Web Challenges
- Cookie Clicker
In this challenge, you just have to edit the cookies and set the value of it that was required.
2. dig_dug
In this, you have to use the dig command to get the DNS TXT record of the given URL i.e hole.sketchy.dev
3. The Inspector
Inspect elements the given page by a browser.
4. Wite-out
also, inspect the page
Programming Challenges
1. Instruction
the challenge Description was
Dear Agent Reffef,
I have attached the super secret plans for operation 0x576f726b206f6e207468652070757a7a6c652c2073746f702072656164696e672068657821.
You will need to decode it first though.The rules are simple:
A line is “viable” if the length of a line is divisible by 3, and the line does not contain the `&` character.
For every viable line, you will grab the `n`th character,
where `n` is the corresponding number at the top of the file (Counting from one!)
The first viable line will use the first number, etc.Put all the letters together to find the answer!
- Agent Doposi
the file provided was flag.txt
According to the description we only have to choose those line i.e viable line if
a. the length of the line is divisible by 3
b. the line does not contain the letter ‘&’
and every viable line will give the character the of the flag by choosing the nth character, where n is the number from the list which is given at the top of the file
So, I created a python script for that.
and by running the script we got our flag :
bcactf{f0110w_tH3_r00lz_❤_l0ve_m3_pls}2. Manner_Of_Speaking
the challenge description was
Tho, I came Acroth thith therieth of inthturcthins, and thomething that thaid “the key ith the attached litht of ATHCII printableth.” Tho anywayth, here’th the inthtructhinth
According to me, the conversion should be….:)
tho, I came across, this series of instruction, and something that said “ the key is the attached with a list of ASCII printables” .to anyways, hhere arethe instructions
and the files are given inthtructhins.txt, printableth.txt
In inthtructhins.txt the text was like
cadadddddr, caddadddddr, caadddddr, caddadddddr, cadddddddddddddddddddadddddr, cadddddadddddr
so I searched about this on google and after searching for some time I came to know that these are actually lisp programming functions.
and found this tutorial so in this section they have told us about car and cdr functions and how we can concatenate them to use these functions recursively.
1. car: It takes a list as argument, and returns its first element.2. cdr: It takes a list as argument, and returns a list without the first element
I tried many online lisp interpreter to run those instructions which were given in inthtructhins.txt but they were not able to run it.
but since the functionalities of these function were very simple I tried to implement them in python and created a script
by running the script we can get our flag:
bcactf{L157_8453d_pR0gR4Mm1nG_15_4w3S0Me!}3. 1+1=Window
the challenge description was
#hex+hex=hex
and we are provided with 2 files one.txt, two.txt
As from the description, it was clear that we have to add the hex of file one.txt with the hex of two.txt and then convert the result into ASCII.
so I created a python script for that,
by running the script we got our flag:
It is easy naah isn’t it ? bcactf{1_h0p3_y0u_us3_pyth0n}4. Public Library
Quest Challenges
1. For the night is dark
it had 3 parts
stage 3: credits:
in the description, The flag was here is the hint
So, I searched the link on the Wayback machine and found this
flag: bcactf{p33r1ng_1n70_7h3_p457_Ymxlc3NlZHZpZXc}2. Synthetic-CDO
In this challenge, an image was provided.
First, I tried to count the number of 1’s which was 45 and tried this as a flag but it was wrong.
then after successfully wasting a couple of hours I figured out that in the flag not all characters are 1 some of them is letter ‘l’ which is in Time New Roman Font
but how someone can tell the difference, which is 1 and which is ‘1’ [letter ‘L’].
so tried to zoom the image to see if there is any difference.
I used GIMP FUzzy select tool: Select the contiguous region on the basis of color
as from the above image you can see that the character which has a little shadow below their serif is the digit one(red circle) and other one is letter L[‘1’](yellow circle).
flag: bcactf{11l11lll11ll1l1l1ll111l1111lll1111l111l11lll1}Forensics
1. BCA_Craft
challenge Description:
Yo I made a sic Minecraft adventure MAP!Try it out it’s kewler than ur Fortnite gamez!
(This map runs in Minecraft 1.13.2 and above)
2. Large_Data
Challenge Description:
Big data is all the rage right now, so I broke my flag up into 2700 text files. That’s pretty big, right? All I will tell you is that the flag is 27 characters long, and it requires some data analysis to find. I don’t want to be mean, but I think this might take a while (while your solver is running you might want to disable sleep mode :)).
and we are provided with a zip file upon extracting it we get 27 folders inside each of the folders there were 100 files.
as stated in the description the flag was hidden inside these 2700 files.
There is also a hidden hint in the description: “ I don’t want to be mean”
the solution was first we have to take the mean of the characters of each file inside the folder and then we have to take the median of those means to get the character of the flag and thus we will get all the 27 characters of the flag from each folder.
The python script which I created:
flag : bcactf{crunch1ng_num5_c00l}3. Of course Rachel
challenge description
Ugh, I had a really important file with the flag, but sadly it broke. My friend Rachel said that snapshots are good for backing up, and luckily I listened so here is my screenshot. Do you think you could help me put it back together?
we are provided with a zip file upon extracting the file we get 5 images containing some random numbers, the images were like this.
these were actually the hex characters so I used tesseract to get these numbers in a text file, for all the images and then combined all the numbers and used a hex decoder to decode it and got this code:
there are only 2 things which are useful for us
1. the variable flag: flag = 820921601166721424573282546345206805820898697321521913920196691573868657577500743744203737234698
2. the function int_to_text()
so I combined these 2 inside a script and got the flag:
def int_to_text(inp):
hexed = hex(inp)
return bytearray.fromhex(hexed[2:]).decode()flag = 820921601166721424573282546345206805820898697321521913920196691573868657577500743744203737234698print(int_to_text(flag))flag: bcactf{0p71c4lly_r3c0gn1z3d_ch4r4c73rs}
4. one punch zip
challenge description:
One Punch Man seemed to have lost the password to his super secret archive. Can you help him crack it?
we are provided with an image and a zip file:
the image was:
the zip contains the flag.txt and it was password protected.
the password was actually one of the strings when we use strings command on the image.
so I created wordlist by typing following command:
strings imagename > wordlist.txtand the used fcrackzip to find the password :
fcrackzip -v -D -u -p wordlist.txt superSecure.zippassword was: “w\8VH”$.”
flag:bcactf{u5ing_4ll_string5_0f_1mag3_@s_dictionary?}
5. Open-docs
challenge description:
Yay! I really enjoy using these free and open file standards. I love them so much, that I made a file expressing how much I like using them. Let’s enjoy open standards together!
flag: bcactf{0OxMl_1s_4m4z1Ng}6. Study of roofs
challenge description
My friend has always gotten in to weird things, and his recent obsession is with roofs. He sent me this picture recently, and said he hid something special in it. Do you think you could help me find it?
we are provided with a jpeg file
upon doing binwalk on the file we found out that there is a hidden jpeg inside that jpeg so to extract that jpeg I used dd command:
dd skip=1562983 if=./dem_shingles.jpg of=./dem_shingles1.jpg bs=1and got the hidden jpeg :
flag: bcactf{r4i53_7h3_r00f_liz4rd}7. Wavey
challenge description:
My friend sent me his new mixtape, but honestly I don’t think it’s that good. Can you take a look at it and figure out what’s going on?
here we are provided with a .wav file as form the previous CTF experience I quickly opened the file in audacity, saw the spectrogram and eventually got the flag
flag: bcactf{f331in_7h3_vib3z}Crypto challenge
1. Cracking the cipher
challenge description:
2. A Major Problem
challenge description:
A mysterious figure named Major Mnemonic has sent you the following set of words. Figure out what they mean!
“Pave Pop Poke Pop Dutch Dozen Denim Deism Loot Thatch Pal Atheism Rough Ditch Tonal”
the string that is under double quotes is actually a major mnemonic
from this, I converted the mnemonics to ASCII code
98 99 97 99 116 102 123 103 51 116 95 103 47 116 125there was error in the flag it was not 47 but ,48
97 99 116 102 123 103 51 116 95 103 48 116 125upon converting code to text we got our flag:
flag: bcactf{g3t_g0t}
3. Three Step Program
challenge description
We found this strange file with a bunch of stuff in it… Can you help us decode it?
we are provided with a text file having following text
MzIgLSAgfDMgVGltZXMgQSBDaGFybXwgLSAzMg==JJGTEVSLKNBVISSGINCU2VCTGJFVETCWKNGVGTKLKJEEKQ2VJNEUSNC2KZKVCS2OJFNE4RKPKNFUUSKSJNKTITSDKJFEERKUI5GTETKJLJGVMQ2RJNLEWUSLIZAVES2DJRFE2RKDK5JU2SKKJBCTEVKLJBDUSWSUI5KTETSLKZEVKS2TLJKEWUSFIU2FKU2WJRBEIVCFKFJVASKWIFKU2USLIRDUUR2FGJJEWQ2LKJGFMR2TJNCUYSSIIRFU2U2UJFCTEVKJKZJUMSKKJNKU6VK2KRFVES2VGZKEWUSKIJCVIR2XKNBEUNKGIZDVMMSEJRFEERKDKRJVOR2SJJKUGV2TJVFDKR2VGRLVGSKLJUZEKSKWJNHEWWSKKVDVCSSUJFJEERJUK5JVKTCCIZKEKVCDIVFFUQKWKFITEQSJJZEVKV2SGJDEYQSCKVBVMSSTJFFEMRSFKMZEISKFLJCVSTKTIZEUUTCGJ5JVUV2KJJAVKNSVKNMUWTSBKZKU2MSUJJLEYRCFKEZEETCKJNDECVCSKZFU4QSVI5ITEU2LJZCEMU2VJNDEYRSOIVKVCS2OJRFE4RKPKFNFIS2SINCTEUSTKZGEERCVKNJEGRKKGVDEISKXINBEOVSDIVGVES2DJM2UIVKXKNFUKSS2I5LE2VSLLBGEKWSVJFJFGUCLLJHEKQ2QJI2UQVJWKE6T2PJ5lhlm oad lamaew eyhmgs. lg i sxsro rgu ntee qhj a qesg? dbfcp rgu stne xtve tm lhtl xac, b’dl rh wadr gn jhm ayw zayw at zowr.
mvscey{bu57_j0n_o4i7_kgbhmffhlqe} bfm, te htjnpw, feim lixx at hhf’t mx ko dbepwx…
The first string is base64 encoded upon decoding it we will get:
32 — |3 Times A Charm| — 32for this, we get a hint that the 2nd string might be base32 encoded 3 times
so upon decoding it, we get
Why english so ard to tok.
No speak more English.
Ail gi you tu hints to read my encrypted languich.1. SALT iz key to gret food!
2. Le francais crypte le meilleur
first is pretty clear that SALT is our key, but 2nd looks like French so I translated it using google translator and got this :
French crypt the best
upon searching something like french cryptography decoder I found this
it is Vigenère Cipher
so I decoded the last string using SALT as the key and got the flag:
that was simple enough. so i heard you came for a flag? since you have made it this far, i’ll go easy on you and hand it over.
bcactf{ju57_y0u_w4i7_znjhbmnhaxm} but, be warned, next time it won’t be so simple…4. Tupperware
challenge description
Took my lunch to school in a Tupperware (now with patented TupperSRF™ plastic!) and part of it got stained with a flag.
ktells you where.NOTE: number names come from the Googology wiki, some numbef names may be inconsistent.
we are provided with a file which contains:
<!DOCTYPE html PUBLIC “-//W3C//DTD HTML 4.01//EN” “http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv=”Content-Type” content=”text/html; charset=utf-8">
<meta http-equiv=”Content-Style-Type” content=”text/css”>
<title></title>
<meta name=”Generator” content=”Cocoa HTML Writer”>
<meta name=”CocoaVersion” content=”1671.5">
<style type=”text/css”>
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; line-height: 16.0px; font: 22.0px Arial; color: #000000; -webkit-text-stroke: #000000}
span.s1 {font-kerning: none}
</style>
</head>
<body>
<p class=”p1"><span class=”s1">Four octogintacentillion, eight hundred and fifty-eight novemseptuagintacentillion, four hundred and eighty-seven octoseptuagintacentillion, seven hundred and three septenseptuagintacentillion, two hundred and seventeen quinseptuagintacentillion, six hundred and fifty-four quattorseptuagintacentillion, one hundred and sixty-eight treseptuagintacentillion, five hundred and seven duoseptuagintacentillion, three hundred and seventy-seven unseptuagintacentillion, one hundred and five septuagintacentillion, six hundred and thirty-four novemsexagintacentillion, two octosexagintacentillion, six hundred and forty-seven septensexagintacentillion, seven hundred and thirty-one sexsexagintacentillion, one hundred and twenty-eight quinsexagintacentillion, four hundred and ninety-nine quattuorsexagintacentillion, three hundred and seven tresexagintacentillion, two hundred and forty-four duosexagintacentillion, eight hundred and fifty-one unsexagintacentillion, four hundred and forty-one sexagintacentillion, ninety novemquinquagintacentillion, three hundred and fifty-seven octoquinquagintacentillion, eight hundred and sixty-five septenquinquagintacentillion, seven hundred and eleven sexquinquagintacentillion, thirty-three sexquinquagintacentillion, four hundred and forty-three quinquinquagintacentillion, four hundred and nineteen quattuorquinquagintacentillion, seven hundred and ninety-three trequinquagintacentillion, five hundred and thirty-one duoquinquagintacentillion, nine hundred and ninety-nine unquinquagintacentillion, eight hundred and eighty-three quinquagintacentillion, two hundred and sixty-one novemquadragintacentillion, five hundred and seventy-nine octoquadragintacentillion, eighty-six septenquadragintacentillion, seven hundred and three sexquadragintacentillion, two hundred and eighty-five quinquadragintacentillion, nine hundred and eighty-eight quattuorquadragintacentillion, five hundred and fifty trequadragintacentillion, three hundred and twenty-five duoquadragintacentillion, nine hundred and seventy unquadragintacentillion, five hundred and twelve quadragintacentillion, three hundred and forty-three novemtrigintacentillion, sixty-three octotrigintacentillion, three hundred and twelve septentrigintacentillion, nine hundred and sixty-five sextrigintacentillion, three hundred and twenty-seven quintrigintacentillion, five hundred and eighty quattuortrigintacentillion, nine hundred and seventy-eight tretrigintacentillion, two hundred and forty-one duotrigintacentillion, eight hundred and forty untrigintacentillion, four hundred and fifty-eight trigintacentillion, seven hundred and five novemviginticentillion, seven hundred and seventy-eight octoviginticentillion, five hundred and eighty-two septenviginticentillion, five hundred and four sexviginticentillion, six hundred and seven quinviginticentillion, six hundred and fifty-five quattuorviginticentillion, eight hundred and seventy-nine treviginticentillion, one hundred and fifty-one duoviginticentillion, eight hundred and twenty-eight unviginticentillion, one hundred and forty-nine viginticentillion, six hundred and ninety-four novemdecicentillion, five hundred and eighty-nine octodecicentillion, eight hundred and sixty-seven septendecicentillion, one hundred and ninety-eight sexdecicentillion, eight hundred and forty quindecicentillion, nine hundred and fifty-nine quattuordecicentillion, five hundred and ninety-eight tredecicentillion, four hundred and ninety-seven duodecicentillion, five hundred and ninety-seven undecicentillion, nine hundred and eighty-nine decicentillion, eight hundred and sixty-six novemcentillion, eighty-four octocentillion, six hundred and ninety-four septencentillion, five hundred and sixty sexcentillion, four hundred and ninety quinquacentillion, six hundred and seventy-five quattuorcentillion, eight hundred and one centretillion, seven hundred and eighty-six duocentillion, three hundred and forty-seven cenuntillion, seven hundred and thirty centillion, eight hundred and fifty-one novemnonagintillion, four hundred and thirty-eight octononagintillion, nine hundred and thirty-one septnonagintillion, two hundred and seventy-five sexnonagintillion, five hundred and eighty-four quinnonagintillion, nine hundred and eight duattuornonagintillion, one hundred and thirty-eight trenonagintillion, one hundred and ninety duononagintillion, four hundred and nine unnonagintillion, four hundred and eighty-one nonagintillion, eight hundred and eighty novemoctogintillion, nine hundred and eleven octooctogintillion, three hundred and nineteen septoctogintillion, four hundred and ninety-one sexoctogintillion, nine hundred and seventy-eight quinoctogintillion, six hundred and forty-four quattuoroctogintillion, eight hundred and eight treoctogintillion, thirty-six duooctogintillion, eight hundred and seventeen unoctogintillion, eight hundred and seventy-three octogintillion, five hundred and fourteen novemseptuagintillion, fifty-six octoseptuagintillion, five hundred and ninety septseptuagintillion, one hundred and thirty-five sexseptuagintillion, three hundred and thirty-one quinseptuagintillion, five hundred and seventy-eight quattuorseptuagintillion, one hundred and five treseptuagintillion, eight hundred and sixty-two duoseptuagintillion, eight hundred and twenty-one unseptuagintillion, four hundred and fifty-four septuagintillion, four hundred and fifty-four novemsexagintillion, six hundred and seventeen octosexagintillion, three hundred and seventy-five septsexagintillion, nine hundred and nineteen sexsexagintillion, eight hundred and seventy quinsexagintillion, two hundred and forty-five quattuorsexagintillion, three hundred and sixty-three tresexagintillion, four hundred and forty duosexagintillion, sixty-six unsexagintillion, three hundred and seventy-two sexagintillion, seven hundred novemquinquagintillion, fifty-three octoquinquagintillion, two hundred and sixty-three septenquinquagintillion, three hundred and sixty-two sexquinquagintillion, eight hundred and sixty-three quinquinquagintillion, six hundred and ninety-four quattuorquinquagintillion, one hundred and twenty-nine trequinquagintillion, one hundred and thirty-three duoquinquagintillion, seven hundred and sixty-five unquinquagintillion, four hundred and forty-one quinquagintillion, nine hundred and twenty-six novemquadragintillion, five hundred and thirty-three octoquadragintillion, six hundred and nine septenquadragintillion, five hundred and three sexquadragintillion, nine hundred and ninety-four quinquadragintillion, eighteen<span class=”Apple-converted-space”> </span>quattuorquadragintillion, five hundred and sixty-five trequadragintillion, three hundred and nineteen duoquadragintillion, three hundred and eighty-two unquadragintillion, nine hundred and thirteen quadragintillion, four hundred and fifty-four novemtrigintillion, one hundred and sixty-one octotrigintillion, four hundred and twenty-nine septentrigintillion, fifty-eight sextrigintillion, five hundred and five quintrigintillion, six hundred and fifty-five quattuortrigintillion, three hundred and fifty tretrigintillion, seven hundred and eighty duotrigintillion, nine hundred and eleven untrigintillion, two hundred and twenty-nine trigintillion, two hundred and three novemvigintillion, four hundred and thirty-two octovigintillion, three hundred and ninety-two septenvigintillion, nine hundred and sixty-seven sexvigintillion, two hundred and thirty-six quinvigintillion, one hundred and thirty-seven quattuorvigintillion, six hundred and forty-seven trevigintillion, seven hundred and eighty duovigintillion, three hundred and eight unvigintillion, nine hundred and sixty-six vigintillion, nine hundred and thirty-six novemdecillion, six hundred and ninety-one octodecillion, four hundred and thirty-nine septendecillion, six hundred and thirty-six sexdecillion, nine hundred and eighty quindecillion, fifty-eight quattuordecillion, two hundred and sixty-six tredecillion, six hundred and ninety-three duodecillion, four hundred and ninety-eight undecillion, five hundred and sixty-eight decillion, two hundred and thirty-five nonillion, four hundred and sixty-four octillion, three hundred and ten septillion, nine hundred and seven sextillion, six hundred and twenty-eight quintillion, seven hundred and eighty-five quadrillion, four hundred and thirty-three trillion, one hundred and five billion, ninety-one million, five hundred and twenty-six thousand, six hundred and thirty-nine.</span></p>
</body>upon searching these number I came across this link which basically tell how many zeros a word signifies in this large numbers
In the decription, SRF refers to self-referential_formula , so we have to convert that big wordy number into actual digit form and then use the SRF to create a graph of it.
I used this to create a graph of the number
first, I tried to make a script for this but messed up at some place due to which I was getting the wrong number
so took my number copied it into this and then compared the string which I got with the given one and manually corrected my number(yeah I am not proud of myself :)) but anyways I finally got the correct number
4858487703217654168507377105634002647731128499307244851441090357865711033443419793531999883261579086703285988550325970512343063312965327580978241840458705778582504607655879151828149694589867198840959598497597989866084694560490675801786347730851438931275584908138190409481880911319491978644808036817873514056590135331578105862821454454617375919870245363440066372700053263362863694129133765441926533609503994018565319382913454161429058505655350780911229203432392967236137647780308966936691439636980058266693498568235464310907628785433105091526639created a graph of that number and got the flag:
flag: bcactf{all_0ccur}=> Logan47
