OCEAN What can you do in an ocean of files? nc server.challenge.ctf.thefewchosen.com 1338 Hints There is an official hint: Hint for ocean: The chal file is not relevant. That’s just a shell (basically the entrypoint). Try listing folders and subfolders Todos So we looked around for a while and found this directory (Magic trick was to use ls -R instead
AAAAA AAAAA. That’s all Download AAAAA Okay – first of all, like always I run file on this AAAAA file. This will tell us, that this is a data file. After that, I tried binwalk. BÄM There is an image included. My colleague uses CyberChef for this. There you can import the file and run Extract files on. I just
Lost my Head Oh no! Help! I’ve lost my head! Can you tell me the street name of the trash bin I lost it in? Maybe I can still find it… Flag format: TFCCTF{street_name_and_street_number_as_seen_on_google_maps_separated_by_underscores} Challenge authors: hofill, tomadimitrie Solving Like always we should first check strings, file and so on. Please see the logfiles. In the exif we can find
DISCORD SHENANIGANS We considered giving you a free flag. However, we decided against it. In general, we would never do that! Or would we? That’s the beginning of a good CTF! Discord is the new Twitter. To be able to solve this challenge, you’ll need to join our discord. Link in the Rules page. Todos The flag is hidden in
MACDONALDS I’m a huge Ronald fan. My fan page doubles down as my cloud storage page! You’ll never find my secrets! http://server.challenge.ctf.thefewchosen.com:1339 Todos Okay, after opening the webservice we get some hints for the webserver he is hosting on his macos we were looking into some google research. There are quite some issues with this .DS_Store files. Okay lets try,
I recently wrote a Flask web application in Python. When I put it online, I of course ran Nikto over it. Since I was immediately confronted with the usual suspects, I wanted to write down the solution for this weak point as a reminder to myself and possibly for your support. Vulnerabilities What vulnerabilities do we encounter again and again?
Deep Bielsa: ‚A man with new ideas is a madman, until his ideas triumph‘ Given is this foto: Todos Okay guys – this one is an easy one, but I did not solved that by my own! My personal rabbitholes Disclaimer: I couldn’t solve the challenge and had to bang my head on the edge of the table for hours
Noise Messi: ‚When the year starts, the objective is to win with all the team, personal records are secondary‘ Todos Given was this picture: In this stego challenges the first approach is to check the file type and look for some strings. $ ~ # file challenge.png challenge.png: PNG image data, 926 x 1262, 8-bit grayscale, non-interlaced That looks normal…
Friends Bielsa: ‚Everything is allowed, except stop fighting‘ Given was this image: Todos Like always – I check strings and exiftools and the file itself! But no command give us something. $ ~ # file messi.jpg messi.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1×1, segment length 16, baseline, precision 8, 720×628, components 3 exiftool messi.jpg > messi.jpg_exifdata
3in1 Description Like Nescafeeeee! Attachments https://ctf.k3rn3l4rmy.com/kernelctf-distribution-challs/nescafeee/AES.py Todos To decrypt the string in the given AES.py script (String is in scriptfile as a comment). from Crypto.Cipher import AES from Crypto.Hash import SHA256 f = open('progress.txt', 'r') password = ("abda") hash_obj = SHA256.new(password.encode('utf-8')) hkey = hash_obj.digest() def encrypt(info): msg = info BLOCK_SIZE = 16 PAD = "{" padding = lambda s: s