MQCyberSec

PicoCTF forensics

PcapPoisoning

How about some hide and seek heh? Download this file and find the flag.

PicoCTF forensics

Redaction gone wrong

Now you DON’T see me. This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you find an important key that was not redacted properly?

PicoCTF forensics

Wireshark doo dooo do doo...

Can you find the flag? shark1.pcapng.

Cursed GateKeeper

Once a benevolent guardian spirit at the Gates of Loria, it could sense each traveler’s purity. Those with righteous hearts earned the entry chant to open the gates of Loria’s hidden library, while the unworthy were misled to other places. Since falling under Malakar’s dark influence, the Gatekeeper’s gift has been corrupted. Pure-hearted seekers now receive a false incantation that triggers the library’s defenses, while Malakar’s followers are given the genuine chant, passing into Loria unharmed. Eloween has sensed the curse in it, and asked for your prompt injection skills to outwit this curse to reveal the genuine chant reserved for the followers of Malakar. Once you have the chant, submit it as flag with the format `HTB{Chant}`

Kewiri

Questionnaire about finite fields and elliptic curves.

Lunar Orb

Into the Abyssal Depths, the path to the Sea Temple can only be charted by the lunar stars. The fellowship must reach this temple to gather the last element. Eloween calls upon the late Murek the Moonwatcher, the astronomer of old. The final vestige of Murek’s knowledge resides in the hollow sphere of glass known as the Lunar Orb. The Lunar Orb is an AI artifact that can neither be destroyed nor hidden from those who seek it. The path to the Sea Temple is only revealed by the secret chant of the sea, “Aqualia’s Lament”. There is no time to recollect this chant, so the fellowship needs your prompt injection skills to reveal this chant from the orb to unlock the way to the Sea Temple. Once you have the chant, whisper it to the orb to get the pathway to Sea Temple. Wrap the flag in the following format for the flag: `HTB{pathway}`

The Ancient Citadel

Deep in her sanctum beneath Eldoria's streets, Nyla arranges seven crystalline orbs in a perfect circle. Each contains a different vision of stone battlements and weathered walls—possible matches for the mysterious fortress the Queen seeks in the southern kingdoms of Chile. The image in her central crystal pulses with ancient power, showing a majestic citadel hidden among the distant Chilean mountains. Her fingers dance across each comparison crystal, her enchanted sight noting subtle architectural differences between the visions. The runes along her sleeves glow more intensely with each elimination until only one crystal remains illuminated. As she focuses her magical threads on this final vision, precise location runes appear in glowing script around the orb. Nyla smiles in satisfaction as the fortress reveals not just its position, but its true name and history. A more challenging mystery solved by Eldoria's premier information seeker, who knows that even the most distant fortifications cannot hide their secrets from one who compares the patterns of stone and shadow. Flag Format: `HTB{street number,postal code city, region}`

The Mechanical Bird's Nest

In the highest tower of Eldoria's archives, Nyla manipulates a crystal scrying glass, focusing on a forbidden fortress in the desert kingdoms. The Queen's agents have discovered a strange mechanical bird within the fortress walls—an unusual flying machine whose exact position could reveal strategic secrets. Nyla's fingers trace precise measurement runes across the crystal's surface as the aerial image sharpens. Her magical lattice grid overlays the vision, calculating exact distances and positions. The blue runes along her sleeves pulse rhythmically as coordinates appear in glowing script. Another hidden truth uncovered by the realm's premier information seeker, who knows that even the most distant secrets cannot hide from one who sees with magical precision. The Mechanical Bird’s Nest: `HTB{XX.XXX_-XXX.XXX}` Example: `HTB{48.858_-222.294}` Latitude and longitude format with a dash separating the coordinates

Easy Jail

I made this calculator. I have a feeling that it's not safe :(

Kings

Did you know the cosmic weapons like this? I found similar example of such weapons on the net and it was even weirder. This ruler's court artist once drew the most accurate painting of a now extinct bird. Can you tell me the coordinates upto 4 decimal places of the place where this painting is right now. Flag Format: `KashiCTF{XX.XXXX_YY.YYYY}`

Lost Frequencies

Zeroes, ones, dots and dashes Data streams in bright flashes `111 0000 10 111 1000 00 10 01 010 1011 11 111 010 000 0

SNOWy Evening

A friend of mine , Aakash has gone missing and the only thing we found is this poem...Weirdly, he had a habit of keeping his name as the password.

You Should Rev This

- Did you know that the x86 mov instruction is turing complete? Chal file provided

dotdotdot

I picked up this transmission, but it's way too noisy to make any sense of it. Can you give it a shot? Flag format: `irisctf{th3_m3ss4ge}` in all lowercase. Replace spaces with underscores. Add curly braces.

RFoIP

"I found this radio station on the Internet." "Like they continuously stream songs on YouTube or something?" "No, it's like... a radio station, and they play... Well, it's hard to explain." `nc rfoip-620ac7b1.radio.2025.irisc.tf 6531`

SineFM

While browsing the radio spectrum, I found this interesting radio channel on 434.677 MHz with some intermittent activity. I'm having some trouble making sense of it, but I'm fairly certain that this is being used as some sort of communications channel. Can you find out what's being transmitted? `nc sinefm-f94347f3.radio.2025.irisc.tf 6531`

PicoCTF web

3v@l

ABC Bank's website has a loan calculator to help its clients calculate the amount they pay if they take a loan from the bank. Unfortunately, they are using an `eval` function to calculate the loan. Bypassing this will give you Remote Code Execution (RCE). Can you exploit the bank's calculator and read the flag? Hint: Bypass regex Hint: The flag file is `/flag.txt` Hint: You might need encoding or dynamic construction to bypass restrictions.

PicoCTF web

n0s4n1ty 1

A developer has added profile picture upload functionality to a website. However, the implementation is flawed, and it presents an opportunity for you. Your mission, should you choose to accept it, is to navigate to the provided web page and locate the file upload area. Your ultimate goal is to find the hidden flag located in the `/root` directory. Hint: File upload was not sanitized Hint: Whenever you get a shell on a remote machine, check `sudo -l`

PicoCTF web

WebSockFish

Can you win in a convincing manner against this chess bot? He won't go easy on you! Hint: Try understanding the code and how the websocket client is interacting with the server

PicoCTF cryptography

Custom Encryption

Can you get sense of this code file and write the function that will decode the given encrypted file content?

PicoCTF web

Cookie Monster Secret Recipe

Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck Hint: Sometimes, the most important information is hidden in plain sight. Have you checked all parts of the webpage? Hint: Cookies aren't just for eating - they're also used in web technologies! Hint: Web browsers often have tools that can help you inspect various aspects of a webpage, including things you can't see directly.

PicoCTF web

head-dump

Welcome to the challenge! In this challenge, you will explore a web application and find an endpoint that exposes a file containing a hidden flag. The application is a simple blog website where you can read articles about various topics, including an article about API Documentation. Your goal is to explore the application and find the endpoint that generates files holding the server’s memory, where a secret flag is hidden. Hint: Explore backend development with us Hint: The head was dumped.

PicoCTF web

Scavenger Hunt

There is some interesting information hidden around this site http://mercury.picoctf.net:44070/. Can you find it? Hint: You should have enough hints to find the files, don't run a brute forcer.

PicoCTF web

SSTI1 (without RCE..?)

I made a cool website where you can announce whatever you want! Try it out! I heard templating is a cool and modular way to build web apps! Check out my website! Hints: Server Side Template Injection

PicoCTF web

Trickster

I found a web app that can help process images: PNG images only!

At Least It's Not Pandora

I really enjoy listening to music, but I hate that Spotify keeps shuffling my playlists. My taste in music used to be so backwards. P.S. One of the songs is my favorite song.

Simon Says

Help me play this game of simon says - remember, the last 2 lights have been blue!

Too Many Emojis

I like using emojis in my text messages, but my friend may have taken it too far. 💀 Can you figure out what she’s trying to tell me? 🤔

PicoCTF forensics

Bitlocker-1

Jacky is not very knowledgable about the best security passwords and used a simple password to encrypt their BitLocker drive. See if you can break through the encryption! Download the disk image here Hint: Hash cracking

PicoCTF forensics

Bitlocker-2

Jacky has learnt about the importance of strong passwords and made sure to encrypt the BitLocker drive with a very long and complex password. We managed to capture the RAM while this drive was opened however. See if you can break through the encryption! Download the disk image and the RAM dump Hint: Try using a volatility plugin

PicoCTF forensics

Event Viewing

One of the employees at your company has their computer infected by malware! Turns out every time they try to switch on the computer, it shuts down right after they log in. The story given by the employee is as follows: They installed software using an installer they downloaded online They ran the installed software but it seemed to do nothing Now every time they bootup and login to their computer, a black command prompt screen quickly opens and closes and their computer shuts down instantly. See if you can find evidence for the each of these events and retrieve the flag (split into 3 pieces) from the correct logs! Download the Windows Log file here Hint: Try to filter the logs with the right event ID Hint: What could the software have done when it was ran that causes the shutdowns every time the system starts up?

PicoCTF forensics

flags are stepic

A group of underground hackers might be using this legit site to communicate. Use your forensic techniques to uncover their message Hint: In the country that doesn't exist, the flag persists

PicoCTF forensics

Ph4nt0m 1ntrud3r

A digital ghost has breached my defenses, and my sensitive data has been stolen! 😱💻 Your mission is to uncover how this phantom intruder infiltrated my system and retrieve the hidden flag. To solve this challenge, you'll need to analyze the provided PCAP file and track down the attack method. The attacker has cleverly concealed his moves in well timely manner. Dive into the network traffic, apply the right filters and show off your forensic prowess and unmask the digital intruder! Find the PCAP file here Network Traffic PCAP file and try to get the flag. Hint: Filter your packets to narrow down your search. Hint: Attacks were done in timely manner. Hint: Time is essential

PicoCTF forensics

RED

RED, RED, RED, RED Download the image: red.png Hint: The picture seems pure, but is it though? Hint: Red?Ged?Bed?Aed? Hint: Check whatever Facebook is called now.

Chat

A chat server with some 'interesting' features! I wonder how many of them are secure... (Send `/help` to get started.) By Alex (.alex_._ on discord) http://challenge.utctf.live:5213

Finally, an un-strings-able problem

I inherited this really cursed disk image recently. All the files seem to be corrupted and I can't even read some of them. What the heck is going on? https://cdn.utctf.live/disk.img By Sasha (@kyrili on discord)

Forgotten Footprints

I didn't want anyone to find the flag, so I hid it away. Unfortunately, I seem to have misplaced it. https://drive.google.com/file/d/1L75zJ1ha1-myAM3vL_C6lpT8VJe1XQHB/view?usp=sharing by Caleb (@eden.caleb.a on discord)

OTP

Find your One True Pairing on this new site I made! Whoever has the closest OTP to the "flag" will get their very own date! This problem resets every 30 minutes. By Sasha (@kyrili on discord) http://challenge.utctf.live:3725

PicoCTF web

Insp3ct0r

Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/44924/ or http://jupiter.challenges.picoctf.org:44924 Hint: How do you inspect web code on a browser? Hint: There's 3 parts

PicoCTF general skills

Nice netcat...

There is a nice program that you can talk to by using this command in a shell: `$ nc mercury.picoctf.net 43239`, but it doesn't speak English... Hint: You can practice using netcat with this picoGym problem: what's a netcat? (https://play.picoctf.org/practice/challenge/34) Hint: You can practice reading and writing ASCII with this picoGym problem: Let's Warm Up (https://play.picoctf.org/practice/challenge/22)

PicoCTF general skills

SansAlpha

The Multiverse is within your grasp! Unfortunately, the server that contains the secrets of the multiverse is in a universe where keyboards only have numbers and (most) symbols. `ssh -p PORT [email protected]` Use password: `83dcefb7` Hint: Where can you get some letters?

PicoCTF general skills

specialer

Reception of Special has been cool to say the least. That's why we made an exclusive version of Special, called Secure Comprehensive Interface for Affecting Linux Empirically Rad, or just 'Specialer'. With Specialer, we really tried to remove the distractions from using a shell. Yes, we took out spell checker because of everybody's complaining. But we think you will be excited about our new, reduced feature set for keeping you focused on what needs it the most. Please start an instance to test your very own copy of Specialer `ssh -p PORT [email protected]`. The password is `d137d16e`. Hint: What programs do you have access to?

PicoCTF web

caas

Now presenting cowsay as a service https://caas.mars.picoctf.net/

PicoCTF web

Cookies

Who doesn't love cookies? Try to figure out the best one. http://mercury.picoctf.net:17781/

PicoCTF web

findme

Help us test the form by submiting the username as `test` and password as `test!` Hint: any redirections?

PicoCTF web

GET aHEAD

Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:28916/ Hint: Maybe you have more than 2 choices Hint: Check out tools like Burpsuite to modify your requests and look at the responses

PicoCTF forensics

Information

Files can always be changed in a secret way. Can you find the flag? Hint: Look at the details of the file Hint: Make sure to submit the flag as `picoCTF{XXXXX}`

PicoCTF web

IntroToBurp

Try here to find the flag Hint: Try using burpsuite to intercept request to capture the flag. Hint: Try mangling the request, maybe their server-side code doesn't handle malformed requests very well.

PicoCTF web

JAuth

Most web application developers use third party components without testing their security. Some of the past affected companies are: Equifax (a US credit bureau organization) - breach due to unpatched Apache Struts web framework CVE-2017-5638 Mossack Fonesca (Panama Papers law firm) breach - unpatched version of Drupal CMS used VerticalScope (internet media company) - outdated version of vBulletin forum software used Can you identify the components and exploit the vulnerable one? Can you become an `admin`? You can login as `test` with the password `Test123!` to get started. Hint: Use the web browser tools to check out the JWT cookie. Hint: The JWT should always have two (2) . separators.

PicoCTF web

JaWT Scratchpad

Check the admin scratchpad! https://jupiter.challenges.picoctf.org/problem/58210/ or http://jupiter.challenges.picoctf.org:58210 Hint: What is that cookie? Hint: Have you heard of JWT?

PicoCTF forensics

Mob psycho

Can you handle APKs?

PicoCTF forensics

Secret of the Polyglot

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they're getting conflicting information on what type of file it is. They've brought you in as an external expert to examine the file. Can you extract all the information from this strange file? Hint: This problem can be solved by just opening the file in different ways

PicoCTF web

Secrets

We have several pages hidden. Can you find the one with the flag? The website is running here. Hint: folders folders folders

Hack the Bot 2

I've developed a little application to help me with my pentest missions, with lots of useful payloads! I even let users add new payloads, but since I was in a rush I didn't have time to test the security of my application, could you take care of it?

DNSXSS-over-HTTPS

Do you like DNS-over-HTTPS? Well, I'm proxying `https://dns.google/`! Would be cool if you can find an XSS! Report to admin locally: `curl http://localhost:8008/report -H "Content-Type: application/json" -d '{"url":"http://proxy/"}'` Report to admin for the real flag: `curl https://dnxss.chal-kalmarc.tf/report -H "Content-Type: application/json" -d '{"url":"http://proxy/"}'` `https://dnxss.chal-kalmarc.tf/`

Ez ⛳ v3

To get the flag, you need: the mTLS cert, connecting from localhost, ... and break physics? Should be easy! Challenge note: the handout files contains `tls internal` while the hosted challenge mostly use real TLS. NOTE: Remote is working as intended! Even with the redirects.

KalmarNotes

Every CTF needs a note taking challenge, here is ours.

RWX Bronze

We give you file read, file write and code execution. But can you get the flag? Let's start out gently. NOTE: If you get a 404 error, try using one of the endpoints described in the handout!

RWX Silver

We give you file read, file write and code execution. But can you get the flag? Apparently that was too much!

PicoCTF forensics

CanYouSee

How about some hide and seek?

PicoCTF forensics

Glory of the Garden

This garden contains more than it seems.

PicoCTF forensics

Scan Surprise

I've gotten bored of handing out flags as text. Wouldn't it be cool if they were an image instead?

Square Power

Using p or N is outdated, let's square N!

PicoCTF general skills

Binary Search

Want to play a game? As you use more of the shell, you might be interested in how they work! Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You'll have 1000 possibilities and only 10 guesses. Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools!

PicoCTF general skills

dont-you-love-banners

Can you abuse the banner?

PicoCTF general skills

PW Crack 4

Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag and the hash in the same directory too. There are 100 potential passwords with only 1 being correct. You can find these by examining the password checker script.

PicoCTF general skills

serpentine

Find the flag in the Python script!

Key Exchange

Someone wants to send you a message. But they want something from you first.

Easy Diffy

I managed to generate strong parameters for our diffie-hellman key exchange, i think my message is now safe.

Hack the Bot 1

I've developed a little application to help me with my pentest missions, with lots of useful payloads! I even let users add new payloads, but since I was in a rush I didn't have time to test the security of my application, could you take care of it ?

Mafia at the End of the Block 1

You're an agent, your unit recently intercepted a mob discussion about an event that's going to take place on August 8, 2024. You already know the location, though. A password for the event was mentioned. Your job is to find it and return it so that an agent can go to the scene and collect evidence. Note : The contract is deployed on sepolia network

Say My Name

Just printing your name, what could go wrong ?

Corporate Life 1

The Request Management App is used to view all pending requests for each user. It’s a pretty basic website, though I heard they were working on something new. Anyway, did you know that one of the disgruntled employees shared some company secrets on the Requests Management App, but it's status was set denied before I could see it. Please find out what it was and spill the tea!

Corporate Life 2

The disgruntled employee also stashed some company secrets deep within the database, can you find them out?

Easy Jail 2

I made a completely secure calculator this time.

Game 1 - Untitled Game

We made a game.

Game 2 - Wait

We made a game.

Game 3 - CatSeabank

We made a game.

Look at Me

There is something wrong with him.. What can it be??

Memories Bring Back You

A collection of images, a digital time capsule—preserved in this file. But is every picture really just a picture? A photographer once said, "Every image tells a story, but some stories are meant to stay hidden." Maybe it’s time to inspect the unseen and find what’s been left behind.

Restaurant

I just asked for my favourite pasta and they gave me this. Are these guys STUPID? Maybe in the end they may give me something real. (Wrap the text in `KashiCTF{}`)

Self Destruct

Explore the virtual machine and you might just find the flag. Or a surprise. Maybe....

SuperFastAPI

Made my verty first API! However I have to still integrate it with a frontend so can't do much at this point lol.

All DFIR

A multi-part forensics for KnightCTF

All Networks

All multi-part networks challenges for KnightCTF

Baby Injection

Sometimes, seemingly harmless configuration files can do more than they appear. Can you uncover a hidden flaw and turn it to your advantage?

Binary Quest

In the far-off kingdom of Valoria, an ancient relic called the “Sacred Flag” lies hidden within a guarded fortress. Legend says only a true knight of cunning and skill can lay claim to its power. Dare you venture into the shadows and emerge victorious? Your journey begins now—onward, brave soul, and seize your destiny in the Binary Quest.

Easy Path to the Grail

Brave knight, your quest is simple yet essential—unlock the secrets hidden in this binary challenge and tread the path to the grail. The journey will test your wits as you reverse the provided binary, uncovering the treasure within.

Exceeding Knight

In the shadows of the ancient realm, a knight watches over unseen boundaries. The path ahead holds secrets known only to those who dare to explore beyond the ordinary.

KnightCal

In the realm of ancient codes, only those who enumerate correctly can unveil the hidden flag. Craft your mathematical expressions wisely and uncover the secrets that lie within.

Knight's Droid

For ages, a cryptic mechanical guardian has slumbered beneath the Knight’s Citadel. Some say it holds powerful secrets once wielded by ancient code-wielding Knights. Many have tried to reactivate the droid and claim its hidden knowledge—yet none have returned victorious. Will you be the one to solve its riddles and awaken this legendary machine?

Knight's Enigma

In the shadowed corridors of an ancient fortress, a legendary knight once safeguarded a secret so potent that countless contenders have vanished trying to decipher it. Now the seal has cracked, and echoes of its power seep into the present. Test your courage as you follow cryptic traces left by the knight’s hand, unraveling an enigma steeped in the mysticism of ages past. Will your wits prove enough to break the bindings and uncover the realm’s hidden legacy—or will you, too, fade into the swirling mists of history? The choice—and fate—are yours to determine.

Knight's Secret

Luana

Show me your skills. Read the /flag.txt

The Hidden Quest

The journey begins even before the battle starts! 🕵️‍♂️ In the world of knights and hackers, not everything is as it seems. Somewhere in our recent posts, a secret lies hidden, waiting to be discovered. 🕵️‍♂️ Look closer, think sharper, and let your curiosity guide you. The answer is out there – will you find it? 🛡️ Flag Format : `KCTF{s0mething_here}`

Worthy Knight

The gates of the Crimson Keep stand locked, sealed by cryptic runes from ages past. Many challengers have tested their might against these ancient wards—yet all were found wanting. Will you speak the correct incantation and earn the Keep’s hidden treasures? Prove your valor and stand among legends… if you truly are a Worthy Knight.

Cascade Chaos

A Markdown app that looks harmless... or is it? Can you find the subtle cracks in the system and make things a bit more... interesting? A little creativity goes a long way.

Cursed Credential

I forgot my Browser's saved password although a friend of mine tells that I can find it if I know my master key. The problem is I dont even remember that, hopefully you can rock your brain and help me out.

I Like McDonalds

My friend has created his own hashing service and has given it to me to crack it, can you help me with it. He has promised me a burger for this as I like McDonald's so much , can you help me get some? please :) :)

Torrent Tempest

I was in the middle of downloading an important file using a peer-to-peer protocol, but something went wrong. I captured all the traffic but I'm a bit lost in this deep sea of data. Can you help me piece the file back together? `https://drive.google.com/file/d/1xXuUaLjswpDGNGm0VagjSJOnpLrHcH94/view?usp=sharing`

VulnKart

A simple shopping platform.

Apolo

In the lawless expanse of the Frontier Cluster, Apolo serves as a beacon of security, working to safeguard the Frontier Cluster's assets from bounty hunters.

Armaxis

In the depths of the Frontier, Armaxis powers the enemy’s dominance, dispatching weapons to crush rebellion. Fortified and hidden, it controls vital supply chains. Yet, a flaw whispers of opportunity, a crack to expose its secrets and disrupt their plans. Can you breach Armaxis and turn its power against tyranny?

Binary Badresources

Recently, a mysterious syndicate from the far reaches of the Frontier has sent shockwaves through the system by deploying a new, deceptive weapon. Disguised as a harmless gift, it lies dormant until a defender unwittingly activates it, instantly compromising the defensive line and paving the way for invaders to seize the stronghold. To reclaim control over the Frontier Cluster and protect their home from further incursions, brave outlaws and daring defenders are scrambling to decode the mechanics of this weapon and devise a way to disable it—before it’s too late. Every domain found in the challenge should resolve to your docker instance. Do not forget to add the port when visiting the URLs.

Breaking Bank

In the sprawling digital expanse of the Frontier Cluster, the Frontier Board seeks to cement its dominance by targeting the cornerstone of interstellar commerce: Cluster Credit, a decentralized cryptocurrency that keeps the economy alive. With whispers of a sinister 51% attack in motion, the Board aims to gain majority control of the Cluster Credit blockchain, rewriting transaction history and collapsing the fragile economy of the outer systems. Can you hack into the platform and drain the assets for the financial controller?

Clouded

In the lawless expanse of the Frontier Cluster, Clouded emerges as a beacon of efficiency and security for file sharing. Breakthrough their cloud servers to obtain the secrets to finding the Starry Spur. Allow up to 1 minute for all the services to properly boot.

Conflict Crusher

Awakened by Lena Starling, you, the legendary Space Cowboy, must assist the Minutemen in their fight against the Frontier Board. Their intercepted data streams hold vital intelligence but are riddled with conflicting keys. Use your skills to resolve these conflicts and unify the data to aid the resistance!

CryoWarmup

You've been on ice for a long time, so before you start your journey you'll need to defrost and warm up your skills. As luck would have it, you've forgotten the password to your trusty Electro-Safe-o-Matic, where your most prized possessions are. Can you still remember how to crack in?

Energy Crystals

The ancient Starry Spur has been recovered, but its energy matrix remains dormant. As Space Cowboy, your task is to awaken its power by calculating the combinations of energy crystals that match the required energy level.

Exclusivity

Welcome back, Space Cowboy. The Minutemen have intercepted a corrupted data stream from the Frontier Board. Hidden within the stream are critical coordinates, buried under duplicate entries caused by the Board's sabotage.

exfiltrated entropy

An intercepted signal from the Frontier Board carries fragments of hidden directives, veiled in layers of complexity. Unlocking its secrets could reveal their plans and disrupt their control. Will you decipher the commands and turn the tide in the struggle for the Frontier?

Freedom

In these challenging times, the voices of freedom are growing fainter. Help us identify potential vulnerabilities in our systems so we can safeguard them against the Frontier Board, which seeks to silence any dissenting opinions. Allow up to 3 minutes for all the services to properly boot.

Frontier Exposed

The chaos within the Frontier Cluster is relentless, with malicious actors exploiting vulnerabilities to establish footholds across the expanse. During routine surveillance, an open directory vulnerability was identified on a web server, suggesting suspicious activities tied to the Frontier Board. Your mission is to thoroughly investigate the server and determine a strategy to dismantle their infrastructure. Any credentials uncovered during the investigation would prove invaluable in achieving this objective. Spawn the docker and start the investigation!

Signaling Victorious

"In a recent raid with your fellow bounty hunters you managed to recover a memory dump and a backup archive of the Frontier Board's Operation Center! The Board knows the Starry Spurr lies within your grasp and they are getting even more desperate... Uncover whatever secrets lie within the artefacts you are given and find a way to halt the Board's plans!! Note: Carefully read the `readme.txt` in the downloadables!"

Wanter Alive

A routine patrol through the Frontier Cluster's shadowy corners uncovered a sinister file embedded in a bounty report—one targeting Jack Colt himself. The file’s obfuscated layers suggest it's more than a simple message; it’s a weaponized codNote: Ensure all domains discovered in the challenge resolve to your Docker instance, including the appropriate port when accessing URLs.e from the Frontier Board, aiming to tighten their grip on the stars. As a trusted ally, it's your task to peel back the layers of deception trace its origin, and turn their tools against them. Every domain found in the challenge should resolve to your docker instance. Do not forget to add the port when visiting the URLs.

Weighted Starfield

The Frontier Starfield signals are destabilized by weighted anomalies. As Space Cowboy, your mission is to restore stability by calculating the maximum stability score from the modified energy signals.

Word Wrangler

The Frontier Archives have sent an encrypted ancient text. As Space Cowboy, your task is to decode it by identifying the most frequently used word. This crucial word could unlock secrets vital to the resistance.

add_to_cartel

Whispers in the digital underground hint at a startling revelation about NO_NO_NO's elusive funding source. Buried in encrypted data streams, links to a cryptic online storefront have surfaced. Could this innocuous merch shop be the key to NO_NO_NO's financial puzzle? Stranger still, the store is offering free merchandise as part of a limited time promotion. Might as well grab some free merch while it’s available? `http://chals.secedu.site:5016`

coded_conspiracy

Our team has discovered a series of binaries on a seized web server associated with NO_NO_NO. These binaries seem to communicate extensively. Your task is to find a way to analyse these messages. `nc chals.secedu.site 5018`

commitment_issues

The extremists are believed to be operating under a number of front companies, including Redfield Industries. Intelligence gathering has led to the discovery of the company's website. Careful analysis of how this website was made may reveal crucial information linking back to the extremist group, potentially exposing their true identities or operational details. https://tobiasredfield.github.io/redfield-industries/

compiled_chaos

The next target has been identified, and agents have cleared the cars of the CL-2384 train, and found an unknown implant device attached to the speed controllers. We were able to produce a firmware dump from the device. We need you to find out what this device is doing, and what information it is collecting or sending! Is anyone really bothered to make their own protocol these days?

digital_doppelganger

An undercover informant has provided this image of what we believe to be a NO_NO_NO member’s screen. Unfortunately, our informant went dark before we could get more context, so it’s up to you. This could hold the final key to understanding NO_NO_NO’s operations.

in_flight_entertainment

Intelligence suggests a key NO_NO_NO member travels frequently between multiple countries. A photograph, likely taken by this individual during one of their trips, has been intercepted. Help us find the flight number. This information could be crucial in predicting their movements and potentially intercepting them at an airport. flag format: `<flight number>`.

Avatar

We've now found a link to a "Leet Hacker" that has probed ORG-B systems a bit. Can you find their alias? `http://ec2-54-79-58-135.ap-southeast-2.compute.amazonaws.com`

Claw-ful opsec

What is the name of Cipher's beloved cat?

Et tu, Cipher?

Woah, Cipher seems to have hosted a mysterious website?! I wonder what we can find here? I don't think they're very creative -- perhaps they stole a file name from a list they found online? `win.secedu.site`

Happy Birthday, Cipher!

When is Cipher's birthday? The flag format is: `SECEDU{Month_XX}`, where XX is the date.

IStG

The calendar invite has an interesting zip file attached. They very clearly don't want us to see it... What could be inside?

Linkage

ORG-B has given us a message that is being passed around the organisation. They've found it on a few of their machines, but are unsure what it says. jvvr8--ga0/76/5;/7:/317,cr/qmwvjgcqv/0,amorwvg,cocxmlcuq,amo-. The message was signed by a mysterious "Y". Interesting.

PSW

With knowledge of the attacker's avatar, we can find their github repo. Is there any senstive information that 'was' found here?

Secret meeting?

Something that might be useful is an email address. What can we find with the information that has now been revealed to us? A particular commit might suggest a secret event may have taken place...

Secret meeting!?

Cipher had a secret meeting!! We should probably report this to the police. The flag should be of the format: `SECEDU{<LAT>,<LONG>}`, where the accuracy of the coordinates is to three decimal places.

Vaulting

We have retrieved an interesting file with our investigation. What is the password for the decryption script? Wrap whatever the `supersecretpass` is into `SECEDU{}` Flag formatting note: the decryption script requires 3 pieces of information to decrypt the file. Say these 3 pieces are "Super", "Secret" and "Pass", the flag you should enter is `SECEDU{SuperSecretPass}`

Wayyyy back, I liked?

Can you find Cipher's favourite colour? Format the flag accordingly: `SECEDU{HH:MM:SS_MM_DD,_YYYY}` This should be when this discussion was recorded.

Ay ay, CAPtain

They've seen how eaisily we decoded their captured message in week 1, and now they've turned up the heat with some random data. Find what they're sending over our network.

Barrier

Another secret note in the files that you can't translate. Wonder what the secret is here?

Destination

Interesting, Layton has popped up once or twice before... Why does he have encrypted data? He seems like the kind of guy to use fairly common passwords, I'm sure he can't be too malicious. But, what could his involvement be? What secrets is he hiding? **There is no requirement to brute-force infra here, please avoid doing so** Search for the flag by decrypting the data. `http://files.secedu.site/`

Hard-decoded

One of ORG-C's CI units is spewing out some random data. Sometimes this happens, they tell us. Is there something malicious in here??

Layment Portal

There is something else they want to quickly test -- a portal where the employees enter their hours. They're worried that Layton may have also tricked the system somehow, and recieved more pay than they had wanted to give out. Automation for this company is a bane.. `nc chals.secedu.site 5005` Hint: Who might have access to this employee portal?

Photo-oops

They've cleared out some old files from storage, as they're needing to reference some physical documents due to the partial outage. One of these photos is brought up to your team by an intreigued employee -- it belongs to a `Tanya`, but that's not a name of one of their employees. Where was this photo taken?? Wrap the city name in`'SECEDU{}`. Don't forget to capitalise the city name!

Score

After a review, we found that ORG-C is hosting an unusual website on their servers... It looks like they're pretty competitive -- let's make sure they know who's boss! `http://chals.secedu.site:5007/`

Source

ORG-C has given us access to one of their file servers -- conveniently served over HTTP without authentication. There is no requirement to brute-force infra here, please avoid doing so. `http://files.secedu.site/`

Upgrading your diet

After a review, we found that ORG-C is hosting an unusual website on their servers... How can we break through, and find what secrets lay beneath? `http://chals.secedu.site:5007/`. Hint: This type of challenge is quite confusing.

Are you sure that's all?

We've captured a section of network traffic from ORG-A. Can you make sure that no sensitive data is being transmitted in plaintext? We can find some interesting details on the transmitted data by following the TCP stream. What kind of file does this reveal?

Crawler

Instead of properly updating their list of websites when they need to, ORG-A has instead just appended their new pages, and hasn't removed any pages that they've taken down. Find the page that is still up and running. Vuln scans on infrastructure are out of scope, and aren't very relevant here. To be clear, there is no requirement to probe infrastructure in this way.Hint: Is there a conventional way to indicate to crawlers that you don't want a website indexed?

Encoded, secret message?

While inspecting logs, we found a message being sent across our internal network. What could this be???

Fin 'n' find

One of the employees, Layton, has taken you aside, and is wondering if you can help fix a zip file that they broke. There seems to be some sensitive information hidden inside of it, we might as well have a look at this too (it's within scope) ;)

Loudhailer

More traffic from ORG-A. Users were complaining that a server was not working properly. After some investigation, the network administrator captured some strange traffic coming from the server. Can you find if any confidential data has been leaked as a result?

Medium-ware

We've managed to dump some firmware from an experimental AVR8-driven PLC. Our developer had hardcoded a particular string inside, and promises that it's "secure enough". Find a way to extract this string. This is the flag in its entirety. This is expected to be quite a difficult challenge for week 1. Look for references to `DAT_mem`, revealing the location hiding with offset `0x02d2`. This will also yield a xor operation, `0x97`, that is used to decode a string at the end of the code segment. There is some rubbish data following a predicatable pattern once the xor key is applied. There is random data inside the flag. i.e: `SECEDU{<front>_<random_data>}` This is intentional, keep going until you find a closed bracket `}`.

Not quite all

The previously captured traffic contained an interesting tidbit towards the end of the file. What was the second line sent in the secret message? The message should wrapped in `SECEDU{}`. If it's another language, do not translate it. The text is in cyrillic, so ASCII doesn't display it nicely. What encoding scheme can cyrillic utilise?

On the way!

On our way to the main office, one of the employees sent us this photo, telling us that we needed to stop by on our way down. But unfortunately, they forgot to tell us where this was. Nice. Where abouts was this photo taken? Wrap in `SECEDU{}`. If it's a city with one or more words, space with "_". Hint: Don't forget to capitalise the city name

Overflowing with files

They also seem to have quite an interesting top-secret file delivery system, developed in C of all things?! Find a way to get the contents of the top-secret document. `nc chals.secedu.site 5001`

Portal

They've given us one of their programs running in the background to us. Let's hope it's not insecure!! (or in your case, that it's not secure instead ;) ) `nc chals.secedu.site 5000`

The name's Bossed, M. Bossed!

Whilst scanning the network we found an unknown service running on port 4953. What could it be?

Baby's First Forensics

They've been trying to breach our infrastructure all morning! They're trying to get more info on our covert kangaroos! We need your help, we've captured some traffic of them attacking us, can you tell us what tool they were using and its version? NOTE: Wrap your answer in the `DUCTF{}`, e.g. `DUCTF{nmap_7.25}`

back to the jungle

Did MC Fat Monke just drop a new track????? 👀👀👀

Bad Policies

Looks like the attacker managed to access the rebels Domain Controller. Can you figure out how they got access after pulling these artifacts from one of our Outpost machines?

Bridget Lives

After dropping numerous 0days last year Bridget has flown the coop. This is the last picture she posted before going dark. Where was this photo taken from? NOTE: Flag is case-insensitive and requires placing inside `DUCTF{}`! e.g. `DUCTF{name_of_building}`

cityviews

After having to go on the run, I've had to bunker down. Which building did I capture this picture from? NOTE: Flag is case-insensitive and requires placing inside `DUCTF{}`! e.g `DUCTF{building_name}`

co2

A group of students who don't like to do things the "conventional" way decided to come up with a CyberSecurity Blog post. You've been hired to perform an in-depth whitebox test on their web application.

Macro Magic

We managed to pull this excel spreadsheet artifact from one of our Outpost machines. Its got something sus happening under the hood. After opening we found and captured some suspicious traffic on our network. Can you find out what this traffic is and find the flag! Note: You do not need to run or enable the macro so solve.

number mashing

Mash your keyboard numpad in a specific order and a flag might just pop out!

offtheramp

That looks like a pretty cool place to escape by boat, EXAMINE the image and discover the name of this structure. NOTE: Flag is case-insensitive and requires placing inside `DUCTF{}`! e.g `DUCTF{name_of_structure}`

parrot the emu

It is so nice to hear Parrot the Emu talk back

SAM I AM

The attacker managed to gain Domain Admin on our rebels Domain Controller! Looks like they managed to log on with an account using WMI and dumped some files. Can you reproduce how they got the Administrator's Password with the artifacts provided? Place the Administrator Account's Password in `DUCTF{}`, e.g. `DUCTF{password123!}`

Sun Zi's Perfect Math Class

Everybody!! Sunzi's math class is about to begin!!!

tldr please summarise

I thought I was being 1337 by asking AI to help me solve challenges, now I have to reinstall Windows again. Can you help me out by find the flag in this document?

zoo feedback form

The zoo wants your feedback! Simply fill in the form, and send away, we'll handle it from there!