Challenges were archived after the CTF from ctfx.sieberrsec.tech, with edits made to some challenge descriptions in challenges.json to remove and move source code to their respective locations in the files directory (marked out by [SOURCE CODE]). Challenge files should also be also available there, since links to files (especially those hosted on the platform) may break.
Note: Some files are split into mutliple smaller files due to GitHub’s file size limit, reassemble in 7-Zip using Combine files... or cat filename.zip.* > filename.zip.
// cc simple.c -o simple -fstack-protector-all
int main(void)
{
puts(” want a flag? just play until you win!”); puts(“goal: become billionaire!”); int account_value=”1000000;” while (account_value
#include<stdio.h>
#include<stdlib.h>// cc simple.c -o simple -fstack-protector-allintmain(void)
{
puts("Want a flag? Just play until you win!");
puts("Goal: Become a billionaire!");
int account_value = 1000000;
while (account_value < 1000000000) {
printf("\nAccount value: $%d\n", account_value);
puts("Commands:");
puts("1. Withdraw money");
puts("2. Deposit money");
printf("Choose an option [1/2]: ");
int option = 0;
scanf("%d", &option);
while (option != 1 && option != 2) {
puts("Invalid option!");
printf("Choose an option [1/2]: ");
scanf("%d", &option);
}
if (option == 1) {
printf("Amount to withdraw: ");
int withdrawal = 0;
scanf("%d", &withdrawal);
account_value -= withdrawal;
} else {
puts("LOL no you are not allowed to deposit money. :(");
}
}
printf("\nAccount value: $%d\n", account_value);
system("cat flag");
return0;
}
warmup
Points: 316 Solves: 17 Author: main
Flag: IRS{nU1L_t3rminat0r}
Description
Just a warmup. nc challs.sieberrsec.tech 3476
<div class="highlight highlight-source-c position-relative overflow-auto" data-snippet-clipboard-copy-content="#include
int main() {
char input[32];
char flag[32];
// read flag file
FILE *f = fopen(” flag”, “r”); fgets(flag, 32, f); fclose(f); read the user’s guess fgets(input, 0x32, stdin); if matches flag (!strcmp(flag,input)) { puts(“predicted!”); system(“cat flag”); } else puts(“your was wrong :(“); }”>
#include<stdio.h>intmain() {
char input[32];
char flag[32];
// read flag file
FILE *f = fopen("flag", "r");
fgets(flag, 32, f);
fclose(f);
// read the user's guessfgets(input, 0x32, stdin);
// if user's guess matches the flagif (!strcmp(flag,input)) {
puts("Predicted!");
system("cat flag");
} elseputs("Your flag was wrong :(");
}
N.B. please do not try to bruteforce the flag. Attempts at doing so will be taken as an attack on server infrastructure, and will leave you liable for disqualification.
// cc malloc.c -o malloc -fstack-protector-all
int main(void)
{
// Variables
int *arr; // int pointer to an array
char *msg; // C-string to store your message
size_t length = 0;
// Welcome message
puts(” welcome to sieberrsec ctf!”); allocates 123456 bytes of memory arr=”(int” *)malloc(123456); sets first element 1 arr[0]=”1;” leaks the address printf(“leak: %p\n”, arr); gets length your message printf(“length message: “); scanf(“%lu”, &length); store as a c-string +1 is null-byte that ends string msg=”malloc(length” + 1); reads input into printf(“enter read(0, msg, length); end msg[length]=”0;” write from write(1, goal: somehow make 0 if (arr[0]=”=” 0) { system(“cat flag”); } return 0; }”>
#include<unistd.h>
#include<stdio.h>
#include<stdlib.h>// cc malloc.c -o malloc -fstack-protector-allintmain(void)
{
// Variablesint *arr; // int pointer to an arraychar *msg; // C-string to store your messagesize_t length = 0;
// Welcome messageputs("Welcome to Sieberrsec CTF!");
// Allocates 123456 bytes of memory
arr = (int *)malloc(123456);
// Sets first element of arr to 1
arr[0] = 1;
// Leaks the memory address of arrprintf("Leak: %p\n", arr);
// Gets length of your messageprintf("Length of your message: ");
scanf("%lu", &length);
// Allocates memory to store your message as a C-string// +1 is to store the null-byte that ends the string
msg = malloc(length + 1);
// Reads length bytes of input into msgprintf("Enter your message: ");
read(0, msg, length);
// Null-byte to end the string
msg[length] = 0;
// Write length bytes from msgwrite(1, msg, length);
// Your goal: somehow make arr[0] == 0if (arr[0] == 0) {
system("cat flag");
}
return0;
}
rock farm simulator 2011
Points: 799 Solves: 2 Author: main
Flag: IRS{so_long_space_pony}
Description
Rocks, ponies, and all the time in the world! Can you get the Princess’ flag?
““ssh` is solely used here to allocate a pseudo-tty to make the ncurses-based UI work properly.
There is no ssh jailbreak, Linux pentesting, username bruteforcing, etc. involved in this challenge.
If you waste your time doing so, it will be considered an attack on server infrastructure && consequently a valid reason for disqualification.“`
Hint 1: You may want to try compiling & running the program yourself; the binary given was compiled without Rust’s default debug features.
Hint 2: You probably don’t want to write a script for this one.
Hint 3: The challenge simple was released at the same time for a reason.
Turbo Fast Crypto, part 2
Points: 900 Solves: 1 Author: main
Flag:
Description
Using the key you extracted, we found a link to the source code for turbofastcrypto. There happens to be a secret flag file on the server, and you need to extract it.
A first blood prize of one (1) month of Discord Nitro is available for this challenge.
(the target server is the same as part 1)
Hint 1: find a way to execute print_flag()
Hint 2: you will probably want some kind of disassembler/debugger for this. Googlable software: Binary Ninja, Ghidra, gdb
CRYPTO
Shalom Shalom
Points: 50 Solves: 55 Author: noyou
Flag: IRS{cryptographyiscool}
Description
AT least my mom will let me play cake BASH with my friends if i finish my cryptography homework, can you help me decode it: xibkgltizksbrhxllo wrap the flag header around the decoded message, i.e. IRS{decoded_message}
Hint 1: The hint is in the description
Turbo Fast Crypto, part 1
Points: 117 Solves: 29 Author: main
Flag: IRS{secrets_are_revealed!!}
Description
We found the frontend code for a remote encryption service at nc challs.sieberrsec.tech 3477:
importturbofastcrypto# The source code for this module is only available for part 2 of this challenge :)while1:
plaintext=input('> ')
ciphertext=turbofastcrypto.encrypt(plaintext)
print('Encrypted: '+str(ciphertext))
My partner says it operates under the hood with “XOR“, whatever that means. I need you to recover the key.
Hint 1: Reset the connection if you’re having trouble.
I can’t open this file? Part 2
Points: 189 Solves: 14 Author: origami10004
Flag:
Description
Thanks for helping me recover that file, now I have another file but it has been encrypted into something entirely different. Think you can help me again?
Diffie’s Key Exchange
Points: 192 Solves: 27 Author: noyou
Flag: IRS{d1ff1e_h311m4n!!!}
Description
Diffie created a new key exchange system to help securely transfer private keys in a public channel. Can you see whats wrong with his system? Connect here: nc challs.sieberrsec.tech 1337chall.py
Hint 1: Does the name Diffie sound familiar? Goolge is your best friend!!
I can’t open this file? Part 1
Points: 210 Solves: 30 Author: origami10004
Flag: IRS{n0w_y0u_c4n_c0d3}
Description
Oh no, I’ve encrypted a file and deleted the original! Now I have a file that is filled with rubbish. Thankfully I still have the encryption script, help me recover the original file! I’ll even give you a flag if you do.
totallyfoolproofcrypto
Points: 884 Solves: 7 Author: main
Flag:
Description
In hindsight, rolling my own crypto was a rather stupendous stroke of stupidity. I’ll be switching to a well-known, verified library to fix this.
A first blood prize of one (1) month of Discord Nitro is available for this challenge.
Some amount of “bruteforce” will be necessary — and hence legal — for this challenge.
Hint 1: You should search for ECB related AES crypto CTF problems; this is a rather common newbie challenge
Diffie’s Key Exchange 2
Points: 895 Solves: 4 Author: noyou
Flag:
Description
Diffie learnt that his implementation of the system wasn’t secure :<< and made some changes. Try it now! Connect here: nc challs.sieberrsec.tech 1338chall.py
whodunnit
Points: 895 Solves: 4 Author: seemin
Flag:
Description
The Association of Criminals, Subversives and Insurgents (ACSI, in short) are big fans of RSA encryption, and recently published a list of their members’ public keys. For reasons unbeknownst to us, they have a habit of signing their messages with multiple private keys before encrypting the signed message with a single public key.
Using one of our portable False Base Stations, we captured one of ASCI’s encrypted, doubly-signed, super secret alphabetic passwords (along with the public key used to encrypt it). We need you to figure out who signed the password, and what the password is by decrypting && unsigning the captured RSA transmission.
Flag format: IRS{Name of first person to sign_Name of second person to sign_The password}
Challenge description extemporised by @main
Hint 1: [Encryption: M^e % n = C] [Decryption: C^d % n = M] [Signing: M^d % n = S] [Unsigning S: S^e % n = M]
Hint 2: Obtaining a decryption key (d) is not necessary at any point in this challenge.
Well, boss instructed me not to reveal much, but we’re planning some heist and I need your help.
One of our men tailed someone to their home quite a while back.
He discreetly took a quick picture to mark the location of the person’s house.
Please help me determine the location.
(Actually, the heist was planned to be carried out sometime then, but due to unforeseen circumstances it was delayed and we are now revisiting the resources we had obtained back then).
Submit the flag as IRS{A_B_C_D_E} where:
A. Unit Number (without any spacing and numbers only)
B. Street Name (without any spacing and in all capitals) [e.g. If the road name is “John Rd”, input as “JOHNRD”; “John St” > “JOHNST”]
C. Locality Name (without any spacing and in all capitals)
D. Postcode (numbers only)
E. Number of Storeys of the House (without any spacing and numbers only)
My old friends created an app and made a public presentation about it, but they changed the name to something stupid and wont tell me the old one. Could you help me find the old name?
I managed to get the google slides they used when creating the slides
Flag format: IRS{APPNAME}
A first blood prize of one (1) 500¥ coin is available for this challenge. (note: delivery time may be significant)
A Wealth of Information Part 2
Points: 243 Solves: 24 Author: xzy_10
Flag: IRS{589333_ROUTE_2_TELECOM}
Description
Where was I?
Submit the flag as follows:
IRS{A_ROUTE_X_B} without any spacing and all capitals, copying “ROUTE” as is.
Where:
A = Postal code of the nearest visitor centre
B = Name of the closest building to the place
X = The name of the route/road
“The Sieberr” Heist Part 3
Points: 286 Solves: 12 Author: hongxun
Flag: IRS{B1_MONAVALE_MONAVALEHOSPITAL}
Description
Alright, there are some new developments and I need your help again.
The guy’s name is Casrihms Myrert, you can find him on social media.
He’s going to a hospital to visit someone’s kid, but we hear that there is another person that he will be visiting in the same hospital. This other person is of interest to us.
Let me know what hospital he is going to, as well as what bus he is taking.
Submit the flag as IRS{A_B_C}
A. Bus route number (any letter should be in capitals)
B. Destination of the bus route that the bus is heading to (without any spacing and in all capitals)
C. Name of the hospital that our guy is going to (without any spacing and in all capitals)
How did we get it? You don’t need to know, don’t be silly and ask too many questions.
Anyway, the IT team commented that the guy seemed particularly interested in this photo. Unfortunately though, they were not able to find more info.
Tell me as much information as you can deduce from this photo.
Submit the flag as IRS{A_B_C_D_E_F} where:
A. Name of the street that the photo was taken on (without any spacing and in all capitals) [e.g. If the road name is “John Rd”, input as “JOHNRD”; “John St” > “JOHNST”]
B. Name of the cross street (without any spacing and in all capitals) [e.g. If the road name is “John Rd”, input as “JOHNRD”; “John St” > “JOHNST”]
C. Bus manufacturer (without any spacing and in all capitals)
D. Bus model (without any spacing and in all capitals)
E. Bus route number (any letter should be in capitals)
F. Destination of the bus route that the bus is heading to (without any spacing and in all capitals)
TaiYang IT Solution offers a variety of services, including one that is put behind a supposedly secure Google Log In. However, I heard that it uses… questionable validation code.
You’ll need 7zip to open the archive. If you don’t have it, download it.
Hint 1: Open your browser’s Developer Tools!
Hint 2: There are more easily-bypassable “security” measures hidden in the portal than the code might suggest.
Exploring The Universe! (Part 1)
Points: 479 Solves: 7 Author: willi123yao
Flag: IRS{1nT3rP1anet4rY_F1L3_sYs8emz}
Description
Everyone knows about the big universe that surrounds us, where all of us use daily to retrieve latest information and hottest news from all over the world! It is of course, no other than, the one and only, Internet!
To access files and information on the Internet, we all use a protocol called Internet Protocol (IP). This facilitates locating resources throughout the entire network and finds the best way to the destination.
Come on, its 2021! We are moving everything to the decentralised and distributed, away from all those central organisations! There are so many newer and very revolutionary protocols developed to share information on the web other than common protocols such as HTTPS and FTP.
Now enough of introductions.
Agent Myat is working on a university project to explore the massive decentralised universe and has some juicy information hidden there! However, he is being very tight-lipped about it and we only managed to get these information from him:
Locate his hidden project and unveal his findings to everyone!
TaiYang IT Solution Part 2: Electric Boogaloo
Points: 895 Solves: 4 Author: theoleecj
Flag: IRS{a77rac71ng_y0uR_aUD13nc3}
Description
After the initial vulnerability disclosure, TaiYang IT Solution employed a new cybersecurity specialist to secure their systems which used Google Sign-In.
They were complaining about how their support staff would just login with the company Google Account to any website they received in their Inbox! How terrible!
A first blood prize of one (1) $10 GrabGifts Card is available for this challenge.
FORENSICS
Duck Delivery
Points: 77 Solves: 34 Author: ditzchann
Flag: IRS{H1dD3n_dUck}
Description
I ordered duck for dinner but all I got was an empty box! Can you help me find where it went? DuckBox.jpg
Hint 1: Files can contain other files.
Birds?
Points: 114 Solves: 30 Author: ditzchann
Flag: IRS{s0m3Th1n9_5ouNDs_w3iRd}
Description
I can’t help but feel that the birds are trying to tell me something… suspiciousbirds.mp3
Hint 1: you may want to google for other instances of mp3 files in CTFs
Digging In The Dump Pt. I
Points: 266 Solves: 31 Author: taiz2000
Flag: IRS{D1ggiNg_1N_tH3_chR0M3_h15t0rY}
Description
Our friend, Alex, used to visit a website, but ever since his computer died the url to the website was lost! The only hope now lies in his old hard drive, which was salvaged from his pc Hopefully something useful can be found
Here is a dump of his %APPDATA% folder Can you help him find the website? Download Link
Hint 1: You might want to use a SQLite Browser
Digging In The Dump Pt. II
Points: 292 Solves: 9 Author: taiz2000
Flag: IRS{aL1_uR_p45sw0rD_4r3_b3LOnG_t0_u5}
Description
After finding that website, perhaps you can find the saved credentials to login to his account? (Using the same file in Pt. I)
Computer username: Alex Computer password: Password1 (These are NOT the login credentials for the website)
This challenge is eligible for First Blood prize worth $10, contact @Taiz2000 on Discord if you first blood this challenge.
Mind Cracking Adversity
Points: 299 Solves: 4 Author: xzy_10
Flag: IRS{M1N3VI3W3R}
Description
My thumbdrive got corrupted and all I have left of my /saves folder is this world here…
Help me find out what I built inside!
Note: If you are unable to see the words clearly, open a ticket and show a proof that you found it.
Exploring The Universe! (Part 2)
Points: 382 Solves: 5 Author: willi123yao
Flag: IRS{G3TT1NG-G00D-1S-the-WAY-T0-5UCC35S!}
Description
Oh noes! It seems like Agent Myat has some rather fun teammates, and theres something they’re trying to hide!
Look for the clues and try to uncover what he has been doing lately.
Remember, nothing is really deleted on the Internet.
First blood prize for this challenge is either 1 month Spotify Premium or $10 Starbucks eGift
plush, lush, flush, blush
Points: 688 Solves: 7 Author: xzy_10
Flag: IRS{plu5h_15_f1u5h_0n_th3_gr0und}
Description
ok so there’s this plush that i really want from pokemon centre but there’s no more physical stock left. ? so, i had it delivered in paper mario style instead! can you find the hidden message?
[This is a scripting challenge. You are expected to write a script to solve it.]
Connect to the challenge at nc challs.sieberrsec.tech 29079
Hint 1: Don’t try to do it by hand. Don’t.
I lost my anime collection! Pt. II
Points: 398 Solves: 4 Author: taiz2000
Flag: IRS{b4D_p4rT1tION_tAb13}
Description
One of the drives on my computer just went missing! It’s definitely still in my computer, but I can’t find it anywhere in Windows Can you help me again? Download Link
This challenge is eligible for First Blood prize worth $10, contact @Taiz2000 on Discord if you first blood this challenge.
I lost my anime collection! Pt. I
Points: 500 Solves: 2 Author: taiz2000
Flag: IRS{r41D_f1V3_R3bUi1D}
Description
One of the hard drives in my NAS just died! I heard that it’s in RAID 5, whatever that means.. Can you help me recover my beloved files? Here’s the remaining drives Download
Hint 1: You might want to use VMWare Player. It’s free!
Hint 2: A consumer version of Windows can’t read RAID 5!
John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.
Previous Post
Lets you remove all friends, leave GCs, and leave servers, in an instant
Next Post
A project that me and my friends created as the CSC110 Final Project at UofT