GOING OLD SCHOOL TYPE: CRYPTOGRAPHY Challenge Unable to use their RSA encryption program, luciafer resorts to using old school techniques to send a message out to the team. Can you decipher the code and find the flag? Submit the flag as flag{flag text} Download Image SHA1: 1afcf5cc3a64f3924f27425ed344fbe4545c5554 env.deadface.io Solution The link provided was the following image. At first sight we
Pandora´s Box TYPE: CRYPTOGRAPHY Challenge Pandora´s box, we have found it! Even better, the last travelers knew the numbered code to get in but they couldn’t figure out the transcription. Figure out the the transcription’s translation to find the flag! Download Image SHA1: 8e613787658d2d5828448aa182e2bb4904c124a8 Submit the flag as: flag{word_word_word_word} Solution Given was the follwing image So it looks like that
Gone But Not Forgotten TYPE: OSINT Challenge It looks like DEADFACE members shared their public keys last month. All of them sent their keys over Signal or email except for spookyboi. He mentioned uploading his key to portal.deadface.io, but none of our analysts can get to the site. Submit the MD5 hash of the public key file as the flag.
Under Public Scrutiny TYPE: OSINT Challenge DEADFACE mentioned on Ghost Town that they have a public GitHub repository. See if you can find a flag hidden that belongs to DEADFACE. Submit the flag as: flag{flag-text}. Solution I´ve started looking at the Ghost Town forum and searched for github. Only two threads – this is first one: So since I now
SQL Challenges Like last year, there were several SQL Challenges that build on each other and whose solutions are discussed below. Prepare SQL To work with the SQL files we suggest to import the backup into a MySQL DBMS, so you can connect to the database and select the infos out of it 🙂 I used a maria-db docker container.
Wizard You have stumbled upon a wizard on your path to the flag. You must answer his questions! PS (not challenge related), thank you so much to Hadrian for supporting NahamCon 2022! Press the Start button on the top-right to begin this challenge. Solving To solve this challenge, you need to connect to your own instance via netcat. Then you
EXtravagant I’ve been working on a XML parsing service. It’s not finished but there should be enough for you to try out. The flag is in /var/www Press the Start button on the top-right to begin this challenge. Solving To solve this one, we need to upload our own malformed XML document (XML external entity (XXE) injection). Create a XML
apache-logs Points: 100 An apache log file that contains recent traffic was pulled from a web server. There is suspicion that an external host was able to access a sensitive file accidentally placed in one of the company website’s directories. Someone’s getting fired… Identify the source IP address that was able to access the file by using the flag format:
photo-op-spot Points: 150 In three words tell me where I stood when I grabbed this picture. Solving Okay we got a picture from a strange tower… lets google for that picture. We’ll find quickly what we are looking for.. the tower is located in Seattle. Public Art "Transforest" Tourist attraction in Seattle, Washington Now we have to find the three
dns-joke Points: 100 Description A system administrator hasn’t smiled in days. Legend has it, there is a DNS joke hidden somewhere in www.jerseyctf.com. Can you help us find it to make our system administrator laugh? Solving To get the flag, check the dns entries of the www.jerseyctf.com subdomain. jerseyctf.com TXT @192.168.178.1 +short "jctf{DNS_J0k3s_t@k3_24_hrs}" This script will help you get the