Repositories for the 2012 Capture the Flag
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

2012 CTF Game

The following is a list of all of the challenges used for the 2012 CTF along with their description and link for convenience. Each of these challenges contain a README which well tell you how to stand up the challenge and the correct key to allow you to check yourself when you solve it.


Title Value Repository Description
None Shall Pass 100 2012-web-a You have been asked to perform a penetration test on a web site that was a prototype and is now being used in production. The customer, a puggle breeder, suspects that the user authentication needs more locking down, but knows little else. You have been given nothing but a web URL. Visit the [server](http://$htaccess) to see where the user logs in. You should be able to break in and view the flag. Please, think of the puggles.
A Personal Voyage 200 2012-web-b Join Carl for a journey through space and time on this latest episode of [COSMOS](http://$cosmos).
Is anyone out there? 300 2012-web-d MySpace is feeling a bit left out after everyone moved their social circles to Facebook (see what I did there?). After a series of privacy problems at Facebook, MySpace has seen an opportunity to win their users back with some great new features. We caught them testing a new [chat service](http://$nodejs:3000) but it doesn't seem to be much better than any of their other web properties. At least you can't change the background...oh the humanity.
Travelling Through the Cosmos 400 2012-web-e Scientists have determined the Great A'Tuin's gender at long last, unfortunately they put it inside the [Discworld Planetary Information System](http://$turtles) and then had a rather unfortunate meeting with Death. Sadly, the late scientists were pretty bad at web sites and budget cuts had meant that they had to make their own information system. Even worse, though they were smart they were, as so many scientists are, a little mad (and really bad at web design, if we hadn't mentioned it). We honestly have no idea what they were even trying to do with their system. Maybe you'll have better luck than we did.
  • The Management
Making the grade 500 2012-web-f It looks like there's a vulnerability in the [student directory](http://$haystick) system. You've been dying for that new Macbook Pro with Retina display and need some fast cash so a few other students have paid you to change their AP Calculus grades. This can only be done through an admin account.


Title Value Repository
Binary, Binary Everywhere and not a knot in site 100 2012-grabbag-b Time to start [adding](http://$static_file_server/gbb-abb864b2337d4308a765db53b13dcf11/file.txt).
MD5: ab9a4fd2e46ab46492fa787e03696c3e</td>
Old Guy Quotes 200 2012-grabbag-a These aren't the [files](http://$static_file_server/gba-c345af8a4089431abf90532b9bd851f2/ you're looking for. *waves hand*
MD5: fa88ecd7736f3d71cc836b4b7fef6a3f</td>
Sam's Revenge 300 2012-grabbag-c We believe Sam has been spying on one of his friends, unfortunately all we were able to get as far as evidence was a pcap [capture](http://$static_file_server/gbc-88acf1ca7abb4f27972b0658d9fe191a/capture.pcap) and an archive of his home [directory](http://$static_file_server/gbc-88acf1ca7abb4f27972b0658d9fe191a/archive.7z). Unfortunately, the archive is password protected. You need to get at the information in this archive and find out if it contains enough evidence to prosecute Sam.
Archive MD5: f78d10d21ecff8a9addf08c4d02b085f<br/>Capture MD5: b84be2c7b1294ce2dfa4a1e044087256</td>
The Esoteric Challenge 400 2012-grabbag-e [Neoplasticism](http://$static_file_server/gbe-88a4b38b72ec4ee5abdab0ab50d2edb2/esoteric.png) in a CTF? Wat? Better ask a Librarian!
MD5: cb5eb41f7f282edb5216a0abdd2806d7</td>
Ankh-Morkpork: City Limits 500 2012-grabbag-g Captain Carrot welcomes you to the Great Wahoonie! We have a special problem for you, if you'd follow us down to the old UU, there's a [small problem](http://$static_file_server/gbg-fca5db8e3ba946c2a0e6e98b2fbf6bc3/program.exe) we'd like you to take care of.
MD5: 088d894b5e2848fda9b35d2e7c207f66</td> 


Title Value Repository Description
Everybody's Quacking Up 100 2012-forensics-b It seems like something's not quite [ducky](http://$static_file_server/fb-c7802d54508f4678a8752455845de7c0/duck.jpg) YEEEEEAAAHHHH!
MD5: 360cea7fc271233838c88d423c85b7f3</td>
(No Subject) 200 2012-forensics-a Hey Jon,
Here is the [MITRE logo](http://$static_file_server/fa-4b202ad68fce4d82b19a597df8cd5842/MITRE.png) we would like to you <span style="color:red;">use</span> for the capture-the-flag event.

MITRE Public Relations

MD5: 8be24dc74455ac7fd78d56bc4cd667fd</td>
Enron 300 2012-forensics-c Our network administrators have informed us of some unusual activity on the network to and from our [web server](http://$django/). I guess it looks like files have been downloaded and uploaded to the server from outside the network. We are concerned that an attacker may have downloaded our wiki and altered it in some way. If you find anything in the code, you need to figure out what it does. We can't have our corporate secrets falling into the wrong hands!
MITRE Cyber Academy 400 2012-forensics-e Joe produced a [screen cast](http://$static_file_server/fe-b09ebcf01ca6460da2cabac350d92fa4/video.flv) showing how to log into the MITRE Cyber Academy from a Windows machine. Unfortunately, before he was able to upload it to our server he dropped his computer and the hard drive died. Luckily we were able to recover most of the data but the video seems to be corrupted. We really don't want to redo this video so if it is recoverable that'd be great.
MD5: 298ff68ca0cedfe86dbd52c6e0d0bf52</td>
TV on the Fritz 500 2012-forensics-g It looks like our favourite show isn't coming in... or is [it](http://$static_file_server/fg-1db66fc00f4b473c95079b0167627886/image.bmp)?
MD5: a484c47b067c0d6ae34cbf67014918fc</td>


Title Value Repository Description
Confused Highway Engineers 100 2012-networking-a So, it’s bad enough when we let those highway engineers work on our roads. We get gridlock, accidents, and all kinds of overlong red lights. Now, they let them onto our network! This (link) is the kind of [traffic](http://$static_file_server/na-7269e30b3ce1434c97c2254d201ebef9/challenge.pcap) we get. Can you flag down some help for them?
MD5: 66dac3855e269ad512d9070f1f892cc7</td>
Huck FIN 200 2012-networking-b I done found myself [this awful old pile of bits](http://$static_file_server/nb-dc65bd97552846bd9aa2c1dbc18404d6/challenge.pcap) and I just don’t know what to do with none of them. Perhaps you could find a body to help me with this and we could set down for a good ol' time. What do you say about that?
MD5: f1f506285956ff742e1f7371d8188e91</td>
Down the Rabbit Hole 300 2012-networking-c We recently intercepted some traffic between the Matrix and the real world. It is our belief that the messages may contain access codes to the Zion mainframe. These codes are vital to our success in eliminating the human resistance. Here is the [conversation](http://$static_file_server/nc-3810c6011c6f4e3e91e817e9319ca40c/challenge.pcap).
MD5: 35646fba3cf34319d2d125fd3b8a7e6f</td>
Agent 007 400 2012-networking-d Congratulations, you have successfully infultrated MI6 as a double agent. Your next mission, which you will accept whether you like it or not, is to steal Agent 007's latest mission plans. Now that you have access to MI6 you have access to their intranet system. Download the [client login program](http://$server) and get in anyway you can.
Dr. Lanning's Last Words 500 2012-networking-e Detective Spooner, Dr. Lanning was found outside of his office after a rapid deceleration caused by the pavement outside. We do not believe this was a suicide, unfortunately he is in no state to tell us and all of the security cameras in his office seem to be broken. Luckily he left us a service running at $server that is listening on the port of the current year. We tried talking to it but our guys are at a loss.


Title Value Repository Description
All Your Base 100 2012-crypto-a We found a leak hinting that someone is making a Nintendo 64 port of the popular video game "Zero Wing". Among the leaked information was [this file](http://$static_file_server/ca-2a223af624354249ac69bb8019c5f490/leak) that could not be opened. See what you can figure out.
MD5: 40716445f4aaca87bd4e401ca7635bf6</td>    
Alexander Kemurdjian 200 2012-crytpo-c The Russian lunar rover, Lunokhod 1, was mysteriously reactivated after many years of innactivity. It has started transmitting data but Russia has lost the keys for decrypting it. They have enlisted our help in reversing their encryption by giving us the program used to encrypt it. Here is the [encryption program](http://$static_file_server/cc-21a8ba3d5f514842ac2a2f8c73a864fe/encryptor) and the [data](http://$static_file_server/cc-21a8ba3d5f514842ac2a2f8c73a864fe/flag.encrypted). Good luck.
Data MD5: b1c0b02fa4569bb4c046165c8a26d8fe<br/>Program MD5: b34b5f2ced72cf46648b57e7a97e3d85</td>    
While You Were Gone 300 2012-crytpo-b Mrs. Ross called. She said something about Congress and a new standard. I know you were talking about making a new emblem for the country. She even sent [this package.](http://$static_file_server/cb-4cd58a5b16644c9cae3a3f6b8483e6c7/flag.bmp.encrypted) It looks off to me, like there's something tucked inside. Give it a look when you get back, alright?
MD5: 3d4357e6c78e57f9184c6b8a67b27588</td>    
Danger Zone 400 2012-crypto-d The KGB has been sending encrypted [transmissions](http://$dangerzone/flag.encrypted) to their agent Kenny Loggins. In order to bring him in we need to show a judge what they are sending him. Luckily for us they have a server located at that responds to all requests by encrypting the data sent to it. We have also found that they host the source [code](http://$dangerzone/encryptor.c) for their encryption mechanism on the same server.
Pool on the roof 500 2012-crytpo-e Prove yourself, Crash, in this latest phase of the challenge. You've only got a little time to show Burn. Here's the next [target](http://$pool) that the ref's have picked out.