Newark Academy CTF 2019
Last updated
Last updated
Vyom was eating a CAESAR salad with a bunch of wet croutons when he sent me this: ertkw{vk_kl_silkv}. Can you help me decipher his message? Hint: You don't have to decode it by hand -- Google is your friend!
Using the website we can easily find the flag
Flag: nactf{et_tu_brute}
Ruthie is very inhumane. She keeps her precious pigs locked up in a pen. I heard that this secret message is the password to unlocking the gate to her PIGPEN. Unfortunately, Ruthie does not want people unlocking the gate so she encoded the password. Please help decrypt this code so that we can free the pigs! P.S. "_" , "{" , and "}" are not part of the cipher and should not be changed. P.P.S the flag is all lowercase
Referring to the pigpen cipher you can decode the message.
Flag: nactf{th_th_th_thats_all_folks}
Your flag is nactf{w3lc0m3_t0_th3_m4tr1x}
Flag: nactf{1nsp3ct_b3tter_7han_c10us3au}
Go to the NACTF home page and find the link to the Discord server. A flag will be waiting for you once you join. So will Austin.
Flag: nactf{g00d_luck_h4v3_fun}
What the HEX man! My friend Elon just posted this message and I have no idea what it means >:( Please help me decode it: https://twitter.com/kevinmitnick/status/1028080089592815618?lang=en. Leave the text format: no need to add nactf{} or change punctuation/capitalization Hint: online converters are pretty useful
Cipher is
Using an online decoder the hex converted to
Flag: I was. Sorry to have missed you.
It seems my friend Rohan won't stop sending cryptic messages and he keeps mumbling something about base 64. Quick! We need to figure out what he is trying to say before he loses his mind... bmFjdGZ7YV9jaDRuZzNfMGZfYmE1ZX0=
Doing a simple base64 decoding to get the flag
Flag: nactf{a_ch4ng3_0f_ba5e}
Open up a terminal and connect to the server at shell.2019.nactf.com on port 31242 and get the flag! Use this netcat command in terminal. nc shell.2019.nactf.com 31242
Flag: nactf{th3_c4ts_0ut_0f_th3_b4g}
Grace was trying to make some food for her family but she really messed it up. She was trying to make some hashbrowns but instead, she made this: f5525fc4fc5fdd42a7cf4f65dc27571c. I guess Grace is a really bad cook. But at least she tried to add some md5 sauce. remember to put the flag in nactf{....}
Doing a quick google search to get to this website which decrypted the MD5
Flag: nactf{grak}
Vikram was climbing a chunky tree when he decided to hide a flag on one of the leaves. There are 10,000 leaves so there's no way you can find the right one in time... Can you open up a terminal window and get a grep on the flag? Hint: You'll need to add an option to the grep command: look up recursive search!
Flag: nactf{v1kram_and_h1s_10000_l3av3s}
Juliet hid a flag among 100,000 dummy ones so I don't know which one is real! But maybe the format of her flag is predictable? I know sometimes people add random characters to the end of flags... I think she put 7 random vowels at the end of hers. Can you get a GREP on this flag? Hint: Look up regular expressions (regex) and the regex option in grep!
Flag: nactf{r3gul4r_3xpr3ss10ns_ar3_m0r3_th4n_r3gul4r_euaiooa}
The close cousin of a website for "Question marked as duplicate". Can you cause a segfault and get the flag? shell.2019.nactf.com:31475 Hint: What does it mean to overflow the buffer?
Looking at the code we have a buffer overflow gets(buf); The target calls the function win()
Looking again whenever a SIGSEGV error occurs the signal calls win();
signal(SIGSEGV, win); To get to that we just need a very very long input.
Flag: nactf{0v3rfl0w_th4at_buff3r_18ghKusB}
I hate to say it but I think that Hawkeye is probably the Least Significant avenger. Can you find the flag hidden in this picture? Hint: Hiding messages in pictures is called stenography. I wonder what the least significant type of stenography is.
Using this website to decode the image.
Flag: nactf{h4wk3y3_15_th3_l34st_51gn1f1c4nt_b1t}
Phil sent me this meme and its a little but suspicious. The meme is super meta and it may be even more meta than you think. Wouldn't it be really cool if it also had a flag hidden somewhere in it? Well you are in luck because it certainly does! Hint: Hmm how can find some Meta info about a file type? Google is your friend :)
Flag: nactf{d4mn_th15_1s_s0_m3t4}
I stole these files off of The20thDucks' computer, but it seems he was smart enough to put a password on them. Can you unzip them for me? Hint: There are many tools that can crack zip files for you Hint 2: All the passwords are real words and all lowercase
Flag: nactf{dictionaryrockdog}
Kellen gave in to the temptation and started playing World of Tanks again. He turned the graphics up so high that something broke on his computer! Kellen is going to lose his HEAD if he can't open this file. Please help him fix this broken file. Hint: A hex editor might be useful
Open the file
Flag: nactf{kn0w_y0ur_f1l3_h34d3rsjeklwf}
Kellen was playing some more World of Tanks.... He played so much WOT that he worked up an appetite. Kellen ripped a PDF in half. He then treated these two halves as bread and placed a different PDF on the inside (yummy PDF meat!). That sounds like one good PDF sandwich. PDF on the outside and inside! YUM! Hint: You are going to have to find a way to remove the PDF from inside the other PDF file.
You get the first part of the file by opening it. Then when you run foremost MeltedFile.pdf it will show a pdf with the second part of the flag.
Flag: nacntf{w3_l0lcv_rd_0f_t4nk5ejwjfae}
Put the path to flag.txt together to get the flag! for example, if it was located at ab/cd/ef/gh/ij/flag.txt, your flag would be nactf{abcdefghij} Hint: Check out loop devices on Linux
Extract to file fsimage.iso. Right-click Open With Disk Image Mounter. Go to the mounted folder. Run find -name 'flag.txt'
Flag: nactf{lqwkzopyhu}
Joyce's friend just sent her this photo, but it's really fuzzy. She has no idea what the message says but she thinks she can make out some black text in the middle. She gave the photo to Oligar, but even his super eyes couldn't read the text. Maybe you can write some code to find the message? Also, you might have to look at your screen from an angle to see the blurry hidden text P.S. Joyce's friend said that part of the message is hidden in every 6th pixel
From this point, I couldn't solve but see the forming of words on the left side. I tried and modified all parts of it but it seemed that was the best I could get.
Rahul loves the Pink Panther. He even made this website: http://pinkpanther.web.2019.nactf.com. I think he hid a message somewhere on the webpage, but I don't know where... can you INSPECT and find the message? https://www.youtube.com/watch?v=2HMSnfeNf8c Hint: This might be slightly more difficult on some browsers than on others. Chrome works well.
Just view the source code
Flag: nactf{1nsp3ct_b3tter_7han_c10us3au}
Kira loves to watch Scooby Doo so much that she made a website about it! She also added a clicker game which looks impossible. Can you use your inspector skills from Pink Panther to reveal the flag?http://scoobydoo.web.2019.nactf.com
View the source code and from their change the opacity to 1 to display the flag.
Flag: nactf{ult1m4T3_sh4ggY}
Dee Dee, Please check in on your brother's lab at http://dexterslab.web.2019.nactf.com We know his username is Dexter, but we don't know his password! Maybe you can use a SQL injection? Mom + Dad
Use a basic SQL Injection ' or 1=1# to get the flag
Flag: nactf{1nj3c7ion5_ar3_saf3_in_th3_l4b}
Surprisingly, The20thDuck loves cookies! He also has no idea how to use php. He accidentally messed up a cookie so it's only available on the countdown page... Also why use cookies in the first place?http://sesamestreet.web.2019.nactf.com Hint: The20thDuck's web development skills are not on the right PATH...
Go to http://sesamestreet.web.2019.nactf.com/countdown.php. From their edit the cookie named session-time and change the path to flag.php, and change the value to a large number like 99999999999. Finally, go to http://sesamestreet.web.2019.nactf.com/flag.php, where the flag is at
Flag: nactf{c000000000ki3s}
