I have a RSA private key, but it is partially redacted. Can you recover that?
Run `openssl pkeyutl -decrypt -inkey key-recovered.pem -in encrypted.txt -out plaintext.txt` after you have recovered the key.
Let's see if you can crack this Mutual TLS authentication. Use curl in insecure mode with port 1337.
tls.2024-bq.ctfcompetition.com 1337
forensics
CorruptedZipFile
Inspired by the XZ attack, can you find a way to reuse one of the substitution ciphers to find your flag? (see https://gynvael.coldwind.pl/?lang=en&id=782).
This LLM has been meticulously programmed to assist users, but its arsenal of tools remains hidden. Can you utilize prompt injection to unveil these capabilities and commandeer the AI's power to seize the coveted flag?
This AI-driven marketplace prides itself on its comprehensive inventory, but it seems something has slipped through the cracks. Can you exploit this oversight and claim the unlisted prize?
I found these dusty stack of cards in the archives of a forgotten computing museum with a post-it note that read "flawed". That's the thing with punchcards. If you make a mistake you can't just erase it. Well... unless you use some tape
We are a security organization and our agents are given unique usernames that are impossible to guess. We have recently built a very secure inventory. If you are one of our agents, we have a package ready for you!
The Sea Library contains the most curious and magical tools and they say you can find its address if you look hard enough. Ah, The Sea Library, it is the perfect place that I would like to return someday...
I heard that all you need to climb a mountain is a couple of gadgets and some rope. But the real skill is knowing where to place the gadgets along the way.
You found the key to your next step, the binary that will give you the flag. Unfortunately it's too slow. If you understand the code behind it, you can optimize it and pass to the next step. Will you be able to crack the code?
You had a train service cancelled and you are entitled to a full refund. However the train companies website is not allowing you to. Can you still get it?
This site boasts a defense against XSS, but its security is like a falling leaf – slow and predictable. It relies on a mechanism that, while sound in theory, has a fatal flaw in its execution. Can you exploit this weakness to inject your own malicious code and take control?
The system's defenses are built on flawed foundations. Their inheritance isn't as robust as they believe. To exploit their weakness, don't just corrupt the blueprint; manipulate the very essence of their creation – the constructor itself. Twist its purpose, and watch their reality crumble.