He\xED.SPACE

The challenge Quinn was ecstatic when she received a invitation to “A Haunting Halloween Bash!” The design was perfectly eerie, and she saved it immediately. But the spooky fun didn’t stop there. A few hours later, her computer started acting strangely. Her cursor flickered, and she could swear she heard faint, ghostly whispers coming from her speakers. The final chilling event occurred when her desktop wallpaper suddenly changed to a glitched, haunting version. Is her computer just getting into the spirit of the season, trying to cosplay for Halloween? Or is there something more sinister lurking… ...

NOThing to C Here Move along, NOThing to see here, no flags in sight… Running file against the executable: └─$ file NothingToC NothingToC: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=d1f89a3ac713a435ad3b35e178b2d49548640c86, for GNU/Linux 4.4.0, stripped The binary provided with the challenge is a 64-bit, dynamically linked, PIE-enabled, stripped of debug info. Executing the binary: └─$ ./NothingToC === NOTing To C Flag Checker === Ready to check your flag? Let's see what you've got! Enter the flag to check: AAAA Oops! Your flag is 4 characters long, but I'm looking for exactly 28 characters. Maybe count your characters next time? Hmm... that does NOT look right... It appears that the executable expects the flag as input and requires it to be 28 characters long. ...

MetaCTF February 2025 Flash CTF consists of 5 challenges. Cookie Crackdown We’re auditing some websites to check if they’re GDPR compliant, and I’m pretty sure this site isn’t… Upon loading the site, we are presented with a modal requiring us to consent to cookies. From the challenge description and the web page, we can assume that the flag is probably stored as a cookie. Pressing F12 will bring up the Developer menu. Navigating to the Application tab and then selecting Cookies will reveal a cookie conveniently named flag. ...

MetaCTF November 2024 Flash CTF consists of 5 challenges. Slithering Security Help me test my sssecurity, can you get the flag from this ssssecure sssscript? Download the challenge file here. We are provided with a small Python script that prompts the user for a password. If the correct password is entered, the script reveals the flag. Here’s the code: #!/usr/bin/env python3 SECRET_FLAG=b"\x54\x57\x56\x30\x59\x55\x4e\x55\x52\x6e\x74\x6b\x4d\x47\x34\x33\x58\x7a\x64\x79\x64\x58\x4d\x33\x58\x32\x4e\x73\x4d\x57\x34\x33\x63\x31\x39\x33\x61\x54\x64\x6f\x58\x33\x4d\x7a\x59\x33\x49\x7a\x4e\x33\x4e\x7a\x63\x33\x4e\x7a\x63\x33\x4e\x39" HASHED_PASSWORD = b'\x12\x1eW\x98\x00\xc1C\xff\xe3\xa9\x15\xde\xd9\x00\x9b\xc9' from base64 import b64decode from hashlib import md5 def check_password(password): m = md5() m.update(password) return m.digest() == HASHED_PASSWORD def main(): while True: inp = input("Please enter your passssssword: ").encode() if check_password(inp): print(f"Well done, your flag isssssss {b64decode(SECRET_FLAG).decode()}") exit() else: print("Passsssssword incorrect, please try again.") if __name__ == "__main__": main() Both the password and the flag are represented in hexadecimal format, but the flag is further encoded in Base64. To extract the flag, we can use CyberChef or the terminal. Using awk, we can strip out the \x delimiters, convert the hexadecimal to ASCII, and then pipe the result into base64 for decoding. ...

You managed to get access to a device (indicated in red) on the network shown below. One of the hosts on that network is sending the flag over HTTPS to another host every ~5 seconds. Can you intercept it? ? This environment is somewhat limited. Look through the tools available to you on the machine. The network you connect to is not shared with other participants. Connect with ssh [REDACTED] -p 7000 ...