MQCyberSec

PicoCTF web

caas

Now presenting cowsay as a service https://caas.mars.picoctf.net/

PicoCTF web

Cookies

Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:17781/

PicoCTF web

findme

Help us test the form by submiting the username as `test` and password as `test!` Hint: any redirections?

PicoCTF web

GET aHEAD

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:28916/ Hint: Maybe you have more than 2 choices Hint: Check out tools like Burpsuite to modify your requests and look at the responses

PicoCTF forensics

Information

Files can always be changed in a secret way. Can you find the flag? Hint: Look at the details of the file Hint: Make sure to submit the flag as `picoCTF{XXXXX}`

PicoCTF web

IntroToBurp

Try here to find the flag Hint: Try using burpsuite to intercept request to capture the flag. Hint: Try mangling the request, maybe their server-side code doesn't handle malformed requests very well.

PicoCTF web

JAuth

Most web application developers use third party components without testing their security. Some of the past affected companies are: Equifax (a US credit bureau organization) - breach due to unpatched Apache Struts web framework CVE-2017-5638 Mossack Fonesca (Panama Papers law firm) breach - unpatched version of Drupal CMS used VerticalScope (internet media company) - outdated version of vBulletin forum software used Can you identify the components and exploit the vulnerable one? Can you become an `admin`? You can login as `test` with the password `Test123!` to get started. Hint: Use the web browser tools to check out the JWT cookie. Hint: The JWT should always have two (2) . separators.

PicoCTF web

JaWT Scratchpad

Check the admin scratchpad! https://jupiter.challenges.picoctf.org/problem/58210/ or http://jupiter.challenges.picoctf.org:58210 Hint: What is that cookie? Hint: Have you heard of JWT?

PicoCTF forensics

Mob psycho

Can you handle APKs?

PicoCTF forensics

Secret of the Polyglot

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they're getting conflicting information on what type of file it is. They've brought you in as an external expert to examine the file. Can you extract all the information from this strange file? Hint: This problem can be solved by just opening the file in different ways

PicoCTF web

Secrets

We have several pages hidden. Can you find the one with the flag? The website is running here. Hint: folders folders folders

Hack the Bot 2

I've developed a little application to help me with my pentest missions, with lots of useful payloads! I even let users add new payloads, but since I was in a rush I didn't have time to test the security of my application, could you take care of it?

DNSXSS-over-HTTPS

Do you like DNS-over-HTTPS? Well, I'm proxying `https://dns.google/`! Would be cool if you can find an XSS! Report to admin locally: `curl http://localhost:8008/report -H "Content-Type: application/json" -d '{"url":"http://proxy/"}'` Report to admin for the real flag: `curl https://dnxss.chal-kalmarc.tf/report -H "Content-Type: application/json" -d '{"url":"http://proxy/"}'` `https://dnxss.chal-kalmarc.tf/`

Ez ⛳ v3

To get the flag, you need: the mTLS cert, connecting from localhost, ... and break physics? Should be easy! Challenge note: the handout files contains `tls internal` while the hosted challenge mostly use real TLS. NOTE: Remote is working as intended! Even with the redirects.

KalmarNotes

Every CTF needs a note taking challenge, here is ours.

RWX Bronze

We give you file read, file write and code execution. But can you get the flag? Let's start out gently. NOTE: If you get a 404 error, try using one of the endpoints described in the handout!

RWX Silver

We give you file read, file write and code execution. But can you get the flag? Apparently that was too much!

PicoCTF forensics

CanYouSee

How about some hide and seek?

PicoCTF forensics

Glory of the Garden

This garden contains more than it seems.

PicoCTF forensics

Scan Surprise

I've gotten bored of handing out flags as text. Wouldn't it be cool if they were an image instead?

Square Power

Using p or N is outdated, let's square N!

PicoCTF general skill

Binary Search

Want to play a game? As you use more of the shell, you might be interested in how they work! Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You'll have 1000 possibilities and only 10 guesses. Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools!

PicoCTF general skill

dont-you-love-banners

Can you abuse the banner?

PicoCTF general skill

PW Crack 4

Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag and the hash in the same directory too. There are 100 potential passwords with only 1 being correct. You can find these by examining the password checker script.

PicoCTF general skill

serpentine

Find the flag in the Python script!

Key Exchange

Someone wants to send you a message. But they want something from you first.

Easy Diffy

I managed to generate strong parameters for our diffie-hellman key exchange, i think my message is now safe.

Hack the Bot 1

I've developed a little application to help me with my pentest missions, with lots of useful payloads! I even let users add new payloads, but since I was in a rush I didn't have time to test the security of my application, could you take care of it ?

Mafia at the End of the Block 1

You're an agent, your unit recently intercepted a mob discussion about an event that's going to take place on August 8, 2024. You already know the location, though. A password for the event was mentioned. Your job is to find it and return it so that an agent can go to the scene and collect evidence. Note : The contract is deployed on sepolia network

Say My Name

Just printing your name, what could go wrong ?

Corporate Life 1

The Request Management App is used to view all pending requests for each user. It’s a pretty basic website, though I heard they were working on something new. Anyway, did you know that one of the disgruntled employees shared some company secrets on the Requests Management App, but it's status was set denied before I could see it. Please find out what it was and spill the tea!

Corporate Life 2

The disgruntled employee also stashed some company secrets deep within the database, can you find them out?

Easy Jail 2

I made a completely secure calculator this time.

Game 1 - Untitled Game

We made a game.

Game 2 - Wait

We made a game.

Game 3 - CatSeabank

We made a game.

Look at Me

There is something wrong with him.. What can it be??

Memories Bring Back You

A collection of images, a digital time capsule—preserved in this file. But is every picture really just a picture? A photographer once said, "Every image tells a story, but some stories are meant to stay hidden." Maybe it’s time to inspect the unseen and find what’s been left behind.

Restaurant

I just asked for my favourite pasta and they gave me this. Are these guys STUPID? Maybe in the end they may give me something real. (Wrap the text in `KashiCTF{}`)

Self Destruct

Explore the virtual machine and you might just find the flag. Or a surprise. Maybe....

SuperFastAPI

Made my verty first API! However I have to still integrate it with a frontend so can't do much at this point lol.

All DFIR

A multi-part forensics for KnightCTF

All Networks

All multi-part networks challenges for KnightCTF

Baby Injection

Sometimes, seemingly harmless configuration files can do more than they appear. Can you uncover a hidden flaw and turn it to your advantage?

Binary Quest

In the far-off kingdom of Valoria, an ancient relic called the “Sacred Flag” lies hidden within a guarded fortress. Legend says only a true knight of cunning and skill can lay claim to its power. Dare you venture into the shadows and emerge victorious? Your journey begins now—onward, brave soul, and seize your destiny in the Binary Quest.

Easy Path to the Grail

Brave knight, your quest is simple yet essential—unlock the secrets hidden in this binary challenge and tread the path to the grail. The journey will test your wits as you reverse the provided binary, uncovering the treasure within.

Exceeding Knight

In the shadows of the ancient realm, a knight watches over unseen boundaries. The path ahead holds secrets known only to those who dare to explore beyond the ordinary.

KnightCal

In the realm of ancient codes, only those who enumerate correctly can unveil the hidden flag. Craft your mathematical expressions wisely and uncover the secrets that lie within.

Knight's Droid

For ages, a cryptic mechanical guardian has slumbered beneath the Knight’s Citadel. Some say it holds powerful secrets once wielded by ancient code-wielding Knights. Many have tried to reactivate the droid and claim its hidden knowledge—yet none have returned victorious. Will you be the one to solve its riddles and awaken this legendary machine?

Knight's Enigma

In the shadowed corridors of an ancient fortress, a legendary knight once safeguarded a secret so potent that countless contenders have vanished trying to decipher it. Now the seal has cracked, and echoes of its power seep into the present. Test your courage as you follow cryptic traces left by the knight’s hand, unraveling an enigma steeped in the mysticism of ages past. Will your wits prove enough to break the bindings and uncover the realm’s hidden legacy—or will you, too, fade into the swirling mists of history? The choice—and fate—are yours to determine.

Knight's Secret

Luana

Show me your skills. Read the /flag.txt

The Hidden Quest

The journey begins even before the battle starts! 🕵️‍♂️ In the world of knights and hackers, not everything is as it seems. Somewhere in our recent posts, a secret lies hidden, waiting to be discovered. 🕵️‍♂️ Look closer, think sharper, and let your curiosity guide you. The answer is out there – will you find it? 🛡️ Flag Format : `KCTF{s0mething_here}`

Worthy Knight

The gates of the Crimson Keep stand locked, sealed by cryptic runes from ages past. Many challengers have tested their might against these ancient wards—yet all were found wanting. Will you speak the correct incantation and earn the Keep’s hidden treasures? Prove your valor and stand among legends… if you truly are a Worthy Knight.

Cascade Chaos

A Markdown app that looks harmless... or is it? Can you find the subtle cracks in the system and make things a bit more... interesting? A little creativity goes a long way.

Cursed Credential

I forgot my Browser's saved password although a friend of mine tells that I can find it if I know my master key. The problem is I dont even remember that, hopefully you can rock your brain and help me out.

I Like McDonalds

My friend has created his own hashing service and has given it to me to crack it, can you help me with it. He has promised me a burger for this as I like McDonald's so much , can you help me get some? please :) :)

Torrent Tempest

I was in the middle of downloading an important file using a peer-to-peer protocol, but something went wrong. I captured all the traffic but I'm a bit lost in this deep sea of data. Can you help me piece the file back together? `https://drive.google.com/file/d/1xXuUaLjswpDGNGm0VagjSJOnpLrHcH94/view?usp=sharing`

VulnKart

A simple shopping platform.

Apolo

In the lawless expanse of the Frontier Cluster, Apolo serves as a beacon of security, working to safeguard the Frontier Cluster's assets from bounty hunters.

Armaxis

In the depths of the Frontier, Armaxis powers the enemy’s dominance, dispatching weapons to crush rebellion. Fortified and hidden, it controls vital supply chains. Yet, a flaw whispers of opportunity, a crack to expose its secrets and disrupt their plans. Can you breach Armaxis and turn its power against tyranny?

Binary Badresources

Recently, a mysterious syndicate from the far reaches of the Frontier has sent shockwaves through the system by deploying a new, deceptive weapon. Disguised as a harmless gift, it lies dormant until a defender unwittingly activates it, instantly compromising the defensive line and paving the way for invaders to seize the stronghold. To reclaim control over the Frontier Cluster and protect their home from further incursions, brave outlaws and daring defenders are scrambling to decode the mechanics of this weapon and devise a way to disable it—before it’s too late. Every domain found in the challenge should resolve to your docker instance. Do not forget to add the port when visiting the URLs.

Breaking Bank

In the sprawling digital expanse of the Frontier Cluster, the Frontier Board seeks to cement its dominance by targeting the cornerstone of interstellar commerce: Cluster Credit, a decentralized cryptocurrency that keeps the economy alive. With whispers of a sinister 51% attack in motion, the Board aims to gain majority control of the Cluster Credit blockchain, rewriting transaction history and collapsing the fragile economy of the outer systems. Can you hack into the platform and drain the assets for the financial controller?

Clouded

In the lawless expanse of the Frontier Cluster, Clouded emerges as a beacon of efficiency and security for file sharing. Breakthrough their cloud servers to obtain the secrets to finding the Starry Spur. Allow up to 1 minute for all the services to properly boot.

Conflict Crusher

Awakened by Lena Starling, you, the legendary Space Cowboy, must assist the Minutemen in their fight against the Frontier Board. Their intercepted data streams hold vital intelligence but are riddled with conflicting keys. Use your skills to resolve these conflicts and unify the data to aid the resistance!

CryoWarmup

You've been on ice for a long time, so before you start your journey you'll need to defrost and warm up your skills. As luck would have it, you've forgotten the password to your trusty Electro-Safe-o-Matic, where your most prized possessions are. Can you still remember how to crack in?

Energy Crystals

The ancient Starry Spur has been recovered, but its energy matrix remains dormant. As Space Cowboy, your task is to awaken its power by calculating the combinations of energy crystals that match the required energy level.

Exclusivity

Welcome back, Space Cowboy. The Minutemen have intercepted a corrupted data stream from the Frontier Board. Hidden within the stream are critical coordinates, buried under duplicate entries caused by the Board's sabotage.

exfiltrated entropy

An intercepted signal from the Frontier Board carries fragments of hidden directives, veiled in layers of complexity. Unlocking its secrets could reveal their plans and disrupt their control. Will you decipher the commands and turn the tide in the struggle for the Frontier?

Freedom

In these challenging times, the voices of freedom are growing fainter. Help us identify potential vulnerabilities in our systems so we can safeguard them against the Frontier Board, which seeks to silence any dissenting opinions. Allow up to 3 minutes for all the services to properly boot.

Frontier Exposed

The chaos within the Frontier Cluster is relentless, with malicious actors exploiting vulnerabilities to establish footholds across the expanse. During routine surveillance, an open directory vulnerability was identified on a web server, suggesting suspicious activities tied to the Frontier Board. Your mission is to thoroughly investigate the server and determine a strategy to dismantle their infrastructure. Any credentials uncovered during the investigation would prove invaluable in achieving this objective. Spawn the docker and start the investigation!

Signaling Victorious

"In a recent raid with your fellow bounty hunters you managed to recover a memory dump and a backup archive of the Frontier Board's Operation Center! The Board knows the Starry Spurr lies within your grasp and they are getting even more desperate... Uncover whatever secrets lie within the artefacts you are given and find a way to halt the Board's plans!! Note: Carefully read the `readme.txt` in the downloadables!"

Wanter Alive

A routine patrol through the Frontier Cluster's shadowy corners uncovered a sinister file embedded in a bounty report—one targeting Jack Colt himself. The file’s obfuscated layers suggest it's more than a simple message; it’s a weaponized codNote: Ensure all domains discovered in the challenge resolve to your Docker instance, including the appropriate port when accessing URLs.e from the Frontier Board, aiming to tighten their grip on the stars. As a trusted ally, it's your task to peel back the layers of deception trace its origin, and turn their tools against them. Every domain found in the challenge should resolve to your docker instance. Do not forget to add the port when visiting the URLs.

Weighted Starfield

The Frontier Starfield signals are destabilized by weighted anomalies. As Space Cowboy, your mission is to restore stability by calculating the maximum stability score from the modified energy signals.

Word Wrangler

The Frontier Archives have sent an encrypted ancient text. As Space Cowboy, your task is to decode it by identifying the most frequently used word. This crucial word could unlock secrets vital to the resistance.

add_to_cartel

Whispers in the digital underground hint at a startling revelation about NO_NO_NO's elusive funding source. Buried in encrypted data streams, links to a cryptic online storefront have surfaced. Could this innocuous merch shop be the key to NO_NO_NO's financial puzzle? Stranger still, the store is offering free merchandise as part of a limited time promotion. Might as well grab some free merch while it’s available? `http://chals.secedu.site:5016`

coded_conspiracy

Our team has discovered a series of binaries on a seized web server associated with NO_NO_NO. These binaries seem to communicate extensively. Your task is to find a way to analyse these messages. `nc chals.secedu.site 5018`

commitment_issues

The extremists are believed to be operating under a number of front companies, including Redfield Industries. Intelligence gathering has led to the discovery of the company's website. Careful analysis of how this website was made may reveal crucial information linking back to the extremist group, potentially exposing their true identities or operational details. https://tobiasredfield.github.io/redfield-industries/

compiled_chaos

The next target has been identified, and agents have cleared the cars of the CL-2384 train, and found an unknown implant device attached to the speed controllers. We were able to produce a firmware dump from the device. We need you to find out what this device is doing, and what information it is collecting or sending! Is anyone really bothered to make their own protocol these days?

digital_doppelganger

An undercover informant has provided this image of what we believe to be a NO_NO_NO member’s screen. Unfortunately, our informant went dark before we could get more context, so it’s up to you. This could hold the final key to understanding NO_NO_NO’s operations.

in_flight_entertainment

Intelligence suggests a key NO_NO_NO member travels frequently between multiple countries. A photograph, likely taken by this individual during one of their trips, has been intercepted. Help us find the flight number. This information could be crucial in predicting their movements and potentially intercepting them at an airport. flag format: `<flight number>`.

Avatar

We've now found a link to a "Leet Hacker" that has probed ORG-B systems a bit. Can you find their alias? `http://ec2-54-79-58-135.ap-southeast-2.compute.amazonaws.com`

Claw-ful opsec

What is the name of Cipher's beloved cat?

Et tu, Cipher?

Woah, Cipher seems to have hosted a mysterious website?! I wonder what we can find here? I don't think they're very creative -- perhaps they stole a file name from a list they found online? `win.secedu.site`

Happy Birthday, Cipher!

When is Cipher's birthday? The flag format is: `SECEDU{Month_XX}`, where XX is the date.

IStG

The calendar invite has an interesting zip file attached. They very clearly don't want us to see it... What could be inside?

Linkage

ORG-B has given us a message that is being passed around the organisation. They've found it on a few of their machines, but are unsure what it says. jvvr8--ga0/76/5;/7:/317,cr/qmwvjgcqv/0,amorwvg,cocxmlcuq,amo-. The message was signed by a mysterious "Y". Interesting.

PSW

With knowledge of the attacker's avatar, we can find their github repo. Is there any senstive information that 'was' found here?

Secret meeting?

Something that might be useful is an email address. What can we find with the information that has now been revealed to us? A particular commit might suggest a secret event may have taken place...

Secret meeting!?

Cipher had a secret meeting!! We should probably report this to the police. The flag should be of the format: `SECEDU{<LAT>,<LONG>}`, where the accuracy of the coordinates is to three decimal places.

Vaulting

We have retrieved an interesting file with our investigation. What is the password for the decryption script? Wrap whatever the `supersecretpass` is into `SECEDU{}` Flag formatting note: the decryption script requires 3 pieces of information to decrypt the file. Say these 3 pieces are "Super", "Secret" and "Pass", the flag you should enter is `SECEDU{SuperSecretPass}`

Wayyyy back, I liked?

Can you find Cipher's favourite colour? Format the flag accordingly: `SECEDU{HH:MM:SS_MM_DD,_YYYY}` This should be when this discussion was recorded.

Ay ay, CAPtain

They've seen how eaisily we decoded their captured message in week 1, and now they've turned up the heat with some random data. Find what they're sending over our network.

Barrier

Another secret note in the files that you can't translate. Wonder what the secret is here?

Destination

Interesting, Layton has popped up once or twice before... Why does he have encrypted data? He seems like the kind of guy to use fairly common passwords, I'm sure he can't be too malicious. But, what could his involvement be? What secrets is he hiding? **There is no requirement to brute-force infra here, please avoid doing so** Search for the flag by decrypting the data. `http://files.secedu.site/`

Hard-decoded

One of ORG-C's CI units is spewing out some random data. Sometimes this happens, they tell us. Is there something malicious in here??

Layment Portal

There is something else they want to quickly test -- a portal where the employees enter their hours. They're worried that Layton may have also tricked the system somehow, and recieved more pay than they had wanted to give out. Automation for this company is a bane.. `nc chals.secedu.site 5005` Hint: Who might have access to this employee portal?

Photo-oops

They've cleared out some old files from storage, as they're needing to reference some physical documents due to the partial outage. One of these photos is brought up to your team by an intreigued employee -- it belongs to a `Tanya`, but that's not a name of one of their employees. Where was this photo taken?? Wrap the city name in`'SECEDU{}`. Don't forget to capitalise the city name!

Score

After a review, we found that ORG-C is hosting an unusual website on their servers... It looks like they're pretty competitive -- let's make sure they know who's boss! `http://chals.secedu.site:5007/`

Source

ORG-C has given us access to one of their file servers -- conveniently served over HTTP without authentication. There is no requirement to brute-force infra here, please avoid doing so. `http://files.secedu.site/`

Upgrading your diet

After a review, we found that ORG-C is hosting an unusual website on their servers... How can we break through, and find what secrets lay beneath? `http://chals.secedu.site:5007/`. Hint: This type of challenge is quite confusing.

Are you sure that's all?

We've captured a section of network traffic from ORG-A. Can you make sure that no sensitive data is being transmitted in plaintext? We can find some interesting details on the transmitted data by following the TCP stream. What kind of file does this reveal?

Crawler

Instead of properly updating their list of websites when they need to, ORG-A has instead just appended their new pages, and hasn't removed any pages that they've taken down. Find the page that is still up and running. Vuln scans on infrastructure are out of scope, and aren't very relevant here. To be clear, there is no requirement to probe infrastructure in this way.Hint: Is there a conventional way to indicate to crawlers that you don't want a website indexed?

Encoded, secret message?

While inspecting logs, we found a message being sent across our internal network. What could this be???

Fin 'n' find

One of the employees, Layton, has taken you aside, and is wondering if you can help fix a zip file that they broke. There seems to be some sensitive information hidden inside of it, we might as well have a look at this too (it's within scope) ;)

Loudhailer

More traffic from ORG-A. Users were complaining that a server was not working properly. After some investigation, the network administrator captured some strange traffic coming from the server. Can you find if any confidential data has been leaked as a result?

Medium-ware

We've managed to dump some firmware from an experimental AVR8-driven PLC. Our developer had hardcoded a particular string inside, and promises that it's "secure enough". Find a way to extract this string. This is the flag in its entirety. This is expected to be quite a difficult challenge for week 1. Look for references to `DAT_mem`, revealing the location hiding with offset `0x02d2`. This will also yield a xor operation, `0x97`, that is used to decode a string at the end of the code segment. There is some rubbish data following a predicatable pattern once the xor key is applied. There is random data inside the flag. i.e: `SECEDU{<front>_<random_data>}` This is intentional, keep going until you find a closed bracket `}`.

Not quite all

The previously captured traffic contained an interesting tidbit towards the end of the file. What was the second line sent in the secret message? The message should wrapped in `SECEDU{}`. If it's another language, do not translate it. The text is in cyrillic, so ASCII doesn't display it nicely. What encoding scheme can cyrillic utilise?

On the way!

On our way to the main office, one of the employees sent us this photo, telling us that we needed to stop by on our way down. But unfortunately, they forgot to tell us where this was. Nice. Where abouts was this photo taken? Wrap in `SECEDU{}`. If it's a city with one or more words, space with "_". Hint: Don't forget to capitalise the city name

Overflowing with files

They also seem to have quite an interesting top-secret file delivery system, developed in C of all things?! Find a way to get the contents of the top-secret document. `nc chals.secedu.site 5001`

Portal

They've given us one of their programs running in the background to us. Let's hope it's not insecure!! (or in your case, that it's not secure instead ;) ) `nc chals.secedu.site 5000`

The name's Bossed, M. Bossed!

Whilst scanning the network we found an unknown service running on port 4953. What could it be?

Baby's First Forensics

They've been trying to breach our infrastructure all morning! They're trying to get more info on our covert kangaroos! We need your help, we've captured some traffic of them attacking us, can you tell us what tool they were using and its version? NOTE: Wrap your answer in the `DUCTF{}`, e.g. `DUCTF{nmap_7.25}`

back to the jungle

Did MC Fat Monke just drop a new track????? 👀👀👀

Bad Policies

Looks like the attacker managed to access the rebels Domain Controller. Can you figure out how they got access after pulling these artifacts from one of our Outpost machines?

Bridget Lives

After dropping numerous 0days last year Bridget has flown the coop. This is the last picture she posted before going dark. Where was this photo taken from? NOTE: Flag is case-insensitive and requires placing inside `DUCTF{}`! e.g. `DUCTF{name_of_building}`

cityviews

After having to go on the run, I've had to bunker down. Which building did I capture this picture from? NOTE: Flag is case-insensitive and requires placing inside `DUCTF{}`! e.g `DUCTF{building_name}`

co2

A group of students who don't like to do things the "conventional" way decided to come up with a CyberSecurity Blog post. You've been hired to perform an in-depth whitebox test on their web application.

Macro Magic

We managed to pull this excel spreadsheet artifact from one of our Outpost machines. Its got something sus happening under the hood. After opening we found and captured some suspicious traffic on our network. Can you find out what this traffic is and find the flag! Note: You do not need to run or enable the macro so solve.

number mashing

Mash your keyboard numpad in a specific order and a flag might just pop out!

offtheramp

That looks like a pretty cool place to escape by boat, EXAMINE the image and discover the name of this structure. NOTE: Flag is case-insensitive and requires placing inside `DUCTF{}`! e.g `DUCTF{name_of_structure}`

parrot the emu

It is so nice to hear Parrot the Emu talk back

SAM I AM

The attacker managed to gain Domain Admin on our rebels Domain Controller! Looks like they managed to log on with an account using WMI and dumped some files. Can you reproduce how they got the Administrator's Password with the artifacts provided? Place the Administrator Account's Password in `DUCTF{}`, e.g. `DUCTF{password123!}`

Sun Zi's Perfect Math Class

Everybody!! Sunzi's math class is about to begin!!!

tldr please summarise

I thought I was being 1337 by asking AI to help me solve challenges, now I have to reinstall Windows again. Can you help me out by find the flag in this document?

zoo feedback form

The zoo wants your feedback! Simply fill in the form, and send away, we'll handle it from there!