The second parameter was calculated by xoring the first line with your flag.
01100001011100100111010001011111011011110110011001011111011101110110000101110010
00011001000111010000011000000000000111010001001100110011000100100001001001010011
convert from binary:
1st line (ASCII): art_of_war
2nd line (hex): 19 1d 06 00 1d 13 33 12 12 53
"art_of_war" xor 0x191d06001d1333121253 = xor_rules!
FLAG: flag{xor_rules!}
A scammer creates a fake email and sends it to thousands of people, hoping some of them will click on a link and give up their personal information. What is this type of attack called?
FLAG: flag{phising}
Someone configures their computer to be the default gateway on a coffee shop. What is this type of attack called?
FLAG: flag{spoofing}
After clicking on an email attachment, your computer freezes. A message appears, demanding you pay a certain amount of money to unlock your computer. What is this type of attack called?
FLAG: flag{ransomware}
What is the term for harmful software that seeks to damage or exploit the machines that run it?
FLAG: flag{malware}
This English cryptanalyst is famous for deciphering encoded messages during World War II and creating standards for artificial intelligence. He is considered by many to be the father of theoretical computing. flag format: flag{Firstname_Lastname}
FLAG: flag{Alan_Turing}
This English writer and mathematician is known for her work on the Analytical Engine and is considered to be one of the first computer programmers flag format: flag{Firstname_Lastname}
FLAG: flag{Ada_Lovelace}
Decode this binary flag: 110111101100101011011110 format: flag{FIND}
110111101100101011011110 in hex = 0xDECADE
FLAG: flag{DECADE}
This binary code contains a fuel flag:110000001111111111101110 format: flag{FIND}
110111101100101011011110 in hex = 0xC0FFEE
FLAG: flag{C0FFEE}
A famous pirate of the caribbean is said to have had a fort in Honduras and legend says there's even hidden treasures left behind. Locals assure there is a treasure in this park, here's a map to it. Flag format: flag{WORDS_IN_FLAG}
[map.jpg]: https://i.imgur.com/qvKVsjq.jpg
map.jpg has additional data after the JPEG file ends, the text base64:MTYuMzUxNTM0NjY5MDI5MzIsIC04Ni41MDg0MzI4MjAxNzYzMg==
Base64 decoded it's "16.35153466902932, -86.50843282017632" the coordinates of Manawakie Eco Nature Park in Roatan, Honduras
FLAG: flag{MANAWAKIE_ECO_NATURE_PARK}
We put a flag in this compressed file but we forgot the password to open it. Maybe you can find it?
7z2john flag.7z > hash produces a hash for John the Ripper
Using a generic English wordlist like /pub/wordlists/languages/English/2-small/lower.gz from the Openwall file archive https://download.openwall.net/
john --wordlist=/usr/share/wordlists/languages/English/2-small/lower hash fairly quickly gets us the password: "inspirationalism"
Decompressing the archive with the password, flag.txt contains the flag.
FLAG: flag{p4ssw0rd_4tt4ck}
You might need to put your proramming skills into action to solve this challenge, instructions in the attached file.
[Decode_for_flag.txt]:
Given the Following Code:
a (%61) b (%62) c (%63) d (%64) e (%65) f (%66) g (%67) h (%68) i (%69) j (%6A) k (%6B)
l (%6C) m (%6D) n (%6E) o (%6F) p (%70) q (%71) r (%72) s (%73) t (%74) u (%75) v (%76)
w (%77) x (%78) y (%79) z (%80) SPACE (%20) . (%21) , (%22)
Decode the following to get a flag
%63%79%62%65%72%73%65%63%75%72%69%74%79%20%69%73%20%74%68%65%20%70%72%61%63%74%69%63%65%20%6F%66%20%70%72%6F%74%65%63%74%69%6E%67%20%73%79%73%74%65%6D%73%22%20%20%20%20%20%20%20%20%20%20%20%20%20%6E%65%74%77%6F%72%6B%73%22%20%61%6E%64%20%70%72%6F%67%72%61%6D%73%20%66%72%6F%6D%20%64%69%67%69%74%61%6C%20%61%74%74%61%63%6B%73%21%20%20%20%20%20%20%20%20%20%20%20%20%20T%68%65%73%65%20%63%79%62%65%72%61%74%74%61%63%6B%73%20%61%72%65%20%75%73%75%61%6C%6C%79%20%61%69%6D%65%64%20%61%74%20%61%63%63%65%73%73%69%6E%67%22%20%20%20%20%20%20%20%20%20%20%20%20%20%63%68%61%6E%67%69%6E%67%22%20%6F%72%20%64%65%73%74%72%6F%79%69%6E%67%20%73%65%6E%73%69%74%69%76%65%20%69%6E%66%6F%72%6D%61%74%69%6F%6E%21%20T%68%65%20%74%68%69%6E%67%20%79%6F%75%72%20%61%72%65%20%6C%6F%6F%6B%69%6E%67%20%66%6F%72%20%69%73%20%74%68%72%65%61%74%21
A simple python script like:
def dcd(needle, dict, haystack):
for i, s in enumerate(needle):
haystack = haystack.replace(s, dict[i])
return haystack
dcd(['%61','%62','%63','%64','%65','%66','%67','%68','%69','%6A','%6B','%6C','%6D','%6E','%6F','%70','%71','%72','%73','%74','%75','%76','%77','%78','%79','%80','%20','%21','%22'], 'abcdefghijklmnopqrstuvwxyz .,', '%63%79%62%65%72%73%65%63%75%72%69%74%79%20%69%73%20%74%68%65%20%70%72%61%63%74%69%63%65%20%6F%66%20%70%72%6F%74%65%63%74%69%6E%67%20%73%79%73%74%65%6D%73%22%20%20%20%20%20%20%20%20%20%20%20%20%20%6E%65%74%77%6F%72%6B%73%22%20%61%6E%64%20%70%72%6F%67%72%61%6D%73%20%66%72%6F%6D%20%64%69%67%69%74%61%6C%20%61%74%74%61%63%6B%73%21%20%20%20%20%20%20%20%20%20%20%20%20%20T%68%65%73%65%20%63%79%62%65%72%61%74%74%61%63%6B%73%20%61%72%65%20%75%73%75%61%6C%6C%79%20%61%69%6D%65%64%20%61%74%20%61%63%63%65%73%73%69%6E%67%22%20%20%20%20%20%20%20%20%20%20%20%20%20%63%68%61%6E%67%69%6E%67%22%20%6F%72%20%64%65%73%74%72%6F%79%69%6E%67%20%73%65%6E%73%69%74%69%76%65%20%69%6E%66%6F%72%6D%61%74%69%6F%6E%21%20T%68%65%20%74%68%69%6E%67%20%79%6F%75%72%20%61%72%65%20%6C%6F%6F%6B%69%6E%67%20%66%6F%72%20%69%73%20%74%68%72%65%61%74%21')
will return:
cybersecurity is the practice of protecting systems, networks, and programs from digital attacks. These cyberattacks are usually aimed at accessing, changing, or destroying sensitive information. The thing your are looking for is threat.
(or just urldecode it, lol)
FLAG: flag{threat}
Honduras was in the 1900s one of the Banana Enclave countries (aka banana republics). As a tribute, a cipher was designed using a banana for scale. Can you decrypt the message? Flag format: flag{WORDS_IN_FLAG}
[Encoded.txt]:
MS4gWmJ1IEFnYiB6aHBrOiBQdSBkaHksIGFvbCBubHVseWhzIHlsamxwY2x6IG9weiBqdnR0aHVreiBteXZ0IGFvbCB6dmNseWxwbnUsIGp2c3NsamF6IG9weiBoeXRmIGh1ayBqdnVqbHVheWhhbHogb3B6IG12eWpsei4KMi4gRG9sdSBwdSBrcG1tcGpic2EganZidWF5Ziwga3YgdXZhIGx1amh0dy4gUHUganZidWF5Zgpkb2x5bCBvcG5vIHl2aGt6IHB1YWx5emxqYSwgcXZwdSBvaHVreiBkcGFvIGZ2YnkgaHNzcGx6LgpLdiB1dmEgc3B1bmx5IHB1IGtodW5seXZienNmIHB6dnNoYWxrIHd2enBhcHZ1ei4gUHUKb2x0dGxrLXB1IHpwYWJoYXB2dXosIGZ2YiB0YnphIHlsenZ5YSBhdiB6YXloYWhubHQuIFB1CmtsendseWhhbCB3dnpwYXB2dSwgZnZiIHRiemEgbXBub2EuCjMuIEFvbHlsIGh5bCB5dmhreiBkb3BqbyB0YnphIHV2YSBpbCBtdnNzdmRsaywgaHl0cGx6CmRvcGpvIHRiemEgaWwgdXZhIGhhYWhqcmxrLCBhdmR1eiBkb3BqbyB0YnphIGlsCmlsenBsbmxrLCB3dnpwYXB2dXogZG9wam8gdGJ6YSB1dmEgaWwganZ1YWx6YWxrLCBqdnR0aHVreiB2bSBhb2wgenZjbHlscG51IGRvcGpvIHRiemEgdXZhIGlsIHZpbGZsay4KNC4gQW9sIG5sdWx5aHMgZG92IGFvdnl2Ym5vc2YgYnVrbHl6YWh1a3ogYW9sIGhrY2h1YWhubHogYW9oYSBoamp2dHdodWYgY2h5cGhhcHZ1IHZtIGFoamFwanogcnV2ZHogb3ZkIGF2IG9odWtzbCBvcHogYXl2dnd6Lgo1LiBBb2wgbmx1bHlocyBkb3Yga3ZseiB1dmEgYnVrbHl6YWh1ayBhb2x6bCwgdGhmIGlsCmRsc3MgaGp4YmhwdWFsayBkcGFvIGFvbCBqdnVtcG5ieWhhcHZ1IHZtIGFvbCBqdmJ1YXlmLApmbGEgb2wgZHBzcyB1dmEgaWwgaGlzbCBhdiBhYnl1IG9weiBydXZkc2xrbmwgYXYgd3loamFwamhzIGhqanZidWEuCjYuIFp2LCBhb2wgemFia2x1YSB2bSBkaHkgZG92IHB6IGJ1Y2x5emxrIHB1IGFvbCBoeWEgdm0KZGh5IHZtIGNoeWZwdW4gb3B6IHdzaHV6LCBsY2x1IGFvdmJubyBvbCBpbCBoanhiaHB1YWxrCmRwYW8gYW9sIE1wY2wgSGtjaHVhaG5seiwgZHBzcyBtaHBzIGF2IHRocmwgYW9sIGlsemEgYnpsCnZtIG9weiB0bHUuCjcuIE9sdWpsIHB1IGFvbCBkcHpsIHNsaGtseeKAmXogd3NodXosIGp2dXpwa2x5aGFwdnV6IHZtCmhrY2h1YWhubCBodWsgdm0ga3B6aGtjaHVhaG5sIGRwc3MgaWwgaXNsdWtsayBhdm5sYW9seS4gQW9sIG1zaG4gcHo6IGFvcHogcHogaWh1aHVoei4KOC4gUG0gdmJ5IGxld2xqYWhhcHZ1IHZtIGhrY2h1YWhubCBpbCBhbHR3bHlsayBwdSBhb3B6CmRoZiwgZGwgdGhmIHpiampsbGsgcHUgaGpqdnR3c3B6b3B1biBhb2wgbHp6bHVhcGhzCndoeWEgdm0gdmJ5IHpqb2x0bHouCjkuIFBtLCB2dSBhb2wgdmFvbHkgb2h1aywgcHUgYW9sIHRwa3phIHZtIGtwbW1wamJzYXBseiBkbApoeWwgaHNkaGZ6IHlsaGtmIGF2IHpscGdsIGh1IGhrY2h1YWhubCwgZGwgdGhmIGxlYXlwamhhbCB2Ynl6bHNjbHogbXl2dCB0cHptdnlhYnVsLgoxMC4gWWxrYmpsIGFvbCBvdnphcHNsIGpvcGxteiBpZiBwdW1zcGphcHVuIGtodGhubCB2dQphb2x0OyBodWsgdGhybCBheXZiaXNsIG12eSBhb2x0LCBodWsgcmxsdyBhb2x0IGp2dXphaHVhc2YgbHVuaG5sazsgb3ZzayB2YmEgendsanB2YnogaHNzYnlsdGx1YXosIGh1awp0aHJsIGFvbHQgeWJ6byBhdiBodWYgbnBjbHUgd3ZwdWEuCjExLiBBb2wgaHlhIHZtIGRoeSBhbGhqb2x6IGJ6IGF2IHlsc2YgdXZhIHZ1IGFvbCBzcHJsc3BvdnZrIHZtIGFvbCBsdWx0ZuKAmXogdXZhIGp2dHB1biwgaWJhIHZ1IHZieSB2ZHUgeWxoa3B1bHp6IGF2IHlsamxwY2wgb3B0OyB1dmEgdnUgYW9sIGpvaHVqbCB2bSBvcHogdXZhIGhhYWhqcnB1biwgaWJhIHloYW9seSB2dSBhb2wgbWhqYSBhb2hhIGRsIG9oY2wgdGhrbCB2Ynkgd3Z6cGFwdnUgYnVoenpocHNoaXNsLg==
base64decode->rot19 gives us Chapter 8 "Variation In Tactics" of Sun Tzu's "Art of War" except paragraph 7:
"7. Hence in the wise leader’s plans, considerations of advantage and of disadvantage will be blended together."
has had the string "The flag is: this is bananas" added after it
FLAG: flag{THIS_IS_BANANAS}
Break the code
[Decode.txt]:
TURFd01EQXdNREVnTURFeE1ERXhNVEVnTURFeE1ERXhNREFnTURBeE1EQXdNREFnTURFeE1ERXhNREVnTURFeE1UQXdNVEVnTURFeE1ERXdNREFnTURFeE1ERXhNVEFnTURBeE1EQXdNREFnTURFeE1UQXdNREFnTURFeE1URXdNVEFnTURBeE1URXdNVEFnTURBeE1EQXdNREFnTURFd01UQXdNVEVnTURFd01ERXhNREFnTURFd01UQXhNREFnTURFd01UQXhNVEVnTURFd01UQXdNREFnTURFd01URXdNREVnTURFd01ERXdNREE9
base64decode->base64decode->binary-to-ASCII->rot19 gives us "The flag is: LEMPIRA"
FLAG: flag{LEMPIRA}
The Fair Play Food Magazine has published a recipe of a traditional dish in Honduras, in local language. Hidden in the recipe is your flag, keep in mind to write it as: flag{wordsdiscovered}. Warning: this challenge may cause second effects, such as the munchies.
[Baleada_Time.pdf]: https://www29.zippyshare.com/v/9FApjxqJ/file.html
The PDF starts off with "Category: RECIPES" and continues with a Spanish language recipe. The second word in the recipe is a bolded "6baleada". Other words in the text also have a single digit prefix.
Taking all of these words: 6baleada, 3emblemático, 1Honduras, 5prefieras, 1baleada, 4preferidas, 1Baleada, 2versión, 1queso, 4sabor, 7existen, 1que, 2Harina & 6azúcar
and taking the letter at the index indicated by the number from the word, we get the letters dbhibfbeqonqar.
Decoding that string with the Playfair cipher using the key RECIPES (well, RECIPS, due to the nature of Playfair) gets us BALEADACONUOSE
FLAG{baleadaconuose}
Copán Ruins are one of the most important remnant sites of the Mayan civilization. The city composed of a main complex of ruins with several secondary complexes encircling it. The main complex consists of the Acropolis and important plazas. Among the five plazas are the Ceremonial Plaza, with an impressive stadium opening onto a mound with numerous richly sculptured monoliths and altars; the Hieroglyphic Stairway Plaza, with a monumental stairway at its eastern end that is one of the outstanding structures of Mayan culture. On the risers of this 100 m wide stairway are more than 1,800 individual glyphs which constitute the longest known Mayan inscription. Many misteries are still being uncovered. Today, who knows, even a flag may come by if you observe closely.
[Copan_Ruinas_site.zip]: https://www117.zippyshare.com/v/xBGuSIy9/file.html
The ZIP file contains 7 images:
site_0129_0001-750-750-20090918162409.jpg
site_0129_0002-1000-1503-20140516114417.jpg
site_0129_0003-1000-1500-20140516114418.jpg
site_0129_0004-1000-667-20140516114419.jpg
site_0129_0005-1000-667-20140516114420.jpg
site_0129_0006-1000-667-20140516114420.jpg
site_0129_0010-1000-1500-20140516114423.jpg
Zooming into "site_0129_0004-1000-667-20140516114419.jpg" the flag is printed in faint text just underneath the statue.
FLAG: flag{K_INICH_YAX_KUK_MO}
This message was intercepted and a flag was hidden in it, can you find it?
[PGP_Message.txt]:
-----BEGIN PGP MESSAGE-----
fF4DOZ2iHDgNh5sSAQdAJjBKrBOuCIy1nozB8MNHi7RJtzQEsk4jyEUw554HKEYw
l8BorcyGck5OdEqdFaWsP5BtppkV/ey8j6/Dd+CmZLKjYBAX0jB+jdah2U5DsifR
aMALAQkCEFCHd+jd3GtuJCavnudnYmVTLpoHiQ/JNSafzSCVgOhqykqiCa62Ub/r
gGzhIfM8Dq3qzSjRZip7HAwaESIu4tLQ/kxSnJZwclkYzFIV1jxLN1LtextoY6o+
/UkNAIEH5LLVDgyL1Ids7S5zem0yWHZzpRehTJEXYGzc3xf5/L2fu3vGoFKrb4JW
ILTySgnXwnqe8sKShfGLPrTqLIsBZEd5zQnjW/6YJqrfytrPbovVSB8wBOk0KL3B
sF4DOZ2iHDgNh5sSAQdAJjBKrBOuCIy1nozB8MNHi7RJtzQEsk4jyEUw554HKEYw
e8BorcyGck5OdEqdFaWsP5BtppkV/ey8j6/Dd+CmZLKjYBAX0jB+jdah2U5DsifR
eMALAQkCEFCHd+jd3GtuJCavnudnYmVTLpoHiQ/JNSafzSCVgOhqykqiCa62Ub/r
4GzhIfM8Dq3qzSjRZip7HAwaESIu4tLQ/kxSnJZwclkYzFIV1jxLN1LtextoY6o+
wUkNAIEH5LLVDgyL1Ids7S5zem0yWHZzpRehTJEXYGzc3xf5/L2fu3vGoFKrb4JW
iLTySgnXwnqe8sKShfGLPrTqLIsBZEd5zQnjW/6YJqrfytrPbovVSB8wBOk0KL3B
lF4DOZ2iHDgNh5sSAQdAJjBKrBOuCIy1nozB8MNHi7RJtzQEsk4jyEUw554HKEYw
d8BorcyGck5OdEqdFaWsP5BtppkV/ey8j6/Dd+CmZLKjYBAX0jB+jdah2U5DsifR
FMALAQkCEFCHd+jd3GtuJCavnudnYmVTLpoHiQ/JNSafzSCVgOhqykqiCa62Ub/r
lGzhIfM8Dq3qzSjRZip7HAwaESIu4tLQ/kxSnJZwclkYzFIV1jxLN1LtextoY6o+
4UkNAIEH5LLVDgyL1Ids7S5zem0yWHZzpRehTJEXYGzc3xf5/L2fu3vGoFKrb4JW
gLTySgnXwnqe8sKShfGLPrTqLIsBZEd5zQnjW/6YJqrfytrPbovVSB8wBOk0KL3B
!F4DOZ2iHDgNh5sSAQdAJjBKrBOuCIy1nozB8MNHi7RJtzQEsk4jyEUw554HKEYw
/8BorcyGck5OdEqdFaWsP5BtppkV/ey8j6/Dd+CmZLKjYBAX0jB+jdah2U5DsifR
=JDUQ
-----END PGP MESSAGE-----
Trying to read the armoured message in PGP results in an error. Looking closely at the data it's not proper Radix-64.
Taking the first character of each line gets us the flag.
FLAG: flag/Isee4wildFl4g!/
This device was used to place long distance calls... without paying fees. Flag format: flag{WORDS_IN_FLAG}
FLAG: flag{BLUE_BOX}
This pyramid in Copan Ruins holds a secret temple inside, in which the flag has been stored.
[pyramid.jpg]: https://i.imgur.com/E9L70RK.jpg
pyramid.jpg has additional data after the JPEG file ends, the text
"01101000011101000111010001110000011100110011101000101111001011110110100101100010011000100010111001100011011011110010111101000111011101100011100101110100001101110100101100110000"
which decodes to https://ibb.co/Gv9t7K0 which links to an image that has the flag written in small light text.
FLAG: flag{The_Rosalila_Temple}
Join our Discord to keep us informed of any anomalies… aaaand to get a flag https://discord.gg/b7smyhum
The flag is the pinned message in the #general channel.
FLAG: flag{H3ll0_W0rld}