The following is a list of all of the challenges used for the 2018 CTF along with their description and link for convenience. Each of these challenges contain a README which well tell you how to stand up the challenge and the correct key to allow you to check yourself when you solve it.
| Title | Value | Repository | Description |
|---|---|---|---|
| Keyboard Shuffle | 100 | 2018-Crypto-100 | To the right, to the right, to the right, to the right To the left, to the left, to the left, to the left, to the left? Ut awwna U;n cwrt vS r rtoubfm rgBJAB DIE VWUBF AI YBSWEARndubf BTQt~ nxPRTOUBF)UA)ooEWBRKT)Ges{ |
| Challenge.find(55).description.length => 374 | 150 | 2018-Crypto-150 | 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 |
| Blue Codes of Death | 200 | 2018-Crypto-200 | For some reason I can only get this to run on Windows 2003... Hint: Flag format for this challenge is `MCA-flag` |
| Platform 9 and 3/4ths | 250 | 2018-Crypto-250 | You told your friend that his online game wasn't secure enough so he added some encryption. Shouldn't be possible to beat it now, right? How to Run Client: Run `./preInstall.sh` which installs 32-bit libraries that the game requires. Once the script completes, the game will run automatically. |
| Title | Value | Repository | Description |
|---|---|---|---|
| CTF Jams | 150 | 2018-Grab-Bag-150 | The white cell loves to discover and share new music. Check out our new compilation album! We put a lot of work into the album art. |
| Gas Pump Simulator | 200 | 2018-Grab-Bag-200 | Who thought we could make boring everyday tasks like pumping gas more fun? You might even find a few 'lost' credit cards along the way. How to Run Client: Run `preInstall.sh` which installs 32-bit libraries that the game requires. Once the script completes, the game will run automatically. **Hint:** The flag has nothing to do with the splash screen/loading screen. **Hint 2:** The whole challenge can be completed through the game. |
| AIRGAP | 250 | 2018-Grab-Bag-250 | Our man on the inside was able to upload a virus to an air-gapped network. Now that we've gotten control of their [security cameras](https://youtu.be/mlTDAMM17uM), we should be able to exfiltrate the flag. Hint: The key matches the following regex `mca (\w+ )+mca`, you can test it online using [rubular](https://rubular.com). |
| Final Boss! | 300 | 2018-Grab-Bag-300 | See the score is right there, but there's also a decimal point. That's hidden. How to Run Client: Run `preInstall.sh` which installs 32-bit libraries that the game requires. Once the script completes, the game will run automatically. |
| FAT Chance | 400 | 2018-Grab-Bag-400 | Data exfiltration has been a problem in our organization recently. Just this week we saw more suspect traffic come across the wire. The problem is, information security can't figure out what was transmitted. We need your help! *Here's some information that will help you during the investigation.* Due to employee outrage at SSL break/inspect, our information security department decided to "patch" the kernel and seed random values with timestamps so that users don't complain about HTTPS warnings when they browse the web and they can still decrypt all the traffic. It's genius! The suspect was obsessed with snakes, and we don't have any Python experts on our team, can you take a look? |
| Title | Value | Repository | Description |
|---|---|---|---|
| Security as a Service | 150 | 2018-Binary-150 | We love micro-services. And that's why, from this point forward, we are declaring all applications that `import`, `include`, or `require` anything monolithic! And like all great micro-services it's open source! |
| INTeresting binary | 300 | 2018-Binary-300 | I've got 3 problems but a buffer overflow is 0xffffffffffffffffff.... |
| Janitors Keyring | 400 | 2018-Binary-400 | The year is 2050. It was a dark night in Fank Jr 2 the janitors house when the phone rang. There was a problem at the office and they needed him to come in and unlock the doors. Since it's the future and all the doors are obviously digital, so...maybe you can give him a hand? His bed is really comfortable. |
| Farm Sim | 500 | 2018-Binary-500 | Old McDonald had a farm. 0x0E 0x01 0x0E 0x01 0x00. |
| Title | Value | Repository | Description |
|---|---|---|---|
| "Express" Checkout | 50 | 2018-Web-50 | It took a lot of courage but our great team accomplished the unthinkable. We are happy to announce a fantastic new express checkout experience. Our customers are going to love it! This new workflow has your items delivered to someone else in no time flat! |
| Adverse Reaction | 100 | 2018-Web-100 | We see you're running an ad-blocker. To view this content consider opening yourself up to malware. You can also subscribe for $9.99/month and still receive ads! |
| Click Me | 100 | 2018-Web-100 | No really, go for it. |
| Two Problems | 100 | 2018-Web-100 | I lost my phone and I can't log in to my favorite website. Can you help me get access? |
| Scoreboard v2 | 200 | 2018-Web-200 | Okay, we admit it. Rails is bad. Can you help us test our new login page written in Flask? It's running live here. We think its 512x better than the old one. |
| Super Degreaser | 200 | 2018-Web-200 | Cleanup on aisle 1. |
| Title | Value | Repository | Description |
|---|---|---|---|
| Back to the Future | 100 | 2018-Linux | Get in the pipe Marty! We gotta get all the way to Bendigo! We gotta get me keys back! |
| It's all in the past now | 100 | 2018-Linux | There is a flag stored in /flag.txt but only root can read it. Figure out how to get root access to read the flag. |
| Set me free | 100 | 2018-Linux | Someone has backdoored my VM! Find the backdoor to get the flag. |
| How do I exit vim? | 150 | 2018-Linux | I've opened vim and can't exit! Can you help me? |