæę ¼å¼å°äøŗ PCTF{<å ¶ęåØå°ēåå>}ćäøęÆč”éå°åćå¦ęä»åØ WeWork ē©ŗé“ļ¼é£å°ęÆ PCTF{wework}ć
Author: Shiloh Smiles (arcticx) ä½č ļ¼ Shiloh Smiles ļ¼arcticxļ¼
Easy 容ę We have been tracking a highly suspicious submarine believed to be harboring many enemy skiddies. Unfortunately, this satellite image is rather out of date. Your mission is to locate the submarines there using a more up-to-date image, and tell us what class they are with their NATO reporting name - a letter from the NATO phonetic alphabet, spelled out. ę们äøē“åØčæ½čøŖäøčé«åŗ¦åÆēēę½čļ¼ę®äæ”čÆ„ę½ččåæäŗč®øå¤ęę¹é²ę»č¹åŖćäøå¹øēęÆļ¼čæå¼ å«ęå¾åēøå½čæę¶ćä½ ēä»»å”ęÆä½æēØę“ę°ēå¾ēę¾å°é£éēę½čļ¼å¹¶åčÆę们å®ä»¬å±äŗåŖäøŖēēŗ§ļ¼å¹¶éäøå®ä»¬ēåēŗ¦ę„ååē§° - äøäøŖę„čŖåēŗ¦ę¼é³åęÆēåęÆć
We want to know precisely where the aft end of northernmost submarine attached to the pier is. Communicate its location in three words. Include the NATO reporting name of the class of submarine in your answer. ę们ę³ē„éčæę„å°ē 夓ēęåę½čēå°¾ē«Æēē”®åä½ē½®ćēØäøäøŖčÆä¼ č¾¾å®ēä½ē½®ćåØęØēēę”äøå ę¬ę½čē±»å«ē NATO ę„ååē§°ć
Submission format: PCTF{three.position.words.class_name} Example submission: PCTF{employing.broken.imports.sierra} ęäŗ¤ę ¼å¼ļ¼PCTF{three.position.words.class_name}ęäŗ¤ē¤ŗä¾ļ¼PCTF{employing.broken.imports.sierra}
Author: James Crowley (@zephyrone3956) ä½č ļ¼ James Crowley ļ¼@zephyrone3956ļ¼
Easy 容ę We had one of our agents infiltrate an adversary's lab and photograph a gateway device that can get us access to their network. We need to develop an exploit as soon as possible. Attached is a picture of the device. Get us intel on what MCU the device is utilizing so we can continue with our research. ę们让äøåē¹å·„ę½å „åƹęēå®éŖ室ļ¼å¹¶ęęäŗäøäøŖē½å ³č®¾å¤ļ¼čÆ„č®¾å¤åÆ仄让ę们č®æé®ä»ä»¬ēē½ē»ćę们éč¦å°½åæ«å¼åäøäøŖę¼ę“å©ēØēØåŗćé件ęÆč®¾å¤ēå¾ēć让ę们äŗč§£čÆ„č®¾å¤ę£åØä½æēØē MCUļ¼ä»„ä¾æę们ē»§ē»ę们ēē ē©¶ć
Flag format: pctf{mcu_vendor_name} (example: pctf{broadcom} ę åæę ¼å¼ļ¼pctf{mcu_vendor_name}ļ¼ē¤ŗä¾ļ¼pctf{broadcom}
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
Easy 容ę It's said that a famous geocacher has left a cache on our Fairfax campus. He took this picture before disappearing into the night. Could you help us find where this picture was taken? ę®čÆ“äøä½čåē geocacher åØę们ēč“¹å°ę³å ęÆę ”åŗēäøäŗäøäøŖå®čćä»åØę¶å¤±åØå¤č²äøä¹åęäŗčæå¼ ē §ēćęØč½åø®ę们ę¾å°čæå¼ ē §ēēęęå°ē¹åļ¼
The flag is pctf{NAME_OF_STATUE} ę åæäøŗ pctf{NAME_OF_STATUE}
Author: Dylan (elbee3779) ä½č ļ¼ Dylan ļ¼elbee3779ļ¼
Beginner åå¦č This toilet gives you the best view in the at sunset, which city is this located in? Flag format will be PCTF{cityname} čæäøŖåęč®©ä½ åØę„č½ę¶åēå°ę儽ēč§éļ¼å®ä½äŗåŖäøŖååøļ¼ę åæę ¼å¼å°äøŗ PCTF{cityname}
Medium äøē How much was tuition in for GWU graduate per credit hour for the 1998-1999 school year? Flag will be amount with just a period, like PCTF{1050.75} if it were $1,050.75. 1998-1999 å¦å¹“ GWU ęÆäøēęÆå¦åēå¦č“¹ęÆå¤å°ļ¼Flag å°ęÆåŖęäøäøŖå„ē¹ēéé¢ļ¼ä¾å¦ PCTF{1050.75}ļ¼å¦ęå®ęÆ $1,050.75ć
NOTE: George Washington University, not George Mason University. ę³Øęļ¼ä¹ę²»åēé”æ大å¦ļ¼čäøęÆä¹ę²»ę¢ ę£®å¤§å¦ć
Easy 容ę There is an American military college that, famously, only has one person buried on its campus. What is the name of that person? Ignore any honorifics (such as Mr.), middle names, and spaces. ęäøęē¾å½åäŗå¦é¢ļ¼čåēęÆļ¼å®ēę ”åéåŖåč¬äŗäøäøŖäŗŗćé£äøŖäŗŗå«ä»ä¹ååļ¼åæ½ē„ä»»ä½ę¬čÆļ¼å¦ Mr.ļ¼ćäøé“ååē©ŗę ¼ć
for example, Mr. John A. Smith would be PCTF{johnsmith}. ä¾å¦ļ¼John A. Smith å ēå°ęÆ PCTF{johnsmith}ć
author: Shiloh / arcticx ä½č ļ¼ Shiloh / arcticx
Hard ē”¬ We have been tracking the leader of an international crime ring, who we believe is laundering money through his girlfriend's business. We believe he is fleeing the country under the guise of a vacation with her. All we have on her is the name "Adrianna" and some business receipts from a "Patriot Corporation LLC". Can you help us figure out where these two have gone off to? (note: there will be a real flag for this with "PCTF" and all.) ę们äøē“åØčæ½čøŖäøäøŖå½é ēÆē½Ŗå¢ä¼ē夓ē®ļ¼ę们认äøŗä»ę£åØéčæä»å„³ęåēēęę“é±ćę们ēøäæ”ä»ęÆ仄äø儹äøčµ·åŗ¦åäøŗå¹åéē¦»čÆ„å½ćę们ęę„ęēå ³äŗ儹ēåŖęÆāAdriannaāčæäøŖåååäøäŗę„čŖāPatriot Corporation LLCāēåäøę¶ę®ćęØč½åø®ę们å¼ęø ę„čæäø¤äøŖäŗŗēå»ååļ¼ļ¼ę³Øęļ¼å°ęäøäøŖēę£ēę åæļ¼å ¶äøå å« āPCTFā åęęå 容ć
Author: Shiloh Smiles {arcticx} ä½č ļ¼ Shiloh Smiles {arcticx}
In [9]: p = getPrime(128) In [10]: q = getPrime(128) In [11]: N = p*q In [12]: bytes_to_long(flag) < N Out[12]: True In [13]: print(pow(bytes_to_long(flag), 65537, N), N) 9015202564552492364962954854291908723653545972440223723318311631007329746475 51328431690246050000196200646927542588629192646276628974445855970986472407007
nonogram
When you get past the puzzle, you now face a classic encryption / old-school stego encoding. Wrap the text you find in UDCTF{TEXTHERE}.
å½ä½ č§£å³äŗčæäøŖé¾é¢åļ¼ä½ ē°åØé¢äø“ēęÆē»å
øēå åÆ/čå¼ēéåē¼ē ćå°ęØåØUDCTF{TEXTHERE}äøę¾å°ēęę¬ę¢č”ć
guess school
"Got Milk?"
-JayV
guess school
She drew this, in a language of her own invention as a puzzle for you. Pretend like you're cracking some knight's templar code in a Dan Brown novel or something. That last symbol is } and it's mirror is {.
儹ēØ儹čŖå·±åęēčÆčØē»äŗčæäøŖļ¼ä½äøŗē»ä½ ēč°é¢ćåč£
ä½ ę£åØē “č§£äø¹Ā·åøęå°čÆ“ęå
¶ä»ä½åäøēå£ę®æéŖ士åÆē ćęåäøäøŖē¬¦å·ęÆ} ļ¼å®ēéåęÆ{ ć
Made by Lexy with ā¤ļø ē± Lexy äø ā¤ļø å¶ä½
Note from ProfNinja: after playtesting I decide to photoshop in a very subtle hint, see if you can notice it... ProfNinja ēę³Øéļ¼åØęøøęęµčÆä¹åļ¼ęå³å®ä»„éåøøå¾®å¦ēę¹å¼čæč” Photoshop å¤ēļ¼ēēęØęÆå¦č½ę³Øęå°å®......
triangles
I bet you never knew about the DNA of right triangles. Found it beautiful; wrote a problem.
ęę¢ęčµä½ ä»ę„äøē„éē“č§äøč§å½¢ē DNAćåē°å®å¾ę¼äŗ®ļ¼åäŗäøäøŖé®é¢ć
-ProfNinja https://gist.github.com/AndyNovo/747a027b87924e02202436668382630d
old-school crypto
guess school
A simple little guessy crypto: Us_lnt10ns}1443{FTCDqsysp0srrr4up_t1
-ProfNinja
Thereās a secret message being HMAC-protected, but the implementation has a serious flaw. Can you recover the secret message using a side-channel attack? ęäøę”ē§åÆę¶ęÆåå° HMAC äæę¤ļ¼ä½å ¶å®ē°ååØäø„éē¼ŗé·ćęØåÆ仄ä½æēØęč·Æę»å»ę¢å¤ē§åÆę¶ęÆåļ¼
SRC: https://gist.github.com/AndyNovo/91e3c51ef47980d32ad1cde26b917ac4 -Tery nc 0.cloud.chals.io 11320
These barcodes seem to be missing something, can you help me figure it out? čæäŗę”å½¢ē ä¼¼ä¹ē¼ŗå°äøäŗäøč„æļ¼ä½ č½åø®ęę¾åŗę„åļ¼
-AcerYeung
https://gist.github.com/AndyNovo/7c172b8c5bdfcdce6c66cd0bdae53584 -Lars
In a world where secrets flutter through the air, the bluehen carries a hidden message. A message that has been salted.... however its still a message... maybe the bluehen ignores the salt. This image holds more than meets the eye. åØäøäøŖē§åÆåØē©ŗę°äøé£ę¬ēäøēéļ¼čęÆéø”ęŗåø¦ēéčēäæ”ęÆćäøę”å·²å ēēę¶ęÆā¦ā¦ē¶čå®ä»ē¶ęÆäøę”ę¶ęÆā¦ā¦ä¹č®øčęÆéø”åæ½ē„äŗēćčæå¼ å¾ēęč“å«ēęä¹čæäøę¢č”Øé¢äøęēå°ēć
shasum: e717eefe9b41212b017152756b0e640f9a4f3763 bird.jpeg
guess school
I can't seem to sleep at night... Maybe I need to dig further within. ęęäøä¼¼ä¹ę ę³å „ē”ā¦ā¦ä¹č®øęéč¦čæäøę„ęęć -pleasework.sh
guess school
A student disagreed with my pronunciation of gif. They said, snarkily, how do you pronounced Graphical Image Format. This problem is my response. äøåå¦ēäøåęęåƹ gif ēåé³ćä»ä»¬å°å»å°čÆ“ļ¼å¾å½¢å¾åę ¼å¼ęä¹åé³ćčæäøŖé®é¢ęÆęēååŗć
guess school
Some planes are flying, some planes are grounded. ęäŗé£ęŗę£åØé£č”ļ¼ęäŗé£ęŗååé£ć (大åUDCTF{}) -AcerYeung
dig
guess school
THE IMMORTAL GAME CTF
184.60.121.146:53
make your move.
MAKE YOUR MOVE. č”åØå§ć
-riiyak - éé
å
Based on playtesting: I'm prepared to give a clue if there are no solves after 18ish hours.
åŗäŗęøøęęµčÆļ¼å¦ę 18 å°ę¶åä»ę²”ęč§£å³é®é¢ļ¼ęåå¤ęä¾ēŗæē“¢ć
184.60.121.146:53
Just a classic flagchecker. åŖęÆäøäøŖē»å øēęåøę£ę„åØć
-ProfNinja -åæč ęę
(Try using dogbolt.org)
I would like to apologize for the crimes that have been committed upon humanity and the mental trauma that may ensue from the creation of this code. I take full responsibility for my actions and ask only for forgiveness as you struggle in pursuit of the flag. I have provided C source code and omitted the header that serves as the gen-z Rosetta Stone. I wish you all the best in successful completion of this problem. ęę³äøŗåƹäŗŗē±»ēÆäøēē½Ŗč”仄åå å¶å®ę¬ååčåÆč½é ęēē²¾ē„å伤č”Øē¤ŗęęćęåƹčŖå·±ēč”äøŗęæę å ØéØč“£ä»»ļ¼åŖčÆ·ę±ä½ 们åØäŗåęåøēčæēØäøå¾å°å®½ęćęęä¾äŗ C ęŗ代ē ļ¼å¹¶ēē„äŗēØä½ gen-z Rosetta Stone ēę 夓ćē„ęØäøåé”ŗå©ļ¼é”ŗå©å®ęę¤é®é¢ć
-AZR
https://spacegames3.itch.io/cut-the-flag pwd: bluehens
- Inferno
esolang
How do you even open a WORD file?
å¦ä½ęå¼ WORD ę件ļ¼
-ProfNinja
P.S. I would love to see the most beautiful solutions, DM me if you're proud of your work. PS ęå¾ę³ēå°ęę¼äŗ®ēč§£å³ę¹ę”ļ¼å¦ęęØåƹčŖå·±ēå·„ä½ęå°čŖč±Ŗļ¼čÆ·ē§äæ”ęć
esolang
If you lived in Hogwarts I bet navigating those moving stairs would feel something like this problem.
å¦ęä½ ä½åØéę ¼ę²čØļ¼ęę¢ęčµļ¼åØé£äŗē§»åØēę„¼ę¢Æäøč”čµ°ä¹ä¼ęē±»ä¼¼čæäøŖé®é¢ēęč§ć
CONTRAINT/HINT: I picked the exit point to be exactly 1337 loops through the big loop. There are nonsense flags that will say correct without that. ēŗ¦ę/ęē¤ŗļ¼ęéę©ēéåŗē¹ę°å„½ęÆ大å¾ŖēÆē 1337 äøŖå¾ŖēÆćå¦ęę²”ęčæäŗļ¼ęäŗę ęä¹ēę åæä¹ä¼čÆ“ęÆę£ē”®ēć -ProfNinja
HTTP not HTTPS HTTP äøęÆ HTTPS
('i:5259w_Wn9J_IJD9_L63_q69M6e_bbDyKDJc6S4f', 1330)
('i:5259w_Wn9J_IJD9_L6F_q69M6e_bbDyKDJc6S4f', 1331)
('j:5259w_Wn9J_IJD9_L6F_q69M6e_bbDyKDJc6S4f', 1332)
('j:5259w_Wn9J_IJD9_L6F_q69M6e_bbDyKDJc6S4f', 1333)
('k:5259w_Wn9J_IJD9_L6F_q69M6e_bbDyKDJc6S4f', 1334)
('k:5259n_Wn9J_IJD9_L6F_q69M6e_bbDyKDJc6S4f', 1335)
('l:5259n_Wn9J_IJD9_L6F_q69M6e_bbDyKDJc6S4f', 1336)
('l:5259n_Wn9J_IJD9_L6F_g69M6e_bbDyKDJc6S4f', 1337)
http://yiap.nfshost.com/esoteric/novice/novice.html
nes
guess school
Unlock the Power -Codemasters
č§£éåé - Codemasters
Flag Format altered due to limited character set: UDCTF/UPPERCASE/
ē±äŗåē¬¦éęéčę“ę¹ēę åæę ¼å¼ļ¼ UDCTF/UPPERCASE/
(Our guest author is a top speedrunner: riiyak)
Welcome to the CTF. A few notes:
* I made 10 XOR School problems, we're a uni so teaching will always be part of our CTFs. These are made as an ode to the beauty of XOR.
* Some Training problems in the main categories: Reverse, PWN, Web, and Crypto just for first-timers. Google the problem title + "CTF Writeup" and you'll find similar problems out there that you can mimic I'm sure.
* In playtesting many of the problems were fun puzzles but I can imagine someone calling them "guessy", forgive us now. I killed any that felt egregious and the others I've labelled as "guess school". Behind that label is the idea that deductive reasoning within the meta of CTFing is actuallyy a muscle. Many (very good) teams have a member that specializes in guessy problems. I think that XOR and the guess school problems cultivate a sort of "escape room" sensibility that often is overlooked in CTF training as too frustrating. I think it's valuable as a life skill but consider this a trigger warning, stay away from those ones if you tend to get frustrated.
* I tried to make sure the main categories have enough depth to chew on but not all of the main categories are equally as deep. I think PWN and WEB are maybe a little lighter than perfection but we have a ton of challenges and 12 less hours, so your WEB anchor might need to go help someone else after day 1.
* We're a student club. Every year students make problems. They are fun and quirky but this year they made a TON of forensics and misc and problems that maybe crawl over several categories. The heavy hitting teams might not love that but our deepest problems tend to get deeper and our n00b problems stay light, just the nature of undergrads. Just have fun with it.
* We pride ourselves on customer service, jump in the discord and ask questions and I'll try to teach you stuff without lessening the competitive integrity of the competition.
* Some authors used udctf{} others used UDCTF{} so bear that in mind when validating your hypotheses.
* We have a long history of a minecraft category, this year we don't. Sorry. I miss it. FSG lives on in ranked.
rubiks
š
JD (jr.)
78! - k = k - !87 Solve for k flag format is udctf{k} -ProfNinja Dedicated to Wrath of Math
Imagine if the Bee Movie happened in space š¤Æ... okay it probably wouldn't be that great because everyone would die or be wearing astronaut suits the whole time, but either way still cool to imagine!
-AcerYeung
guess school
GEJYU?<d0 go.5 Ekrpat 4bf,afZ+
-Malloc
Do you like puzzles? -The Cyber Frat (We went nuts on speed jigsaws this summer)
You scream into the void, and it responds with this...
~skyefi
Hint1:Google is your friend! This goes for many CTF problems anyways, but definitely applies here.
If you got the fake flag, you are on the right track. Follow the advice of the text directly under it...
guess school
Thres somethin backwards bout this audio... (Wrap what you find in UDCTF{})
-SpiegelHalter
guess school
Have you ever struggled to read someone's handwriting? Well, whoever created this font didn't care, have fun!
-AcerYeung
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
11010210041e125508065109073a11563b1d51163d16060e54550d19
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
xor
https://gist.github.com/AndyNovo/309325b566b2df42b984e2401fedbaab
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
xor
In [1]: xor(flag + key + hashlib.sha256(flag).hexdigest().encode(), key).hex()
Out[1]: '1a0c43191f5b15485d5a31574e4333141a5d073a0840541f560b515324001d00000c5315000e0a4e0452111618060654080154414b09165147791f1941041b07115816454b060b5e5a20094d135e101516425506420145544c18570d11541a4255125a5a5e5212470f050b5b425d1b434409034c5a19615c46465a424b151906041852415648415b5a44'
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
xor bad prng deduction meta guess school
I used an old, common, prng. Knowledge of the solvability of this problem helps you deduce...
https://gist.github.com/AndyNovo/40adab2061f6b2fd47d6ba7d765fb159
(this flag is udctf{...} not UDCTF{...})
P.S. I would never want you to think of a problem as guessy, if you think this is guessy I encourage you to reserve judgement and do this one AFTER the other ones.
HINT: Out of all the insecure PRNGs this one is the only one that can be broken using just 6 bytes mod 256 without any other insights, and it's the oldest school popular PRNG. If you pretend you have the first byte of the flag at spot i you'll get a byte mod 256 from the PRNG and can check the candidates from the prng and confirm the next character too. I know it's not too tough to validate this PRNG and the location of the flag, which also limits the list of insecure PRNGs. Once you know the prng there's only a couple ways the implementation could be done, still sensible in this context, and reasonable.
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
lambda
https://gist.github.com/AndyNovo/23d509307fc55fcebae1fd522ed04295
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
https://i8fgyps3o2.execute-api.us-east-1.amazonaws.com/default/ctrmode?pt=00
{"ciphertext": "f872c9547798b88e29b8462043948571", "probiv": "475045713653717a7936644c6d654d", "flagenc": "2cbcef061c2c4401d5bcc6c5569dab80c31daf822c0d424b2aadb5775e7c55047dd600fad942d7a32ce019da5c2edb91911cc166748fd5c4888bd030ae598968"}
crypto
In [5]: cipher = DES.new(ky, DES.MODE_OFB)
In [6]: cipher.encrypt(msg).hex()
Out[6]: 'ee73f99771135c984db42bc9e3e73148fc60add1484c4bcc1f8269b6e5b06163de5ecfe85e2049975cb333b6e1b06657c570afce64021d9e03b9789dfeea211cf368bcda780d58df00b82b9af7e4371cf375bcd4760c58df04a97881f3ef224fba62f3c237085491'
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
aes crypto
https://gist.github.com/AndyNovo/84580af56a6294ed2576366018dc557c
https://vbbfgwcc6dnuzlawkslmxvlni40zkayu.lambda-url.us-east-1.on.aws/
xor rox
In [69]: print(xor(flagmsg, flagmsg[::-1]).hex())
051c1b7f4652001b3008525d1b7f135c32160015453001551a7f0d1707167f1d1c4e0209011144134c5b005b4c1344110109024e1c1d7f1607170d7f1a55013045150016325c137f1b5d5208301b0052467f1b1c05
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
php xor web?
I could have kept going, maybe even make a pure XOR CTF but I think 10 is enough. Hope you enjoyed them.
This series of problems is called the XOR SCHOOL. For whatever reason I just love xor problems and over the years there are many that have charmed my soul. This sequence is an homage to the many many ways that xor shows up in CTFs. I hope you can see some of the beauty that I see through them. -ProfNinja
https://bluehens-phpxor.chals.io/
osint training
A famous person is selling their house. In this market, who wouldn't? Can you tell me who owns this house, and what the license plate of their "tough" car is?
äøä½åäŗŗę£åØåŗå®ä»ä»¬ēęæåćåØčæäøŖåøåŗäøļ¼č°äøę³å¢ļ¼ä½ č½åčÆęčæę ęæåēäø»äŗŗęÆč°åļ¼ä»ä»¬é£č¾āē”¬ę“¾āę±½č½¦ēč½¦ēęÆä»ä¹ļ¼
Flag format: udctf{FirstLast_licenseplate}
-Donovan
guess school north american google... not DHL
Google is your friend. č°·ęęÆä½ ēęåć
-JD (jr.)
training
It's nice to have some training problems.
-ProfNinja
https://bluehens-webstuff.chals.io/
Web...ish... -ProfNinja https://lists-of-jsons.web.app/
lambda crypto
import os
import json
import zlib
def lambda_handler(event, context):
try:
payload=bytes.fromhex(event["queryStringParameters"]["payload"])
flag = os.environ["flag"].encode()
message = b"Your payload is: %b\nThe flag is: %b" % (payload, flag)
compressed_length = len(zlib.compress(message,9))
except ValueError as e:
return {'statusCode': 500, "error": str(e)}
return {
'statusCode': 200,
'body': json.dumps({"sniffed": compressed_length})
}
It's a little more crypto than web, but I know the exploit from a web defcon talk ages ago. This is a common web exploit for network sniffers. -ProfNinja https://55nlig2es7hyrhvzcxzboyp4xe0nzjrc.lambda-url.us-east-1.on.aws/?payload=00
This DNS server reveals a secret to a special IP. Can you make it think youāre connecting from 127.0.0.1?
dig TXT flag @129.153.36.153
-JD (sr.)
guess school
Our fireplace company was all set to take off for the moon, then we had to shut it all down. All that's left is a simple landing page.
-ProfNinja
Dedicated to Nisala
https://fire.prof.ninja/
crypto NOT nonogram
Grace wrote a beautiful nonogram for us. I made a beautiful disaster from it. Nonogram? More like NOTagram, gotem
-ProfNinja
wasm rev
To uncover the flag, either win the game or reverse the game.
-JD (sr.)
https://snake-2024.pages.dev/snake.html
Straight to the point. å¼éØč§å±±ć
-ProfNinja nc 0.cloud.chals.io 16612
I heard an interview with Tame Impala where he said, "for a song to make an album, it has to have been, at some point, my favorite song ever". Well, there was at least one day when this one was my favorite CTF problem ever. -ProfNinja ęå¬čæ Tame Impala ēéč®æļ¼ä»čÆ“ļ¼ āåƹäŗå¶ä½äøč¾ēęę²ę„čÆ“ļ¼å®åæ é”»åØęäøŖę¶åęÆęęåę¬¢ēęę²āćåÆļ¼č³å°ęäø天ļ¼čæęÆęęåę¬¢ē CTF é®é¢ć
nc 0.cloud.chals.io 31782
The dude at 777 needs some help with his remote, he heard you worked in IT... so make sure you fix it, and don't break anything!! 777 ēé£äøŖ家ä¼éč¦äøäŗé„ę§åØę¹é¢ēåø®å©ļ¼ä»å¬čÆ“ä½ åØ IT éØéØå·„ä½ā¦ā¦ę仄äøå®č¦äæ®å„½å®ļ¼äøč¦ē “åä»»ä½äøč„æļ¼
-Cam nc 0.cloud.chals.io 30658
It's the same guy again, ugh, this time he needs some help with his light switch, it's been on the frits lately. åęÆåäøäøŖäŗŗļ¼åļ¼čæꬔä»éč¦äøäŗå ³äŗēµēÆå¼å ³ēåø®å©ļ¼ęčæå®å¾ē³ē³ć
-cam nc 0.cloud.chals.io 24481
She likes her hair to, be real orange... 儹åę¬¢å„¹ē夓åļ¼ēę£ēę©č²......
-ProfNinja and printf(name); nc 0.cloud.chals.io 24302
Your friend contacted you to help him with a... "problem". He found something curious when doing he's daily hacking routine. But in order to help him, you're going to need to understand what he found.
The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P1.
t should be pretty simple to know what to do from here on out. Find out as much information as you can, there must be something... right?
The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P2.
A meeting ? When is it happening, can you get more infos ?
The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P3.
An alert has rung on your friend's computer, apparently he's been monitoring for changes on the website. A new message has appeared, can you find out about it and what it means ?
The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P4.
Maybe something else can be found with your previous knowledge.
The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P5.
Another one ? What could this be about ? Please break into it !
Intelligent bruteforcing (your own script) is recommended. The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P6.
Go back to the chat room, The Admin is waiting for you.
The flag follows the format: 4T${<hex_key>}. The flag for this challenge will be annotated P6.
My friend gave me some shiny numbers, something to do with EVM or something like that. He asked me to find the value that avoids self-destructing the contract. Anyway, here what he sent me: 60075634600A5660035661DEAD020264067CCADF1E14601A57FF00
The flag is in this format: 4T${}, if the solution is decimal 4919, the flag will be 4T${0x1337}.
Kitty Kitty Bank is a decentralized bank that allows you to store your kitties in a secure way. The bank works thanks to a smart contract that you can find below. You can now go to the bank and deposit your kitties ! :3
The objective is to steal the kitties of the bank and get more than 1000 ETH on your own account.
I achieved to obtain this smart contract, but I can't understand what it does. Can you help me? The only information that I have are the followings:
The flag is cut in three parts and each part is emitted once.
The first part is emitted in raw bytes.
The second part is emitted in base85 encoding.
The last part has to be RC4 with the decoded second part.
The flag is in this format: 4T${...}.
My friend said that his server is restarting every 10 minutes. He isn't able to find the issue. Can you help him?
This challenge will restart every 10 minutes. You need to find the issue and fix it. So everything made during the last 10 minutes will be lost.
I just created my first website and add security to my admin panel. But a friend of mine told me that it is not secure at all. Can you help me to find the vulnerability and fix it?
Apparently, he let me a hint somewhere...
So Sam and Mikaela told me why one big big prime is not enough. Don't worry there all there and more now to improve security. And since you all broke my beautiful system I only give you the output this time.
The flag is in this format: 4T${...}.
I love prime numbers very much, so today I decided to begin to learn how to use and implement RSA. I have made an implementation of it. My friends Sam and Mikaela are going to review it but you can try it too if you want. I am a beginner so please be kind with me.
The flag is in this format: 4T${...}.
Ok, I got carried away. Sam and Mikaela helped me again to improve everything. If this does not work you will have won for this year and I will acknowledge your strength. Good luck.
The flag is in this format: 4T${...}.
This is a challenge where you must do a simple api request.
Something valuable has been hidden inside this: https://hub.docker.com/repository/docker/unshade/what/general Can you find all the pieces and put them together ?
The flag follows the format 4T${...}
I just found this old scroll in my attic. Can you read it? The flag is literally what you see
Work harder not smarter... or not
We want the nth character of each page where n is the number of the page.
Space doesn't count.
The character must be in text and not in a picture or logo.
For example,
The first three characters are : A, a, .
The flag format is : 4T${concatenationOfCharacters}
A server of the company has been compromised. Find any intelligence that could help us to trace the ghost.
The flag is in this format: 4T${}.
Someone gave me a nice pair of PDF, can you figure out if there's some hidden data ?
The flag follows the format 4T${<hidden_data>}, if the hidden data is hios, the flag should be 4T${hios}
The Discasino is now opened for business! You can play with our Discasino Discord bot today !
The bot will only reply with ephemeral messages, so you can play in the server or in its DMs. Be careful not to play with Discasino 2 now, it's a bit more secure than the first one! The flag is in the format 4T${flag}.
The Discasino is back at it with a new security! This time, you will not be able to bypass the game so easily. Can you still get the flag?
The bot for this challenge is named Discasino 2. You can play with it in the server or in its DMs. The flag is in the format 4T${flag}.
Something seems weird with this picture...
The flag should be wrapped with 4T${}
Hello Agent, We are looking to locate a wanted person. We have obtained a photo that may be near their residence. Could you find the name of the city for us? Thank you.
The name of the city must be in lowercase, without accents, and without spaces The flag is in this format: 4T${}. If the solution were New York, the flag would be 4T${newyork}.
Hello Agent, Congratulations on finding the city in the previous photo! We are cross-referencing this information with the rest of our data. In the meantime, we have a second mission for you. One of our informants has informed us that the person we are looking for recently went on vacation. Give us the name of a location where this person has actually been, and for which we have visual confirmation. The target's name is: Owen Perkins
There is no need to contact anyone for this challenge, thank you. The name of the location must be in lowercase, without accents, and without spaces. The flag is in this format: 4T${}, if the solution is Central Park, the flag will be 4T${centralpark}.
Hello Agent, You are doing a great job. We have contacted the local authorities to gather information on our target. We have since discovered that our target is part of an activist group called Hackcorp. They are planning an attack on three locations. For several years, our target has been gathering information on these locations. Attached, you will find three photos of potential locations. You must identify the positions of these locations.
The location we ask you to find are: First picture: It is pretty obviuous... Second picture: The building on the center of background. Third picture: The building where the photo was taken. The flag is the concatenation of the first word of each three word. The flag is in this format: 4T${word1.word2.word3}
Hello Agent, Congratulations on your recent findings. We narrowly avoided an incident. We managed to intercept a communication and obtained a date, time, and a photo of a meeting location. Find the meeting location, and we will arrest any members found on site.
The flag is three word corresponding to the center of the bridge that we see. The flag is in this format: 4T${word1.word2.word3}
In French, "not terrible" can be said as "pas ouf" or "bof"... Perhaps this program would be a good introduction for those "bof" moments?
example:
openssl s_client -quiet -verify_quiet -connect main-5000-pwn-pas-ouf-d8f176979c1536e4.ctf.4ts.fr:52525
I found a random USB key in a train so of course I plugged it :) It contained a binary asking me for a password?! I have no hints so I would like you to help me cracking it!
The flag is in this format: 4T${}, if the password is hello, the flag will be 4T${hello}.
Welcome to my blog, I hope you find everything you need there. It certainly is a bit empty, but I'm sure you'll find something interesting to post !
The flag format is 4T${...}.
Your friend just told you that he has a homelab and that he is hosting a website on it. He told you that he is a security expert and that his website is secure. He also gave you SSH access in case you wanted to store file on there, don't fret, you don't have any admin access.
The flag follows the format 4T${...} and is located in the /home/admin directory.
build a app is really interestingļ¼so just build it.
I know that the matrix master is always performing tedious and error-prone matrix operations day after day : (
Searching for Seashellsš by the seasidešļø : )
Noticeļ¼
Changed alarm(1200) to alarm(1500)
Block ciphers always felt too rigid for me, so I gave them a lively upgrade. Take a look at my demo : )
It's not RSA!
lucky pwn. Please read readme.txt in the attachment.
Noticeļ¼
Pay attention to the GiftNote in the file, as it can help you with later stages of exploitation.
The success rate of the expected exploit is 100%.
Partial source code provided: https://gist.github.com/cs-cat/b89161548286a453042380cba6e7332f
The latest stable PHP (8.3.13) is still pwnable.
Noticeļ¼
https://github.com/php/php-src/issues/13754
The expected exploit is data-only style.
In a time when everyone is a kernel master, this is just a check-in.
Xiaoming has put together a bit of a hodgepodge inspired by the SMTP protocol. While it won't quite let you send a real email, it can certainly help an attacker grab a flag without much trouble.
Noticeļ¼
docker base image for ctfhub/pwn_xinetd
link: https://github.com/ctfhub-team/base_image/tree/master/pwn_xinetd
M told me he developed an application and he hide a flag inside. But this application cannot be executed correctly?
is this real life or is it just fanta seaļ¼ Only supports Android on arm64. Tested on Android 12 and Android 14, perhaps not supporting old versions of Android.
Txt2AsciiArt? MulMulMultiThread?
none
flag == N1CTF{input}
Noticeļ¼
In the global variable, you can discover the stack of the encryption process. (Pay attention to saving and restoring the stack)
Error...
tips: Enable the test_mod option in Dockerfile to turn the pow check off.
n... what?
---------------------------------------------------------
* To save your time, please test locally before attempting online version.
* There are 2 ports open to the public: the HTTP port for the web challenge and the other TCP port for the SSH server.
* This is an optional SSH server that you can use if you feel that your machine's network connection to the web server is not good.
username:password
n1ctf:n1ctf!@#
curl http://app
---------------------------------------------------------
The challenge port cannot be accessed directly through HTTP
Is this really XSS?
Important: Remote resources are limited, please test locally first. And it may be unstable to obtain the flag remotely. If you can stably obtain the flag locally but keep failing in remote, please contact the author.
Noticeļ¼cve-2024-21733