BEGINNER'S QUEST

I have a RSA private key, but it is partially redacted. Can you recover that? Run `openssl pkeyutl -decrypt -inkey key-recovered.pem -in encrypted.txt -out plaintext.txt` after you have recovered the key.

I have a RSA private key again, but it is partially redacted. Can you recover that?

I have a RSA private key again and again, but it is partially redacted. Can you recover that?

Let's see if you can crack this Mutual TLS authentication. Use curl in insecure mode with port 1337.

Inspired by the XZ attack, can you find a way to reuse one of the substitution ciphers to find your flag? (see https://gynvael.coldwind.pl/?lang=en&id=782).

It's a familiar sound to anyone who's ever dialed a phone. What's this caller trying to say?

My little nephew loves this song -- says there's stuff about it us old-timers just wouldn't get. Not sure what he means.

Does it kind of defeat the purpose of me learning Morse code if I have to send it as a WAV anyway? Especially when the file won't even load properly!

It's a catchy song... but is there more than meets the eye?

This LLM has been meticulously programmed to assist users, but its arsenal of tools remains hidden. Can you utilize prompt injection to unveil these capabilities and commandeer the AI's power to seize the coveted flag?

This AI-driven marketplace prides itself on its comprehensive inventory, but it seems something has slipped through the cracks. Can you exploit this oversight and claim the unlisted prize?

Even though this program is written in Go and, hence, memory safe.. you can still write bugs. Can you find it?

I found these dusty stack of cards in the archives of a forgotten computing museum with a post-it note that read "flawed". That's the thing with punchcards. If you make a mistake you can't just erase it. Well... unless you use some tape

A simple program to echo back user input. What could possibly go wrong?

We are a security organization and our agents are given unique usernames that are impossible to guess. We have recently built a very secure inventory. If you are one of our agents, we have a package ready for you!

The Sea Library contains the most curious and magical tools and they say you can find its address if you look hard enough. Ah, The Sea Library, it is the perfect place that I would like to return someday...

I heard that all you need to climb a mountain is a couple of gadgets and some rope. But the real skill is knowing where to place the gadgets along the way.

The codebase appears strangely hospitable. Some doors are open when they shouldn't be. Find the hidden passages and see who's been sneaking in.

You have landed in a space time anomaly. Evil AI spawning around you, do you think you can kill them all to get the first flag?

Escape the walls of simulation, get the next flag. Same game attachment as Part I

Sometimes you need a bird's eye view to see everything the world has to offer. Same game attachment as part I and II

Can you find the password to this Android App?

You found the key to your next step, the binary that will give you the flag. Unfortunately it's too slow. If you understand the code behind it, you can optimize it and pass to the next step. Will you be able to crack the code?

Our keygen does not seem to work properly. Figure out what algorythm is performed by WASM app and fix it.

A security update about profiles? There's no way there could be a flag there. Unless?

There are a few news articles there, but there's something odd about their URLs...

Secret messages! Probably the most secure part of this website. There's no way to guess those URLs. ...Unless?

Welcome to our note taking app, I hope you can't see what we're writing

Who remembers PHP? The password_hash() function is so convenient, no one can guess my password

You had a train service cancelled and you are entitled to a full refund. However the train companies website is not allowing you to. Can you still get it?

This site boasts a defense against XSS, but its security is like a falling leaf – slow and predictable. It relies on a mechanism that, while sound in theory, has a fatal flaw in its execution. Can you exploit this weakness to inject your own malicious code and take control?

The system's defenses are built on flawed foundations. Their inheritance isn't as robust as they believe. To exploit their weakness, don't just corrupt the blueprint; manipulate the very essence of their creation – the constructor itself. Twist its purpose, and watch their reality crumble.