-
#96 Forensics 101
strings image.jpg | grep flag
-
#103 Taking LS
ls -la
-
#104 Git Is Good
git log git show -1
-
#107 Where Can My Robot Go?
https://ctflearn.com/robots.txt
https://ctflearn.com/70r3hnanldfspufdsoifnlds.html -
#108 Binwalk
foremost PurpleThing.jpeg xdg-open output/png/00000299.png
-
#115 Character Encoding
echo "41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D" | xxd -r -p
-
#158 Hextroadinary
python a=0xc4115 b=0x4cf8 c=a^b print(hex(c))
-
#168 Wikipedia
https://en.wikipedia.org/w/index.php?title=Flag&diff=prev&oldid=676540540 -
#174 Simple Programming
result = 0 with open("data.dat") as file: for line in file: if (line.count('0') % 3 == 0) or (line.count('1') % 2 == 0): result += 1 print(result)
-
#192 Base 2 2 the 6
echo "Q1RGe0ZsYWdneVdhZ2d5UmFnZ3l9" | base64 -d
-
#227 BruXOR
https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force(1,100,0,'Standard',false,true,false,'')&input=cXt2cGxuJ2JIX3Zhckh1ZWJjcnF4ZXRySE9YRWog
or https://www.dcode.fr/xor-cipher -
#228 QR Code
zbarimg qrcode.39907201.png echo "c3ludCB2ZiA6IGEwX29icWxfczBldHJnX2RlX3BicXI=" | base64 -d echo "synt vf : a0_obql_s0etrg_de_pbqr" | tr 'a-zA-Z' 'n-za-mN-ZA-M'
def rot_decrypt(ciphertext, shift): plaintext = "" for char in ciphertext: if char.isalpha(): alpha_start = ord('a') if char.islower() else ord('A') index = (ord(char) - alpha_start - shift) % 26 plaintext += chr(alpha_start + index) else: plaintext += char return plaintext ciphertext = "synt vf : a0_obql_s0etrg_de_pbqr" shift = 13 print(rot_decrypt(ciphertext, shift))
-
#230 Reverse Polarity
https://www.rapidtables.com/convert/number/binary-to-ascii.html -
#305 Vigenere Cipher
plaintext = "gwox{RgqssihYspOntqpxs}" key = "blor{pyblorpyblorpyblor}" result = "" for i in range(len(plaintext)): char = plaintext[i] if char.isalpha(): if char.isupper(): result += chr((ord(char) - ord('A') - (ord(key[i]) - ord('a')) + 26) % 26 + ord('A')) else: result += chr((ord(char) - ord('a') - (ord(key[i]) - ord('a')) + 26) % 26 + ord('a')) else: result += char print(result)
-
#309 Exif
exiftool Computer-Password-Security-Hacker\ -\ Copy.jpg
-
#309 Morse Code
echo "..-. .-.. .- --. ... .- -- ..- . .-.. -- --- .-. ... . .. ... -.-. --- --- .-.. -... -.-- - .... . .-- .- -.-- .. .-.. .. -.- . -.-. .... . . ..." | morse2ascii -
-
#348 WOW.... So Meta
exiftool 3UWLBAUCb9Z2.jpg
-
#691 Lazy Game Challenge
printf "Y\n-1000000\n0\n0\n0\n0\n0\n0\n0\n0\n0\n0\n" | nc thekidofarcrania.com 10001
-
#883 I'm a dump
strings file | grep -n2 "CTF"
-
#885 Modern Gaius Julius Caesar
https://www.dcode.fr/keyboard-shift-cipher
Shift: Left
Number of keys/steps for shift: 2 -
#933 Rubber Duck
exiftool RubberDuck.jpg
-
#934 Snowboard
file Snowboard.jpg echo "Q1RGbGVhcm57U2tpQmFuZmZ9Cg==" | base64 -d
-
#935 PikesPeak
strings PikesPeak.jpg | grep -i ctf file PikesPeak.jpg | grep CTFl
-
#936 GandalfTheWise
file Gandalf.jpg echo "Q1RGbGVhcm57eG9yX2lzX3lvdXJfZnJpZW5kfQo=" | base64 -d # CTFlearn{xor_is_your_friend} printf "xD6kfO2UrE5SnLQ6WgESK4kvD/Y/rDJPXNU45k/p" | base64 -d | xxd -p -d | tr -d "\n" | sed 's/\(..\)/\1 /g' # c4 3e a4 7c ed 94 ac 4e 52 9c b4 3a 5a 01 12 2b 89 2f 0f f6 3f ac 32 4f 5c d5 38 e6 4f e9 printf "h2riEIj13iAp29VUPmB+TadtZppdw3AuO7JRiDyU" | base64 -d | xxd -p -d | tr -d "\n" | sed 's/\(..\)/\1 /g' # 87 6a e2 10 88 f5 de 20 29 db d5 54 3e 60 7e 4d a7 6d 66 9a 5d c3 70 2e 3b b2 51 88 3c 94 # https://xor.pw/ echo "4354466c6561726e7b47616e64616c662e42696c626f42616767696e737d" | xxd -r -p
-
#955 Minions
strings Hey_You.png binwalk -e Only_Few_Steps.jpg cd _Only_Few_Steps.jpg.extracted unrar x 22806.rar strings YouWon\(Almost\).jpg | grep CTF echo "VmtaU1IxUXhUbFZSYXpsV1RWUnNRMVpYZEZkYWJFWTJVVmhrVlZGVU1Eaz0=" | base64 -d echo "VkZSR1QxTlVRazlWTVRsQ1ZXdFdabEY2UVhkVVFUMDk=" | base64 -d echo "VFRGT1NUQk9VMTlCVWtWZlF6QXdUQT09" | base64 -d echo "TTFOSTBOU19BUkVfQzAwTA==" | base64 -d
-
#957 PDF by fdpumyp
strings dontopen.pdf echo "Q1RGbGVhcm57KV8xbDB3M3kwVW0wMG15MTIzfQ==" | base64 -d
-
#959 Blank Page
sed 's/ /0/g; s/\xE2\x80\x8F/1/g' TheMessage.txt | perl -lape '$_=pack"B*",$_'
-
#971 Pho Is Tasty!
head Pho.jpg
-
#972 Chalkboard
strings math.jpg | grep flag -n4
-
#973 Tux!
file Tux.jpg echo "ICAgICAgUGFzc3dvcmQ6IExpbnV4MTIzNDUK" | base64 -d binwalk -e Tux.jpg cd _Tux.jpg.extracted unzip 1570.zip cat flag
-
#1072 Time Traveller
https://web.archive.org/web/19961231235847/http://www.nasa.gov/ -
#1135 My Friend John
zip2john use-rockyou.zip > hash.txt john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt unzip -P kdbs0429 use-rockyou.zip zip2john custom-list.zip > hash2.txt john --wordlist=custom-list.txt hash2.txt unzip -P 1N73rD3N0M1N4710N41 custom-list.zip
with open('pinlist.txt', 'w') as file: for pin in range(1000000): file.write(f'{pin:04d}\n')
zip2john brute-force-pin.zip > hash3.txt john --wordlist=pinlist.txt hash3.txt unzip -P 991337 brute-force-pin.zip cat flag.txt
-
#97 07601
binwalk -e AGT.png cd _AGT.png.extracted find . -type f -exec strings {} \; | grep -i "ctf"
-
curl http://165.227.106.113/header.php curl http://165.227.106.113/header.php -A "Sup3rS3cr3tAg3nt" curl http://165.227.106.113/header.php -A "Sup3rS3cr3tAg3nt" -e "awesomesauce.com"
-
#114 POST Practice
curl http://165.227.106.113/post.php curl http://165.227.106.113/post.php -d "username=admin&password=71urlkufpsdnlkadsf"
-
#142 Up For A Little Challenge?
strings Begin\ Hack.jpg | grep -i mega strings Begin\ Hack.jpg | grep -i real unzip Up\ For\ A\ Little\ Challenge.zip cd Did\ I\ Forget\ Again\? binwalk -e .Processing.cerb4 cd _.Processing.cerb4.extracted unzip -P "Nothing Is As It Seems" 0.zip xdg-open skycoder.jpg # Flag is in the bottom right
-
#195 Milk's Best Friend
binwalk -e oreo.jpg cd _oreo.jpg.extracted strings b.jpg | grep -i flag
-
#231 Symbolic Decimals
echo '^&,*$,&),!@#,*#,!!^,(&,!!$,(%,$^,(%,*&,(&,!!$,!!%,(%,$^,(%,&),!!!,!!$,(%,$^,(%,&^,!)%,!)@,!)!,!@%' | sed 's/\!/1/g' | sed 's/\@/2/g' | sed 's/\#/3/g' | sed 's/\$/4/g' | sed 's/\%/5/g' | sed 's/\^/6/g' | sed 's/\&/7/g' | sed 's/\*/8/g' | sed 's/(/9/g' | sed 's/)/0/g' | sed 's/,/ /g' | awk '{ for (i=1; i<=NF; i++) printf "%c", $i; print "" }'
-
#237 Digital Camouflage
wireshark data.pcap echo "UEFwZHNqUlRhZQ==" | base64 -d
-
#238 Substitution Cipher
https://www.dcode.fr/monoalphabetic-substitution
https://gchq.github.io/CyberChef/#recipe=Substitute('ABCDEFGHIJKLMNOPQRSTUVWXYZ','AYWMCNOPHZRSTJIQKDLEGXUVFB',false)&input=TUlUIFlTQVUgT0wgT1lHRlNCREdSVEtGRUtCSE1HQ0FMU09RVE1JT0w -
#274 Ambush Mission
wget http://www.caesum.com/handbook/Stegsolve.jar -O stegsolve.jar chmod +x stegsolve.jar mkdir bin mv stegsolve.jar bin/ && cd bin java -jar stegsolve.jar echo "bTNFdF9tZV80dF8xMl9hTQ==" | base64 -d
-
#356 A CAPture of a Flag
wireshark -Y 'http contains "GET /?m"' flag\ \(4\) echo "ZmxhZ3tBRmxhZ0luUENBUH0=" | base64 -d
-
#890 Naughty Cat
java -jar stegsolve.jar binwalk -e cut3_c4t.png cd _cut3_c4t.png.extracted/ hexeditor y0u_4r3_cl0s3.rar # change Cat! to Rar! echo -n -e '\x52\x61\x72' | dd conv=notrunc bs=1 count=3 of=y0u_4r3_cl0s3.rar # Get rar password from purrr_2.mp3 using Audacity Spectogram unrar x -psp3ctrum_1s_y0ur_fr13nd y0u_4r3_cl0s3.rar cat f1n4lly.txt echo "ZjByM241MWNzX21hNXQzcg==" | base64 -d
-
#903 Smiling ASCII
zsteg -a smiling.png
-
#89 Image Magic
import PIL from PIL import Image # 27968 / 304 = 92 imgWidth = 92 img = Image.open("out copy.jpg") pixels = list(img.getdata()) pixel_rows = [] row = [] for i, pixel in enumerate(pixels): row.append(pixel) if len(row) == imgWidth: pixel_rows.append(row) row = [] pixels = [] for row in pixel_rows: pixels.extend(row) out = Image.new('RGB', (imgWidth, 304)) out.putdata(pixels) out = out.rotate(-90, 0, 1) out = out.transpose(PIL.Image.FLIP_LEFT_RIGHT) out.show()
-
#121 So many 64s
cat flag.txt | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d | base64 -d
-
#138 Corrupted File
echo -n -e '\x47\x49\x46\x38' | cat - unopenable.gif > tmpfile && mv tmpfile unopenable.gif # open gif file in photopea.com or photoshop echo "ZmxhZ3tnMWZfb3JfajFmfQ==" | base64 -d
-
#149 Inj3ction Time
jsql https://web.ctflearn.com/web8/?id=1
-
#150 Calculat3 M3
https://web.ctflearn.com/web7/document.getElementById('d').value = ";ls"; document.getElementsByTagName("form")[0].submit();
-
#394 Old memories
https://github.com/zardus/ctf-toolsjava -jar stegsolve.jar # Analyse -> Image Combiner
-
#243 Encryption Master
https://github.com/zardus/ctf-toolsecho "TmljZSEgTm93IGtlZXAgZ29pbmcuIDU0Nzc2ZjIwNmQ2ZjcyNjUyZTIwMzAzMTMwMzAzMDMxMzEzMDIwMzAzMTMxMzAzMTMwMzAzMTIwMzAzMTMxMzAzMTMxMzEzMDIwMzAzMTMxMzAzMDMwMzAzMTIwMzAzMTMxMzAzMTMxMzAzMDIwMzAzMDMxMzAzMDMwMzAzMDIwMzAzMTMwMzAzMDMxMzAzMDIwMzAzMTMxMzAzMDMxMzAzMTIwMzAzMTMxMzAzMDMwMzEzMTIwMzAzMTMxMzEzMDMwMzEzMDIwMzAzMTMxMzEzMTMwMzAzMTIwMzAzMTMxMzEzMDMwMzAzMDIwMzAzMTMxMzEzMDMxMzAzMDIwMzAzMTMxMzAzMTMwMzAzMTIwMzAzMTMxMzAzMTMxMzEzMTIwMzAzMTMxMzAzMTMxMzEzMDIwMzAzMDMxMzAzMDMwMzAzMTIwMzAzMDMxMzAzMDMwMzAzMDIwMzAzMTMwMzEzMDMwMzAzMTIwMzAzMDMxMzEzMDMwMzAzMTIwMzAzMTMwMzEzMDMwMzEzMDIwMzAzMTMwMzAzMDMxMzEzMTIwMzAzMTMxMzAzMDMxMzAzMTIwMzAzMDMxMzEzMDMwMzAzMDIwMzAzMTMxMzAzMTMxMzAzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMwMzAzMTIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMDMxMzEzMDMwMzAzMTIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMTMwMzAzMDMxMzEzMDIwMzAzMTMwMzAzMTMwMzEzMDIwMzAzMTMwMzEzMDMwMzAzMDIwMzAzMTMwMzEzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMTMwMzEzMDMwMzEzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzAzMDIwMzAzMDMxMzEzMDMwMzAzMDIwMzAzMTMwMzEzMTMwMzEzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMxMzEzMTIwMzAzMTMwMzEzMDMxMzAzMTIwMzAzMDMxMzEzMTMwMzAzMTIwMzAzMTMwMzEzMDMxMzEzMDIwMzAzMTMxMzAzMDMxMzEzMDIwMzAzMTMwMzEzMDMwMzAzMTIwMzAzMDMxMzEzMTMxMzAzMTIwMzAzMDMxMzEzMTMxMzAzMQ==" | base64 -d | sed 's/Nice! Now keep going\. //' | xxd -r -p | sed 's/Two more\. //' | tr -d ' ' | perl -lape '$_=pack("B*", $_)' | sed 's/Final Decryption! //' | base64 -d
-
#441 Seeing is believing
unzip message.zip cd seeingisbelieving cat help.me file help.me cp help.me help.ogg xdg-open help.ogg # open with audacity
Use Spectogram in Audacity and scan QR code.
https://pastebin.com/zhEhyp3G -
#484 RSA Twins!
https://github.com/RsaCtfTool/RsaCtfTool./RsaCtfTool.py -n 14783703403657671882600600446061886156235531325852194800287001788765221084107631153330658325830443132164971084137462046607458019775851952933254941568056899 -e 65537 --uncipher 684151956678815994103733261966890872908254340972007896833477109225858676207046453897176861126186570268646592844185948487733725335274498844684380516667587