Welcome to the Cybersecurity CTF Challenges

Test your skills by solving various cybersecurity challenges!

Challenge 1: Find the Flag

The flag is hidden in the message. Can you find it?

Hint: The flag starts with 'flag{'.

Challenge 2: XOR Cipher

The message is encoded using XOR encryption. Find the flag by decoding it.

Message:
0010111000101101001110010101011100101001001100000010111000101010011011110011000100100001001100010011000001010101001000000001011100110010001101110101110000100100001011010010010100100101

Hint: Try XORing with key 'HAX0R'.

Challenge 3: Layered Text

Theres something with the text at the bottom of this challenge..

Hint: Theres something scrambled in the layers can you find it in the source.

YOU CANT SEE THIS! THIS ELEMENT IS HIDDEN! NOTHING TO SEE HERE! KEEP IT MOVING! flag{hidden_in_layers}

Challenge 4: Steganography

Download the image and find the hidden message inside it.

Try both downloading the image from the site with Save As,

as well as inspecting the source and downloading from the drive.

Pelican

Hint: Use steganography tools on futureboy.us website.

Challenge 5: Blending in plain sight.

There is a hidden text within the page that is invisible to the viewer.

Hint: Change the CSS within the source code to make the flag visible

flag{white_on_white}

Challenge 6: Hidden Javascript will reveal the flag.

There is a hidden Javascript function that will reveal the flag. It will appear at the top of this page when successfully ran.

Hint: Try adding revealFlag() to the console command button! This would normally be done within the browsers console.

Challenge 7: Base 64 Decryption

Decrypt the hidden base64 key and type the flag below.

Hint: Check the source code and use an online decryption software.

Challenge 8: HTML Entity Decryption

Decrypt the html entities and type the flag below. They always start with &#x for example f.

Find a flag written in html entities and use an online website to decipher.

Challenge 9: Hidden Text Hovering

Find and hover over the right element to find the hidden flag.

Hint: Hover over a specific element on the page to reveal the key.

Challenge 10: Invisible Hidden Buttons

Theres a button somewhere on this page that reveals a hidden flag.

Hint: Inspect the source code for a button, change the code til visible. Maybe its the position?

Challenge 11: CSS Flag Riddle

Look at the CSS rules and find the hidden flag.

Hint: The flag might be something obvious and not exactly what the text gives you.

flag{css_color?}

Challenge 12: Hidden Page

There is a hidden page on this website containing a flag.... if you can find it

Hint: Try different page numbers and common page names used accross different websites using the url

Challenge 13: Corrupted File/Filetype Mismatch

There is a file that seems to be corrupted can you find the flag?

Hint: Try changing the file extension or opening the file in a different program than recommended.

Challenge 14: PGP Hidden Keys with Deciphering

Your friend sent you an important sensitive message using PGP/RSA with a key length of 3072 can you find and decipher the flag?

Disclaimer: You will be prompted that google drive cant scan the file for virus' due to the file type you can click download anyway there is no virus.

-----BEGIN PGP MESSAGE-----

wcDMA1vo4GQWlAjhAQv+N+IxRQ2babhMkjUo0urtUV2TmHy4jN/twWEP6buH 1CCTxx3S5uC/Cs8MWvCuYCvSrKYXcTV//UZ2CF+yEy8wtzu7DfE/4w8leu1Z kgg6p578XLIRNe3BJdzkFtptXEXAq1KgtjcnePuP9saCT9QMJv4j6sjlYpS0 fXdI4eALp6q/WRFanvItZX046OGLPXTTyXpIAFGI16yI6U5aNiLBcFQ9ekex ckvjf5bZ1verJSL6+5BpNXclpHbZ/Cifchy9qeq7QGLA/Iy0Eh98asdteDZV alxQ/7zMOmS0VhCscfcRu7bw6GPM6MHCtpTzVreIJCN54X5413eCR6cuCV2i YvjYh0LXQ8fok8ACeHhOzDPhhJyiJrgSPmRXy3kSEXvCsTBk24CVdmr4ltXg dFaFjMEGjNJmHjwGsaW5iLo8uRGC7GXwQmTlmNfzKCawLkUb/Qx58O6lX+Ex dKSEReXnNS/DBrkZEYe+8PglTyZVqeQkgzq/yps+BKrmouXvWES70koBCgwN /EnVy3c4xUUljrsaO4scSVQMGdPPbh5HJbHiBkcINR1TfYf7xG0PixzIqVCq Do2O05dnx6mz4gPvWuoy1AR7B0Py0wBdoA== =1Jhv
-----END PGP MESSAGE-----

Hint: Try changing the file extension or opening the file in a different program than recommended. Inspect the source for the password.

Challenge 15: Scrambled Eggs- Base Decryption [HARD]

There is a key hidden within this file, find it, convert it and you will find your flag.

Hint: Try changing the file type or opening with another program, then find out what base it was written in and convert it to the original base, then use an online base decryptor to get your flag.

Challenge 16: Hovering Hidden Flag

There is a hidden flag somewhere in this challenge

Hint: Hover over something to find the flag

Challenge 17: Login

Enter your username and password to login. You may have to scroll to the top of the page after clicking the login button to see the form.


Hint: Maybe the user forgot to change the default passwords?

Challenge 18: Hidden Flag In Image

There is a flag hidden in an image, scan something to gain access to the flag.

QR-Code

Hint: Try resizing the images pixels, the creator may have intentionally hidden this, or mistakenly broke the code causing it not to show.

Challenge 19: Encrypted Zip File

There is a flag hidden in an encrypted zip, brute force the password to get the flag.

Hint: Try using a program like John The Ripper to brute force the password of the file. It may prompt you that google drive cant scan it for virus' there is no virus you can proceed. In other circumstances dont alway's trust files like this unless you know for sure its safe.

Challenge 20: Web Server Logs

You have been given access to a server's logs. Analyze the logs to find a hidden flag. Pay attention to query parameters or unusual request patterns.

Hint: Flags are often stored in query parameters.

Challenge 21: PDF MetaData

A PDF file is provided, and the flag is hidden in its metadata.

Hint: PDF metadata can sometimes include hidden fields like the document's creation date, modification date, or the identity of the user who created it. Look beyond the basic document info for unusual or hidden entries.

Challenge 22: Cookie Flags

Click the button, doing so will create a cookie within your browser, find it and you will find your flag!

Hint: To solve this challenge, inspect the cookies set by the website. You can easily access them through your browser's developer tools. Once you find the cookie named user_flag, check its value carefully. The flag should be hidden inside the cookie, and it's usually formatted like flag{...}

Challenge 23: Caesar Cipher

Decrypt the following text encrypted with a Caesar cipher (shift: 5):

Encrypted Text: agvb{xvznvm_kduuv}

Hint: Shift forward by 5 to reveal the flag.

Challenge: Vigenère Cipher

Decrypt the ciphertext below to find the flag. Use the keyword provided in the hint.

Ciphertext: hjbk{makghvzx_atydovv}

Hint: The keyword is "cybersecurity".

Challenge 25: Hidden Directory

There is a hidden directory on the website containing the flag. Find it!

Hint: Try appending `/hidden/flag.txt` to the URL.

Challenge 26: MD5 Hash Cracking [UNDER CONSTRUCTION]

The flag has been hashed using the MD5 algorithm. Your task is to reverse the hash and find the original flag.

MD5 Hash:69dae97ef29303f177aeb7aa44b3b4f3

Hint: Use online tools or brute-force programs to reverse the hash. Try

Challenge 27: SQL Injection Cracking

The Flag has been hidden on a user account, use SQL Injections to try and extract information and login

Go to Login

Hint: Research common SQL injection queries for listing all username, email, other columns in the users table.

Congratulations!

You have completed all challenges.

Your final score is: