Challenges

Can you login to the website?

Here's a python source file, I ran it and put the output on the page. Can you figure out my input?

Answer the multiple choice questions on the webpage. To get your flag, press the "Get Flag" button on the webpage. The flag it generates is based on your answers, so you have to get them all right to get the correct flag!

There are n stones in a heap. Alice and Bob play a game by alternatively taking either 1 stone from the heap or a prime number of stones which divides the current number of stones in the heap. The player who takes the last stone wins, and Alice goes first. Then for all multiples of k, Bob can win no matter how Alice plays.

The zip on the webpage contains your flag; its password is the (lowercase) md5 hash of k. (Bonus: can you prove this by induction?)

The flag is hidden in the image; good luck.

Can you crack the cipher? Someone mentioned something about the plaintext starting with a key quote from Macbeth to do with cauldrons...

Find the flag.

Do you have what it takes to track down where an image was taken? Here are 3 images; find the latitides and longitudes of where they were taken, rounded to 3dp.

To get your flag, input the locations of each photo into the webpage. Then click the "Get Flag" button - the flag it generates is based on your input, so you have to get them all right to get the correct flag!

If you want to verify you have the correct coordinates, the sums of the digits in the locations of each photo are 37, 40 and 37 in some order. (For example, the digitsum of the location 32.264,-10.045 is 27)

(looking at metadata is not required for this challenge, all you need is to view the image and have some good googling skills)

Somebody left a message for me but encrypted it with RSA - can you decrypt it for me? The plaintext is the password for the zip.

Find the flag in the mp3 (of the most epic scene ever).

Yesterday I ran this python file I downloaded. Unfortunately it was hijacked by some ransomware, and all my files were encrypted. The ransomware said that in order to decrypt them I needed the value of e that was generated when I ran the python file. Here's the python file and what it output when I ran it - find the value of e that it generated when I ran it.

There is a zip on the webpage containing the flag; its password is the value of e.

On the webpage is a network capture of when I was browsing the web. Extract the flag. (hint: http objects)

There are 10 ants on a 5000km long string. Each ant is given a random direction (left or right) and then they begin to crawl along the string. They all move at 1 cm/min. When two ants collide, they both "bounce off each other" and move in the opposite direction as before the collision (at the same speed). The only way an ant can fall off the string is when it crawls off either end.

(each ant is infinitely small)

Your puzzle input consists of the locations of the ants - the nth line of the input is an integer representing the starting distance between the nth ant and the left end of the string in metres. Find both the minimum possible time for the first ant to fall off the string and the maximum possible time taken for all of the ants to fall off the string. (both in seconds) This will be an integer.

Your puzzle input is on the webpage. To proceed, follow the instructions on the page.

Up for some more steg? Find the flag...

Hint: that image is on the site for "The Perse School", spot the difference.

Let x be a real number. Suppose that if ABCD is any convex cyclic quadrilateral such that AC=4, BD=5 and AB is perpendicular to CD, then the area of ABCD is at least x. Then the greatest possible value of x is m/n, where m and n are positive integers with gcd(m,n)=1. The password for the zip is the md5 (lowercase) of 100*m+n.

Here's an RSA encryption program, see if you can spot the vulnerability and break the encryption. The output of the program is on the webpage.

Someone called Aeschylus Crypt has a twitter profile - find your flag.

Hint: steghide.

During the osint challenge you will find a pastebin link somewhere. It's not a real pastebin link but it's needed to solve the challenge nonetheless.

This is the best challenge yet, I promise.

A known hacker has a banking website up and running where he sells IKEA djungelskogs, but I think there might be more to it.

The hacker's site has a password reset page that functions by generating a session token and a password reset token. The password reset token is then used to authorize a password reset while the session token is displayed to the user.

I only managed to intercept a few lines of the source code, although I did also intercept one of the admin's session tokens. With this information, can you figure out the admin's password reset token? That would allow us to reset the admin's password and gain access to their account.

The few lines of source code I managed to intercept are attached below; and the admin's session token is on the webpage. Figure out the admin's password reset token for me.

To get your flag, input the password reset token into the webpage and press "Get Flag". The flag it generates is based on your input, so you have to get the answer right to get the correct flag!