Here, I had to find a way to get the admin flag from a memorial website. The site assigns regular visitors random usernames, but the flag is restricted to admins only. I needed to figure out how to trick the system into believing I was the administrator.
In this chal, I was given a compromising an admin account on a website. I had to figure out how password reset tokens were generated and create a valid one to hijack the account. The hint suggested that the tokens were generated using predictable patterns based on timestamps and email addresses.
In this challenge, we visited a "Sign Smith" shop that used a fancy cryptographic protocol to verify customers. Our goal was to forge a signature to prove we were allowed to pick up the flag, even though the shop refused to sign any message containing the word "flag."
The is a forensics challenge where a user accidentally ran a mal program hidden among 1000 other numbered programs (1.exe to 1000.exe) in a folder on their desktop. Instead of manually checking each program, they ran all of them and captured the system logs to analyze which one behaved suspiciously.
"Buslätt" is a OSINT challenge that is Swedish for "very easy." It gives you with a logo, a compass pointing South-West, and a text box. While the text claims "you will solve it easily". The goal is to use visual analysis of the sign's logo & the compass direction to get the true location in Sweden.
In this challenge, we were given two mysterious files and a server address. The goal was to find a flag hidden on that server. The catch? We didn't have a password, and the server was listening on a weird, non-standard port.
This is an OSINT challenge wherein we had to guess the location and time of the video provided in the challenge. The flag format: EnXP{time_location}
Subscribe to stay up to date on OSIRIS events and secrets 👀
It was a web challenge where in the flag will be received when the score reaches 1 million in the flappy bird game...!!!
It was a misc. multi-stage CTF challenge themed around the band Rush. Each stage required a combination of decoding, thematic analysis, and logical deduction.
This document outlines the steps to solve the "BASEic Encoding" challenge, which involves decoding a string of complex Unicode characters to reveal the flag. Challenge String: ꍦ鱡𓍻普散桤鵟ꌰ橤𓅟頳桲𓄷敟鑦鵴樱靟樴𠌳
The objective is to find a hidden flag by exploiting a common cloud security misconfiguration: exposed credentials in publicly accessible source code. The primary tool used is the AWS Command Line Interface (CLI).
It was the second part of "Secret Map: Scratching the surface" forensics challenge. The same map.jpg was provided.
It was a forensics challenge, providing a 'map.jpg'
This pwn challenge requires playing with the input of weights and biases of an AI chatbot to leak the flag.
The challenge required us to find a 10-float "genetic code" that maximizes a hidden "survival rating" function to an average of 95.0% within 100 generations. This is solved using a Genetic Algorithm, an optimization technique that mimics natural selection.
This attack is a classic cryptographic vulnerability called CBC Bit-Flipping Attack, which targets data encrypted using the CBC mode. The goal of the challenge is to get the server to decrypt a malicious packet that results in a specific, secret value for the `device_id` (0xdeadbabe).
The core problem is that the same secret message (P) is being encrypted repeatedly with a predictable, but incrementing, counter. Because the message is longer than the known plaintext, we must retrieve two consecutive ciphertexts (C0 and C1) to piece together the full encryption keystream (K0).
This is a writeup for the phished challenge for K17 CTF. Challenge Details The challenge description reads: We fired Billy last week after he failed a phishing test for the 6th time. We wiped his machine, but now we really need one of the files that was on it. Maybe
Unleash the Kraken