I’m not going to sit here and pretend that I’m the most social person in the world, but 3-weeks of annual leave over Christmas whilst Omicron is running wild definitely left me with far more free time than usual. Once the family visits were over, presents unwrapped, and many drinks had; I found myself at home, on Discord & thoroughly bored!
One evening, me & a good friend R4Wizard @ ShadowAcre stumbled across the AIS – Capture the Flag challenges. Intended as a recruitment tool, these challenges range in difficulty, and are an excellent learning tool for any tech professional looking to test or develop their skillsets in a variety of areas.
There are 23 challenges in total, and given neither of us are looking for a new job, we (myself & Peter) decided to collaborate and have a crack at them. Below you will find a complete list of challenges, and eventually a link to how R4Wizard & myself solved each. So far, we’re both at 2,110 points, having captured the flag for 21/23 of the Challenges, but we’ll update this post once we’ve solved the remaining two. 😉
I’d encourage anyone reading this to go and give solving the challenges a go themselves first before reading any of the solution posts.
- 1. Client-side Protections
- 2. Programming
- 2.1. Brutal Force (15 Points)
- 2.2. Code Breaker (150 Points)
- 2.3. Tiles (250 Points)
- 3. Networking
- 3.1. HTTP Basic (15 Points)
- 3.2. WPA2 Deauth (30 Points)
- 4. Crypto
- 4.1. ROT (15 Points)
- 4.2. Encoded (25 Points)
- 4.3. Base64 (75 Points)
- 4.4. Enigma (100 Points)
- 4.5. XOR (300 Points)
- 5. Input Validation
- 5.1. SQL Login (50 Points)
- 5.2. Cross Site Scripting (75 Points)
- 5.3. SQL Credit Cards (100 Points)
- 6. Exploitation
- 6.1. Stack Overflow (75 Points)
- 6.2. Lonely Bot (175 Points)
- 7. Reverse Engineering
- 7.1. Sentence Bot (100 Points)
- 7.2. License Key (250 Points)
- 7.3. Challenge Response (400 Points)
- 7.4. Debug Me (500 Points)
Many thanks to AIS for putting together this collection of CTF challenges. Not only is this a great recruitment tool, but it’s also a great way for anyone interested in hacking, exploitation & cryptography to test their skills, or anyone new to the field to develop theirs.