The following is a list of all of the challenges used for the 2017 CTF along with their description and link for convenience. Each of these challenges contain a README which well tell you how to stand up the challenge and the correct key to allow you to check yourself when you solve it.
Title | Value | Repository | Description |
---|---|---|---|
150 | 2017-Crypto-150 | 🚩🤷🚩 Hint: The key is 2 characters long |
|
Custom Packed Executable | 200 | 2017-Crypto-200 | We found these two suspicious files, "_1._" and "_2._", on one of our ICS-connected devices following an incident response investigation. We can't figure out what they are. Can you? Note: Linux users need to use Wine. Note: Flag format is `flag{...}`. |
Off the Chain | 300 | 2017-Crypto-300 | I found these bits and bytes laying around by that tree. Can you help? |
Title | Value | Repository | Description |
---|---|---|---|
Forgotten | 50 | 2017-Forensics-50 | All these rules about letters, numbers, and symbols. I always keep forgetting. |
Onyxia | 100 | 2017-Forensics-100 | Odd groups go to the left, even groups go to the right. Seven and eight are whelp groups. |
Ghost of a Chance | 150 | 2017-Forensics-150 | The router is probably maximized, but the Internet is fine. |
What I.P. Waiver? | 200 | 2017-Forensics-200 | An employee is suspected of stealing and exfiltrating sensitive intellectual property about a newly developed tool. A forensic acquisition was conducted on the suspects system and identified several files that may contain company intellectual property. Reconstruct and complete a SHA-1 hash of the original file. |
Layers of Fun | 400 | 2017-Forensics-400 | Your Network Security Team presents you with a PCAP file and states that it contains evidence of data exfiltration. Can you find the flag that was exfiltrated along with the data? Note: Flag format is `flag={flag}` |
Title | Value | Repository | Description |
---|---|---|---|
Level 1 | 150 | 2017-Grab-Bag-150 | Welcome to the game that is sweeping the nation. Mario got nuthin on this! How to Run Client: Run preInstall.sh which installs 32-bit libraries that the game requires. Once the script completes, the game will run automatically and have an icon to re-run. Note: The last line in `preInstall.sh` should be `/opt/AGE/runner`, not `/opt/AGE/AGE` |
Gyro King | 200 | 2017-Grab-Bag-200 | A recent exploit was discovered that allows malicious apps to read data from the gyroscope of a phone fast enough for it to pick up the faint vibrations of audio, attached is a list of the data that was obtained from the gyroscope sensor. |
Lorem ipsum | 200 | 2017-Grab-Bag-200 | You may have to crank up the speakers, which is not always desirable. Hint: Check file in a hex editor and then use Audacity |
Title | Value | Repository | Description |
---|---|---|---|
101 gnisreveR | 100 | 2017-Binary-100 | ?elif siht esrever uoy naC Note: Flag format is `flag{...}`. |
Return to Sender | 150 | 2017-Binary-150 | I'd like to cancel my mail. To connect: `ssh [email protected] -p2200` |
ReDanker | 200 | 2017-Binary-200 | Doot doot. SPIMster SKILENTON is back and danker than ever. Can you solve his dank challenge? |
PyGolf | 300 | 2017-Binary-300 | See if you can score a hole in one. Connect to the box using `ssh [email protected] -p2200` |
Title | Value | Repository | Description |
---|---|---|---|
Trust Issues | 50 | 2017-Web-50 | I'd like to file a complaint about your website, it doesn't work correctly. |
Security Camera | 100 | 2017-Web-100 | That home security camera I purchased was so BAD! I could only get ten frames per second on my eight core processor so I had to return it. I wonder what kind of frame rate the next person gets... |
Captchaured | 150 | 2017-Web-150 | We're gonna catch all the bots with our new patented "Bot Detection System". |
Take a Shot | 200 | 2017-Web-200 | Let us render your webpage for you, what could go wrong? |