Here, I had to find a way to get the admin flag from a memorial website. The site assigns regular visitors random usernames, but the flag is restricted to admins only. I needed to figure out how to trick the system into believing I was the administrator.
In this chal, I was given a compromising an admin account on a website. I had to figure out how password reset tokens were generated and create a valid one to hijack the account. The hint suggested that the tokens were generated using predictable patterns based on timestamps and email addresses.
In this challenge, we visited a "Sign Smith" shop that used a fancy cryptographic protocol to verify customers. Our goal was to forge a signature to prove we were allowed to pick up the flag, even though the shop refused to sign any message containing the word "flag."
The is a forensics challenge where a user accidentally ran a mal program hidden among 1000 other numbered programs (1.exe to 1000.exe) in a folder on their desktop. Instead of manually checking each program, they ran all of them and captured the system logs to analyze which one behaved suspiciously.
"Buslätt" is a OSINT challenge that is Swedish for "very easy." It gives you with a logo, a compass pointing South-West, and a text box. While the text claims "you will solve it easily". The goal is to use visual analysis of the sign's logo & the compass direction to get the true location in Sweden.
In this challenge, we were given two mysterious files and a server address. The goal was to find a flag hidden on that server. The catch? We didn't have a password, and the server was listening on a weird, non-standard port.
This is an OSINT challenge wherein we had to guess the location and time of the video provided in the challenge. The flag format: EnXP{time_location}
It was a web challenge where in the flag will be received when the score reaches 1 million in the flappy bird game...!!!
It was a misc. multi-stage CTF challenge themed around the band Rush. Each stage required a combination of decoding, thematic analysis, and logical deduction.
This document outlines the steps to solve the "BASEic Encoding" challenge, which involves decoding a string of complex Unicode characters to reveal the flag. Challenge String: ꍦ鱡𓍻普散桤鵟ꌰ橤𓅟頳桲𓄷敟鑦鵴樱靟樴𠌳
The objective is to find a hidden flag by exploiting a common cloud security misconfiguration: exposed credentials in publicly accessible source code. The primary tool used is the AWS Command Line Interface (CLI).
It was the second part of "Secret Map: Scratching the surface" forensics challenge. The same map.jpg was provided.
