- Solves: 62
send 1505 szabo 457282 babbage 649604 wei 0x949a6ac29b9347b3eb9a420272a9dd7890b787a3
- Solves: 16
I bet you can't crack this great encryption that I invented.
Difficulty: Medium
- Solves: 3
Hi, NSA here, again. Our suspects have changed some details in their protocol (see "white_russian"). We also need their second flag.
Connect:
nc 35.198.134.252 2024Files: https://34c3ctf.ccc.ac/uploads/miner-b48b3fdc7f7cdc4a09c736d5a443a20e.tar.gz
Difficulty: mid-hard
- Solves: 11
Please try again.
Files: https://34c3ctf.ccc.ac/uploads/rofl-9f14695dcd0e42f168769eb2f7b3df9e.tar.gz
- Solves: 14
Do you sometimes feel like modern crypto is just too complicated to be useful?
You want a simple cipher that simple people like you can understand?
Then Simple Encryption Standard might be just what you are looking for! We ripped out the uselessly complicated stuff and replaced it with that warm fuzzy feeling of understanding once again.
Difficulty: Medium
- Solves: 23
Always remember to keep your router firmware up to date!
Connect:
telnet 35.198.64.68 2023Files: https://34c3ctf.ccc.ac/uploads/software_update-2af84f953903f60e3100176343d70316.tar.gz
Difficulty: easy-mid
- Solves: 8
Hi, NSA here. We're
doing surveillance onmonitoring twoinnocent citizenssuspected terrorists. We've seen them using pratically every cryptographic scheme you can think of. They're using some fancy new instant messaging thing. We have their public keys and the messages they sent to each other. We need their flag by Dec 29th, 2017, 20:00 UTC!Connect:
nc 35.198.143.105 2024Files: https://34c3ctf.ccc.ac/uploads/white_russian-c31e5f11a26832540ccd8972fb94791a.tar.gz
Difficulty: easy-mid
- Solves: 27
Minimal bash - maximal fun!
nc 35.198.107.77 1337Difficulty: medium
Connections are limited to 10 per minute
- Hints:
We have updated the 'source' command in minbashmaxfun to print one additional line.
- Solves: 48
Pwning with primes!
Connect:
nc 35.198.178.224 1337Files: https://34c3ctf.ccc.ac/uploads/primepwn_files-99326d3a04655f43ce731927e2b6fa98.tar.gz
Difficulty: mid
- Solves: 13
Pain is an event. It happens to you, and you deal with it in whatever way you can. ~ Hugh Laurie
Connect:
nc 104.199.25.43 1337Files: GET THEM HERE
Environment:
docker run -it tsuro/nsjail-ctf /bin/bash
- Solves: 5
Writing a ruby extension was fun. Check the readme for further instructions.
Files: Link
Difficulty: medium
Connect:
nc 35.198.184.75 1337
- Solves: 0
Please give us a free security audit for our production database system.
Did I just say that aloud?
Files: GET THEM HERE
Connect:
nc 35.198.102.171 1337Difficulty: Hard
- Solves: 30
You can't own me if I don't use a libc! Right? Right?
Files: Link
Connect:
nc 35.198.130.245 1337Difficulty: easy-ish
- Solves: 47
memory management in C does not have to be hard
Files: Link
Difficulty: easy
Connect:
nc 35.198.176.224 1337
- Solves: 15
I built something that prints the flag. But I lost the flag :(
Difficulty: medium
- Solves: 4
I hope you like yourself some Javascript.
Difficulty: Medium
- Solves: 2
I hope you like yourself some Spineless Tagless G-machines.
Difficulty: Hard
- Solves: 18
This is not compatible with emacs!
Tested with vim 7.4 on amd64 Ubuntu 16.04 (package vim 2:7.4.1689-3ubuntu1.2)
Difficulty: Easy
- Solves: 6
We are giving you access to a box created via vagrant + VirtualBox. The flag is in the file /flag on the host.
Files: Link
Difficulty: Hard
Christmas hint: Make sure to check extra data.
- Solves: 1
If you found babyvm too easy, you might like this more.
The VM is almost the same as for babyvm. The only file we changed is
victimbox/Vagrantfile. You won't get the new version though, so you may want to check babyvm out first.Connect:
socat tcp4:178.63.8.31:1338 -,raw,echo=0- Hints:
IMPORTANT! The flag file on the host is called
/flag2
- Solves: 2
Enjoy the pool party.
Team token: ...
Files: Link
Difficulty: Medium
This challenge is evaluated manually. Check the README.txt file for details.
NOTE: the driver differs slightly from the one in elgoog2
- Hints:
You may send the payload as *.pdf instead of *.pdf.exe, in order to prevent Google Mail from filtering the attachment. We will rename it to *.pdf.exe on the vulnerable machine.
- Solves: 1
Enjoy the pool party.
Team token: ...
Files: Link
Difficulty: Hard-Insane
This challenge is evaluated manually. Check the README.txt file for details.
NOTE: the driver differs slightly from the one in elgoog1
- Hints:
You may send the payload as *.pdf instead of *.pdf.exe, in order to prevent Google Mail from filtering the attachment. We will rename it to *.pdf.exe on the vulnerable machine.
- Solves: 2
I needed an excuse to write a filesystem because why not? :). Check the files for more instructions regarding building the VM.
insmod esprfs.ko; mount -t espr none <dir>PSA: the filesystem is not meant to be a production grade filesystem and only supports basic operations, as such don't expect to do anything more than really basic things on it :)
Files: Link
Difficulty: hard
- Solves: 2
We've made v8 even faster!
nc 35.198.159.246 1337Difficulty: hard
- Solves: 7
Found this great new extraction service. Enjoy!
Difficulty: medium
- Solves: 8
You always wanted to share details of your meaningless life with the whole internet?
Sign up to SUPERBLOG today and let the world know you exist!
URL 1: http://35.197.245.102/
URL 2: http://35.198.68.40/
Difficulty: Medium
- Hints:
When submitting a post ID to the admin, he will visit the URL
http://localhost:1342/post/<postID>. He uses a headless Google Chrome, version 63.0.3239.108.
- Solves: 5
You have proven to be worthy of the world's plebs' attention. Let's see if you are worthy of ours as well.
URL 1: http://35.197.245.102/
URL 2: http://35.198.68.40/
Difficulty: Medium
- Hints:
When submitting a post ID to the admin, he will visit the URL
http://localhost:1342/post/<postID>. He uses a headless Google Chrome, version 63.0.3239.108.
- Solves: 4
Finally someone has created a neat little urlstorage service.
Difficulty: medium
- Hints:
XSS and CSRF are not the only client-side attacks.
