-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathchallenges.html
More file actions
350 lines (334 loc) · 22.8 KB
/
challenges.html
File metadata and controls
350 lines (334 loc) · 22.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Cyber Hunt</title>
<link href="main.css" rel="stylesheet">
<style>
.tall-row {
margin-top: 40px;
}
</style>
</head>
<body>
<nav class="navbar navbar-default navbar-static-top">
<div class="container">
<div class="navbar-header">
<a class="navbar-brand" href="index.html">Cyber Treasure Hunt</a>
</div>
<div id="navbar" class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li class="dropdown">
<a class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">PLAY THE HUNT<span class="caret"></span> </a>
<ul class="dropdown-menu" role="menu">
<li><a href="challenges.html">Challenges</a></li>
<li class="divider"></li>
<li class="dropdown-header">Help</li>
<li><a href="tips.html">Tips</a></li>
</ul>
</li>
</ul>
</div>
</div>
</nav>
<div class="container">
<div class="row tall-row">
<div class="col-lg-12">
<h1>Challenges</h1>
<hr>
</div>
</div>
<div class="row">
<div class="col-md-3">
<div class="list-group">
<a href="#0" class="list-group-item" data-toggle="tab"><span class="badge">WEB</span>Challenge 0</a>
<a href="#1" class="list-group-item" data-toggle="tab"><span class="badge">CRYPTO</span>Challenge 1</a>
<a href="#2" class="list-group-item" data-toggle="tab"><span class="badge">STEG</span>Challenge 2</a>
<a href="#3" class="list-group-item" data-toggle="tab"><span class="badge">WEB</span>Challenge 3</a>
<a href="#4" class="list-group-item" data-toggle="tab"><span class="badge">REV</span>Challenge 4</a>
<a href="#5" class="list-group-item" data-toggle="tab"><span class="badge">OSINT</span>Challenge 5</a>
<a href="#6" class="list-group-item" data-toggle="tab"><span class="badge">MISC</span>Challenge 6</a>
<a href="#7" class="list-group-item" data-toggle="tab"><span class="badge">STEG</span>Challenge 7</a>
<a href="#8" class="list-group-item" data-toggle="tab"><span class="badge">CRYPTO</span>Challenge 8</a>
<a href="#9" class="list-group-item" data-toggle="tab"><span class="badge">STEG</span>Challenge 9</a>
<a href="#10" class="list-group-item" data-toggle="tab"><span class="badge">OSINT</span>Challenge 10</a>
</div>
</div>
<div class="col-md-6">
<div class="tab-content">
<br>
<div class="tab-pane fade" id="0">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 0</h3></div>
<div class="panel-body">Can you find the flag hidden somewhere on the homepage?</div>
</div>
</div>
<div class="tab-pane fade" id="1">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 1</h3></div>
<div class="panel-body">Figure out what the message says.</div>
</div>
</div>
<div class="tab-pane fade" id="2">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 2</h3></div>
<div class="panel-body">Find what's hidden in the image.</div>
</div>
</div>
<div class="tab-pane fade" id="3">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 3</h3></div>
<div class="panel-body">
<p>Can you login to the website?</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="4">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 4</h3></div>
<div class="panel-body">
<p>Here's a python source file, I ran it and put the output on the page. Can you figure out my input?</p>
<div class="well well-sm">
<a href="res/challenge4/source.py" target="_blank"> >>source.py<< </a>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="5">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 5</h3></div>
<div class="panel-body">
<p>Answer the multiple choice questions on the webpage. To get your flag, press the "Get Flag" button on the webpage. The flag it generates is based on your answers, so you have to get them all right to get the correct flag!</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="6">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 6</h3></div>
<div class="panel-body">
<p>There are n stones in a heap. Alice and Bob play a game by alternatively taking either 1 stone from the heap or a prime number of stones which divides the current number of stones in the heap. The player who takes the last stone wins, and Alice goes first. Then for all multiples of k, Bob can win no matter how Alice plays.</p>
<p>The zip on the webpage contains your flag; its password is the (lowercase) md5 hash of k. (Bonus: can you prove this by induction?)</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="7">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 7</h3></div>
<div class="panel-body">
<p>The flag is hidden in the image; good luck.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="8">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 8</h3></div>
<div class="panel-body">
<p>Can you crack the cipher? Someone mentioned something about the plaintext starting with a key quote from Macbeth to do with cauldrons...</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="9">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 9</h3></div>
<div class="panel-body">
<p>Find the flag.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="10">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 10</h3></div>
<div class="panel-body">
<p>Do you have what it takes to track down where an image was taken? Here are 3 images; find the latitides and longitudes of where they were taken, rounded to 3dp.</p>
<p>To get your flag, input the locations of each photo into the webpage. Then click the "Get Flag" button - the flag it generates is based on your input, so you have to get them all right to get the correct flag!</p>
<p>If you want to verify you have the correct coordinates, the sums of the digits in the locations of each photo are 37, 40 and 37 in some order. (For example, the digitsum of the location 32.264,-10.045 is 27)</p>
<div class="well well-sm">
<a href="res/challenge10/challenge.zip" target="_blank"> >>challenge.zip<< </a>
</div>
<p>(looking at metadata is not required for this challenge, all you need is to view the image and have some good googling skills)</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="11">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 11</h3></div>
<div class="panel-body">
<p>Somebody left a message for me but encrypted it with RSA - can you decrypt it for me? The plaintext is the password for the zip.</p>
<div class="well well-sm">
<p>n = 2564929</p>
<p>e = 23</p>
<p>cts = [2526775, 560024, 1781225, 365354, 739664, 961866, 1133504, 1133504, 639501, 672354, 2467555, 591338, 365354, 2033872, 1133504, 365354, 2464347, 856340, 2498105, 1272588, 713690, 1413614, 888234, 1775930, 1870445, 1721578, 2493263, 897707, 438472, 288075, 888234, 483391, 777393, 917743, 15099, 897707, 438472, 1086191, 1086191, 483391, 2464347, 917743, 1880065, 2456452, 1873747, 1775930, 15099, 1818791]</p>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="12">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 12</h3></div>
<div class="panel-body">
<p>Find the flag in the mp3 (of the most epic scene ever).</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="13">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 13</h3></div>
<div class="panel-body">
<p>Yesterday I ran this python file I downloaded. Unfortunately it was hijacked by some ransomware, and all my files were encrypted. The ransomware said that in order to decrypt them I needed the value of e that was generated when I ran the python file. Here's the python file and what it output when I ran it - find the value of e that it generated when I ran it.</p>
<p>There is a zip on the webpage containing the flag; its password is the value of e.</p>
<div class="well well-sm">
<a href="res/challenge13/challenge.py" target="_blank"> >>challenge.py<< </a>
</div>
<div class="well well-sm">
<a href="res/challenge13/output.txt" target="_blank"> >>output.txt<< </a>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="14">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 14</h3></div>
<div class="panel-body">
<p>On the webpage is a network capture of when I was browsing the web. Extract the flag. (hint: http objects)</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="15">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 15</h3></div>
<div class="panel-body">
<p>There are 10 ants on a 5000km long string. Each ant is given a random direction (left or right) and then they begin to crawl along the string. They all move at 1 cm/min. When two ants collide, they both "bounce off each other" and move in the opposite direction as before the collision (at the same speed). The only way an ant can fall off the string is when it crawls off either end.</p>
<p>(each ant is infinitely small)</p>
<p>Your puzzle input consists of the locations of the ants - the nth line of the input is an integer representing the starting distance between the nth ant and the left end of the string in metres. Find both the minimum possible time for the first ant to fall off the string and the maximum possible time taken for all of the ants to fall off the string. (both in seconds) This will be an integer.</p>
<p>Your puzzle input is on the webpage. To proceed, follow the instructions on the page.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="16">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 16</h3></div>
<div class="panel-body">
<p>Up for some more steg? Find the flag...</p>
<p>Hint: that image is on the site for "The Perse School", spot the difference.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="17">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 17</h3></div>
<div class="panel-body">
<p>Let x be a real number. Suppose that if ABCD is any convex cyclic quadrilateral such that AC=4, BD=5 and AB is perpendicular to CD, then the area of ABCD is at least x. Then the greatest possible value of x is m/n, where m and n are positive integers with gcd(m,n)=1. The password for the zip is the md5 (lowercase) of 100*m+n.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="18">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 18</h3></div>
<div class="panel-body">
<p>Here's an RSA encryption program, see if you can spot the vulnerability and break the encryption. The output of the program is on the webpage.</p>
<div class="well well-sm">
<a href="res/challenge18/encrypt.py" target="_blank"> >>encrypt.py<< </a>
</div>
</div>
</div>
</div>
<div class="tab-pane fade" id="19">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 19</h3></div>
<div class="panel-body">
<p>Someone called Aeschylus Crypt has a twitter profile - find your flag.</p>
<p>Hint: steghide.</p>
<p>During the osint challenge you will find a pastebin link somewhere. It's not a real pastebin link but it's needed to solve the challenge nonetheless.</p>
</div>
</div>
</div>
<div class="tab-pane fade" id="20">
<div class="panel panel-primary">
<div class="panel-heading"><h3 class="panel-title">Challenge 20</h3></div>
<div class="panel-body">
<p>This is the best challenge yet, I promise.</p>
<p>A known hacker has a banking website up and running where he sells IKEA djungelskogs, but I think there might be more to it.</p>
<p>The hacker's site has a password reset page that functions by generating a session token and a password reset token. The password reset token is then used to authorize a password reset while the session token is displayed to the user.</p>
<p>I only managed to intercept a few lines of the source code, although I did also intercept one of the admin's session tokens. With this information, can you figure out the admin's password reset token? That would allow us to reset the admin's password and gain access to their account.</p>
<p>The few lines of source code I managed to intercept are attached below; and the admin's session token is on the webpage. Figure out the admin's password reset token for me.</p>
<p>To get your flag, input the password reset token into the webpage and press "Get Flag". The flag it generates is based on your input, so you have to get the answer right to get the correct flag!</p>
<div class="well well-sm">
<a href="res/challenge20/intercept.php" target="_blank"> >>intercept.php<< </a>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="col-md-3">
<div class="list-group">
<a href="#11" class="list-group-item" data-toggle="tab"><span class="badge">CRYPTO</span>Challenge 11</a>
<a href="#12" class="list-group-item" data-toggle="tab"><span class="badge">STEG</span>Challenge 12</a>
<a href="#13" class="list-group-item" data-toggle="tab"><span class="badge">REV</span>Challenge 13</a>
<a href="#14" class="list-group-item" data-toggle="tab"><span class="badge">MISC</span>Challenge 14</a>
<a href="#15" class="list-group-item" data-toggle="tab"><span class="badge">MISC</span>Challenge 15</a>
<a href="#16" class="list-group-item" data-toggle="tab"><span class="badge">STEG</span>Challenge 16</a>
<a href="#17" class="list-group-item" data-toggle="tab"><span class="badge">MISC</span>Challenge 17</a>
<a href="#18" class="list-group-item" data-toggle="tab"><span class="badge">CRYPTO</span>Challenge 18</a>
<a href="#19" class="list-group-item" data-toggle="tab"><span class="badge">OSINT</span>Challenge 19</a>
<a href="#20" class="list-group-item" data-toggle="tab"><span class="badge">REV</span>Challenge 20</a>
</div>
</div>
</div>
<div class="row">
<div class="col-lg-12">
<table class="table table-striped table-hover">
<thead>
<tr>
<th>Symbol</th>
<th>Category</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><span class="badge">CRYPTO</span></td>
<td>Cryptography</td>
<td>Cracking codes and ciphers / decrypting messages that use vulnerable encryption methods.</td>
</tr>
<tr>
<td><span class="badge">MISC</span></td>
<td>Miscellaneous</td>
<td>Combines aspects from multiple different categories, or none of them.</td>
</tr>
<tr>
<td><span class="badge">OSINT</span></td>
<td>Open Source Intelligence</td>
<td>Ability to use publicly available information e.g. googling / looking at social media profiles.</td>
</tr>
<tr>
<td><span class="badge">REV</span></td>
<td>Reversing</td>
<td>Determining a piece of code's input given its output.</td>
</tr>
<tr>
<td><span class="badge">STEG</span></td>
<td>Steganography</td>
<td>Finding/retrieving hidden messages in files.</td>
</tr>
<tr>
<td><span class="badge">WEB</span></td>
<td>Web exploitation</td>
<td>Scouring websites looking for possible vulnerabilities.</td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="row tall-row">
<div class="col-md-12">
<hr>
<p><small>Created by <a href="https://github.com/dnzc/" target="_blank">dnzc</a> | <a href="https://github.com/Bachittarjeet" target="_blank">Bootstrap Template</a></small></p>
</div>
</div>
</div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/js/bootstrap.min.js"></script>
</body>
</html>