-
Find CTF theme -> Halloween
-
Create Crypto challs
-
Create Noob challs
-
Create Pwn challs
-
Create RE challs
-
Create Web challs
-
Create Misc challs
-
IRL challs (only on-site)
-
Post Crypto challs
-
Post Noob challs
-
Post Pwn challs
-
Post RE challs
-
Post Web challs
-
Add urls to Web challs
-
Post Misc challs
-
Post IRL challs (only on-site)
- 👶 Noob
- 🔥 Pwn
- ↩️ Reverse Engineering
- 🔐 Crypto
- 🕸️ Web
- 🏃 IRL
- 🌈 Misc
Copied from last year:
We want to create more interest and enthusiasm for security and related problems for students. For this, a noob-friendly Capture-the-flag competition is perfect! The idea is to expose people to gradually more challenging tasks, starting with very simple ones and moving to more complex ones. None should be too hard and some help will be given for those in need.
We define the following categories of challenges, with a minimum of three(3) in each category and up to six(6). (Ideas are welcome)
Usually file/shell manipulation in Bash
- Classics: cat, .filename, using find, grep
- Unzipping different formats was fun and challenging last year
Pwn the system: gain access to some system with a buffer overflow, code injection, password cracking...
- Python eval exploitation
- Some assembly injection thing??
Pick apart the program to figure out how it works
- Input with strong constraints
- Use standard libraries in C, like printf and scanf, prompting for questions, so one solution could be from using ltrace to se what the functions hold as an answer.
- Chall using xxd/cat/string&grep to see the string in the binary file.
Classic ciphers and number fun
- Spiral cipher
- Periodic system cipher
- Serpent cipher
- Base64 partially hidden in text
- Cæsar cipher
- Hill cipher (oppgi den orginale matrisen, slik at de må gjøre en invers)
- RSA-encoder/decoder python code, you get the cipher etc and need to try and decipher it.
Fun with websites and web code
- Simple first web chall, with password and username in html source code or the flag in the source code
- URL redirect with right path e.g. /flag.txt /robots.txt etc
- Some kind of XSS
- Wireshark analysing stuff.
- Inverse an QR code that can be found on a secret endpoint on a website.
- Some php script to get the secret file from the db?
- Website where you need to press the
+button to increase your score, the goal is 500 000 points. Mess with POST request or perhaps a SQL injection?
Challenges on site: lock-picking, treasure hunting or whatever else~~
-
Some form of social engineering? -
Lock picking ofc.
Any other challenges we can come up with
- Esoteric horrorshow (Whitespace)
- Whitespace could hide in another language (like C)
- GLADoS
- "mad scientist" C stuff
- Soundwave password
- EasterEgg on TD's webpage
- Really big maze