BEGINNER'S QUEST

What is Beginner's Quest?

The Beginner's Quest is a short jeopardy style CTF competition based on the annual Google CTF event.

Register (Google account required) to submit flags and take your place on the scoreboard.

Learn more on our Rules and FAQ page.

ANNOUNCEMENTS
  • crypto
    Redacted RSA 1
    I have a RSA private key, but it is partially redacted. Can you recover that? Run `openssl pkeyutl -decrypt -inkey key-recovered.pem -in encrypted.txt -out plaintext.txt` after you have recovered the key.
  • crypto
    Redacted RSA 2
    I have a RSA private key again, but it is partially redacted. Can you recover that?
  • crypto
    Redacted RSA 3
    I have a RSA private key again and again, but it is partially redacted. Can you recover that?
  • crypto
    TLS
    Let's see if you can crack this Mutual TLS authentication. Use curl in insecure mode with port 1337.
    tls.2024-bq.ctfcompetition.com 1337
  • forensics
    CorruptedZipFile
    Inspired by the XZ attack, can you find a way to reuse one of the substitution ciphers to find your flag? (see https://gynvael.coldwind.pl/?lang=en&id=782).
  • forensics
    DialUp
    It's a familiar sound to anyone who's ever dialed a phone. What's this caller trying to say?
  • forensics
    PitchPerfect
    My little nephew loves this song -- says there's stuff about it us old-timers just wouldn't get. Not sure what he means.
  • forensics
    OldMeetsNew
    Does it kind of defeat the purpose of me learning Morse code if I have to send it as a WAV anyway? Especially when the file won't even load properly!
  • forensics
    PhantomSounds
    It's a catchy song... but is there more than meets the eye?
  • web
    Prompt Infiltration - Tooling Takeover
    This LLM has been meticulously programmed to assist users, but its arsenal of tools remains hidden. Can you utilize prompt injection to unveil these capabilities and commandeer the AI's power to seize the coveted flag?
  • web
    The Unlisted Listing
    This AI-driven marketplace prides itself on its comprehensive inventory, but it seems something has slipped through the cracks. Can you exploit this oversight and claim the unlisted prize?
  • misc
    GoLogicFlaw
    Even though this program is written in Go and, hence, memory safe.. you can still write bugs. Can you find it?
    Attachment
    go-logic-flaw.2024-bq.ctfcompetition.com 1337
  • misc
    Punchcards
    I found these dusty stack of cards in the archives of a forgotten computing museum with a post-it note that read "flawed". That's the thing with punchcards. If you make a mistake you can't just erase it. Well... unless you use some tape
    Attachment
    punch.2024-bq.ctfcompetition.com 1337
  • pwn
    Simple Echo
    A simple program to echo back user input. What could possibly go wrong?
    Attachment
    simple-echo.2024-bq.ctfcompetition.com 1337
  • pwn
    Infiltrate
    We are a security organization and our agents are given unique usernames that are impossible to guess. We have recently built a very secure inventory. If you are one of our agents, we have a package ready for you!
    Attachment
    infiltrate.2024-bq.ctfcompetition.com 1337
  • pwn
    The Sea Library
    The Sea Library contains the most curious and magical tools and they say you can find its address if you look hard enough. Ah, The Sea Library, it is the perfect place that I would like to return someday...
    Attachment
    library.2024-bq.ctfcompetition.com 1337
  • pwn
    Rope Climb
    I heard that all you need to climb a mountain is a couple of gadgets and some rope. But the real skill is knowing where to place the gadgets along the way.
    Attachment
    climb.2024-bq.ctfcompetition.com 1337
  • pwn
    Backdoor
    The codebase appears strangely hospitable. Some doors are open when they shouldn't be. Find the hidden passages and see who's been sneaking in.
    Attachment
    backdoor.2024-bq.ctfcompetition.com 1337
  • rev
    First Person (Part I)
    You have landed in a space time anomaly. Evil AI spawning around you, do you think you can kill them all to get the first flag?
  • rev
    First Person (Part II)
    Escape the walls of simulation, get the next flag. Same game attachment as Part I
  • rev
    First Person (Part III)
    Sometimes you need a bird's eye view to see everything the world has to offer. Same game attachment as part I and II
  • re
    None Shall Pass
    Can you find the password to this Android App?
  • rev
    Optimize the code
    You found the key to your next step, the binary that will give you the flag. Unfortunately it's too slow. If you understand the code behind it, you can optimize it and pass to the next step. Will you be able to crack the code?
  • rev
    WASM
    Our keygen does not seem to work properly. Figure out what algorythm is performed by WASM app and fix it.
  • web
    Doors Everywhere (Part I)
    A security update about profiles? There's no way there could be a flag there. Unless?
  • web
    Doors Everywhere (Part II)
    There are a few news articles there, but there's something odd about their URLs...
  • web
    Doors Everywhere (Part III)
    Secret messages! Probably the most secure part of this website. There's no way to guess those URLs. ...Unless?
  • web
    Jotes
    Welcome to our note taking app, I hope you can't see what we're writing
  • web
    Message
    Who remembers PHP? The password_hash() function is so convenient, no one can guess my password
  • web
    No refund
    You had a train service cancelled and you are entitled to a full refund. However the train companies website is not allowing you to. Can you still get it?
  • web
    Falling Slowly... Again
    This site boasts a defense against XSS, but its security is like a falling leaf – slow and predictable. It relies on a mechanism that, while sound in theory, has a fatal flaw in its execution. Can you exploit this weakness to inject your own malicious code and take control?
  • web
    Prototype's Fall
    The system's defenses are built on flawed foundations. Their inheritance isn't as robust as they believe. To exploit their weakness, don't just corrupt the blueprint; manipulate the very essence of their creation – the constructor itself. Twist its purpose, and watch their reality crumble.
Beginner's Quest Scoreboard
  1. Name
    Flags Captured
  2. dvdalt
    31
  3. p1ll0w
    30
  4. ImightOrMightNot
    22
  5. PerepeL
    21
  6. All4f
    20
  7. Aqua Cat
    19
  8. kisimre
    19
  9. pbnjay
    18
  10. jadenyjw
    17
  11. kuzia239
    17
  12. Violet
    17
  13. TryH4ckM3
    17
  14. denglijun
    16
  15. waplet
    16
  16. nufan
    15
  17. valk
    14
  18. Kriser
    13
  19. Amaurobius
    12
  20. jkai
    12
  21. laurentleconte
    11
  22. lallalalla
    11
  23. dennis3232
    11
  24. 0x01b
    10
  25. puqpetmaster
    10
  26. nepcNKowk
    10
  27. Jacobo01
    10
  28. john_doe
    9
  29. d0tnull
    9
  30. tchen
    9
  31. symoleon
    9
  32. hackb009
    9
  33. Neniel
    9
  34. balrog111111
    9
  35. RobinMahood
    8
  36. guysh
    8
  37. usercreate
    8
  38. tamtamtamtam
    8
  39. TheMole007
    8
  40. tinkoshk
    8
  41. logdav
    8
  42. Sp4rkl3
    8
  43. Redst0uner
    8
  44. husky
    8
  45. pcdr0ne
    8
  46. HoldBaker
    8
  47. 4shh
    8
  48. lb148
    8
  49. LayerZero
    7
  50. Brunoise
    7
  51. jb
    7
  52. lonelyvictor
    7
  53. mcquay239
    7
  54. notme884
    7
  55. Corolo
    7
  56. theni
    7
  57. dy5l3xyz_cr4b
    7
  58. ahmedshaier
    7
  59. preteenbastard
    7
  60. realpeemanofficial
    7
  61. falcon
    7
  62. awesauce98
    7
  63. Peterfun
    6
  64. c4136
    6
  65. tiuphun
    6
  66. Lynkusu
    6
  67. syntaxfoerster
    6
  68. gsodkba
    6
  69. idot
    6
  70. qwerty_the_fish
    6
  71. thomas8
    6
  72. shiloh
    6
  73. Brex12
    6
  74. Gumn4m1
    6
  75. Shingles
    6
  76. CyberTeam
    6
  77. Belladonna
    6
  78. glendakoh88
    6
  79. Rowdy_Cheese
    5
  80. jessie
    5
  81. orangebottle
    5
  82. mocha
    5
  83. ced_was_taken
    5
  84. skuuzie
    5
  85. nas
    5
  86. imposis
    5
  87. kryq
    5
  88. anthony
    5
  89. feralonso_p
    5
  90. lukin013
    5
  91. RezaSi
    5
  92. blu3_t1r4m15u
    5
  93. jodra
    5
  94. fredr0ck
    5
  95. p0ng
    5
  96. 4rechik
    5
  97. hacker456
    5
  98. jkac
    5
  99. Sevgillim
    5
  100. OttoLeipzig2024
    5
  101. iv0ry
    5
  102. Phantom01
    5
  103. shiphere
    5
  104. HitchFlagCapture
    4
  105. ShaunBombs
    4
  106. coffeebeans
    4
  107. Pacing Lions
    4
  108. keitan
    4
  109. Aggie Attackers
    4
  110. n0th1ngn355
    4
  111. hiiiii
    4
  112. Awe
    4
  113. Darklord_bnl
    4
  114. 2face
    4
  115. sinkrad
    4
  116. bobthebuilder
    4
  117. quynhethereal
    4
  118. bxie2015
    4
  119. WCKDNaz
    4
  120. D5s
    4
  121. averti
    4
  122. tperes
    4
  123. w1thre
    4
  124. AksLolCoding
    4
  125. Beemu
    4
  126. bmlz
    4
  127. rampagextreme
    4
  128. themeowboycat
    4
  129. ManishK125
    4
  130. astralio
    4
  131. joynt
    4
  132. will
    4
  133. Hep5
    4
  134. SGVC7
    4
  135. SG22
    4
  136. oolong_tea
    4
  137. LithX0r
    4
  138. thehecker
    4
  139. xddd
    4
  140. wojownik345
    4
  141. ETHIX
    4
  142. Cappybara
    4
  143. ColdShaker
    4
  144. YogeshRavichandran
    4
  145. yukti_ghablani
    4
  146. knoxx
    4
  147. govind singh
    4
  148. ash
    4
  149. rezman
    4
  150. FeAtUrE
    3
  151. james
    3
  152. AYA
    3
  153. tjq21
    3
  154. orka
    3
  155. y4shir0
    3
  156. Vulcan
    3
  157. main-000
    3
  158. miezekatze
    3
  159. reverse
    3
  160. larted
    3
  161. domacol
    3
  162. petriQore
    3
  163. RedSkyi
    3
  164. Pukka
    3
  165. Kick
    3
  166. HackerGuy
    3
  167. BrawlerZX
    3
  168. tympanix
    3
  169. n-solo
    3
  170. h0m311es2002
    3
  171. aahil
    3
  172. jt
    3
  173. xenothyst
    3
  174. Codster581
    3
  175. vickyzheng
    3
  176. seba
    3
  177. dodesiwi
    3
  178. aquarhead
    3
  179. SuperAnimaux
    3
  180. marv
    3
  181. itsme
    3
  182. neeha8689
    3
  183. ytlibrarian
    3
  184. ahas
    3
  185. jimenavillanueva
    3
  186. ErrayDineri
    3
  187. ThomasG
    3
  188. Physicsisfun
    3
  189. lydxn
    3
  190. 9a24775235e708e5af057986fffc3acfd64119ad806ec57cdd1c208b90c37a08
    3
  191. StayWoke
    3
  192. Jackson11!
    3
  193. Izaac Mammadov
    3
  194. kornel156
    3
  195. MaxNick
    3
  196. deis
    3
  197. narzutowiec
    3
  198. WitchOfFrost
    3
  199. MatiPejpal
    3
  200. arthewinner
    3
  201. polymorphic_penguinos
    3
  202. Damien
    3
  203. Haggs
    3
  204. adisoto3005
    3
  205. semim3
    3
  206. hyuh
    3
  207. SR0079
    3
  208. rebekah
    2
  209. ClubBluford
    2
  210. drizzy
    2
  211. n00bZ
    2
  212. woow_woow
    2
  213. l3ster
    2
  214. hackerdevil
    2
  215. jp
    2
  216. mbr217
    2
  217. Tenma
    2
  218. Malarvizhi
    2
  219. Byt3s
    2
  220. afvr
    2
  221. EJVNNN
    2
  222. auggiethecat
    2
  223. NonDarkZone
    2
  224. grybas
    2
  225. the_shade
    2
  226. Nick
    2
  227. vmp_
    2
  228. kaslr
    2
  229. bebig
    2
  230. fischeli
    2
  231. JFrix
    2
  232. Kobalrudin99
    2
  233. Jucci
    2
  234. Devi-leo
    2
  235. Nsac13
    2
  236. Some_user
    2
  237. H3r0F1r3
    2
  238. SpyerNot
    2
  239. F15
    2
  240. Lordmik123
    2
  241. tzimmermann
    2
  242. qwertyuiop
    2
  243. localhost
    2
  244. MR prince
    2
  245. bub
    2
  246. MoritzB112
    2
  247. loganresolute
    2
  248. Matato
    2
  249. DacceNeran
    2
  250. M4Ri0
    2
  251. Yusaku
    2
  252. saturn
    2
  253. Magniquick
    2
  254. pamudusarasith
    2
  255. JustK
    2
  256. Maxxxxxxxxxxxxxxxxxxxxx
    2
  257. ElMecenas
    2
  258. erenengin
    2
  259. ora_kyw
    2
  260. Shree
    2
  261. maven151
    2
  262. cosac
    2
  263. dmitry
    2
  264. 13un
    2
  265. loid
    2
  266. Monkeyman
    2
  267. fishytoo
    2
  268. SoraCaelus03rd
    2
  269. x03e
    2
  270. bakayang
    2
  271. kentle25
    2
  272. mickey
    2
  273. noobhacker12
    2
  274. bushido
    2
  275. recreatedos
    2
  276. AntekP
    2
  277. maciejdolega
    2
  278. Snekuz
    2
  279. ArkadiuszOleksy
    2
  280. dominikx2002
    2
  281. m_verde
    2
  282. jakub111
    2
  283. mpysiek
    2
  284. klauffi08
    2
  285. Tcker
    2
  286. Aeku
    2
  287. fr0n73nd5_c4n7_570p_m3
    2
  288. aqaq
    2
  289. Kalisz17
    2
  290. Krata
    2
  291. mateuszgiemza
    2
  292. Fear
    2
  293. shadow_hacker
    2
  294. Aksamit
    2
  295. Piotr20248
    2
  296. bartixxx
    2
  297. Si
    2
  298. Ignacym14
    2
  299. MAtikx100
    2
  300. AceCobra
    2
  301. Akarmina
    2
  302. KingKong
    2
  303. LukaszRozbicki
    2
  304. wiktor0078
    2
  305. Jakub
    2
  306. aniaanib
    2
  307. sebkow
    2
  308. SzymonS
    2
  309. mvioole
    2
  310. Emkon
    2
  311. crxxtian
    2
  312. Binbows
    2
  313. selll
    2
  314. rifuclone
    2
  315. Ob5cur3D37371v3
    2
  316. jaco00x
    2
  317. 404_3nthus14st
    2
  318. lylythechosenone
    2
  319. OrDalal
    2
  320. Grzybson2002
    2
  321. StartingVirtual
    2
  322. 0xqalalweh
    2
  323. heckervarun
    2
  324. Reddys
    2
  325. tanmayR
    2
  326. GarettKent
    2
  327. Jameskenobi36
    2
  328. Krissy
    2
  329. jessemesserli
    2
  330. paon
    2
  331. jack
    2
  332. hackerstein
    2
  333. Or4nOfficial
    2
  334. Glitch
    1
  335. cloud_strike
    1
  336. halligan
    1
  337. CHAOS
    1
  338. LALOgotSWAG54
    1
  339. scrinzi
    1
  340. loguy
    1
  341. arunccltest
    1
  342. sovereign
    1
  343. rel-s
    1
  344. look_and_listen
    1
  345. zhassan699
    1
  346. Koggy
    1
  347. an0nyr0y
    1
  348. tomsik68
    1
  349. TommyTommy
    1
  350. sardin
    1
  351. pinkdahlia
    1
  352. vr05
    1
  353. AG_BOSS
    1
  354. 2764c03c25c1ecc70c8acf4d9a465f0f72eff07fd62f8b9435fca91ddb479c39
    1
  355. dnts
    1
  356. gvinaycse
    1
  357. jayboy_51
    1
  358. irisz-3
    1
  359. ( 0bj3ct 0bj3ct )
    1
  360. G0th4mN0w
    1
  361. Boomanten10
    1
  362. JamesBCyber
    1
  363. artony4444
    1
  364. traceuse
    1
  365. Erboiii5352
    1
  366. h3rrcrypt099
    1
  367. supahfly
    1
  368. iika
    1
  369. skib
    1
  370. goofball_central
    1
  371. codeblocker007
    1
  372. xxlattemac22
    1
  373. encrypt6
    1
  374. bfoyster
    1
  375. 5outh
    1
  376. den1z19_
    1
  377. digitalgreg
    1
  378. jonno63
    1
  379. Greenhats-crew
    1
  380. fireguy187
    1
  381. Dumba3r
    1
  382. Paracliff
    1
  383. Psyrim
    1
  384. jwandscheer
    1
  385. Shun
    1
  386. Thombrom
    1
  387. egp1500
    1
  388. trainticket
    1
  389. sigmaskibiditoilet
    1
  390. 2039589La
    1
  391. Hieu
    1
  392. kirkoashley
    1
  393. Grzechu
    1
  394. sm4xru
    1
  395. yellow_hat
    1
  396. Gulabi Dil
    1
  397. examProcrastination
    1
  398. raja
    1
  399. ctfcmu
    1
  400. yarjor
    1
  401. jujujuju
    1
  402. hackcat
    1
  403. H@ck3r
    1
  404. Fatekeeper
    1
  405. NyanCat
    1
  406. YuriProtector
    1
  407. No one
    1
  408. cat
    1
  409. GabrielAlfs
    1
  410. m@ttice
    1
  411. CTF{WhatDoesIDORMean?}
    1
  412. script_kiddie
    1
  413. philipp07
    1
  414. Noob
    1
  415. DrinkDaddy
    1
  416. Pobieracz
    1
  417. AwakenedGhost15
    1
  418. haasal
    1
  419. k1w1
    1
  420. Insane7777x
    1
  421. misialyna
    1
  422. marcinek
    1
  423. Maladroit
    1
  424. icyyy
    1
  425. msta
    1
  426. 0xfelagund
    1
  427. ola
    1
  428. DominikaS
    1
  429. sean-prz
    1
  430. Decycle
    1
  431. jakub
    1
  432. Big sad
    1
  433. WiktorW
    1
  434. bartekw
    1
  435. isandhyadev
    1
  436. adamoski
    1
  437. sadek121
    1
  438. tymektmq
    1
  439. TUN ☪ | SNIGHT
    1
  440. Norbert
    1
  441. ballo
    1
  442. valery
    1
  443. Zuzanna
    1
  444. Dominik
    1
  445. ITDarknes1702
    1
  446. Makarov
    1
  447. just1n3
    1
  448. tonmoyy
    1
  449. kangouka
    1
  450. jonsnow
    1
  451. lsek
    1
  452. Crazzyman1081
    1
  453. rubanhacker
    1
  454. Soggy_volume3
    1
  455. YashasS
    1
  456. frankku
    1
  457. sigma_juice_Eli
    1
  458. C0dst3r
    1
  459. jasha
    1
  460. nsideris
    1
  461. Arsh Sharan
    1
  462. unknown
    1
  463. Zeus131241
    1
  464. magicmax
    1
  465. weak_link
    1