Archived Challenges
Solutions can be found on the blog
Bored? Wanting to review old challenges? Well, here they are!
Week 8
10/26-10/30
Vacay All Day
{Forensics} Briefing:
​Did you know that social media can be used to help us track the location of a hacker? Looking up information about our hacker could prove useful when trying to find the location and plans of the hacking. Use “instaGraff” to find the location of the hacker and help us find where the hacker is operating from. Hint: We’ve found a recent photo containing some clues on the hacker’s location, see if you can use the photo to find out where the hacker is on vacation. The flag is the name of the city!
Hexillology
{Forensics} Briefing:
You want a flag, you get a flag, but first you have to find the flag hidden within the flag.
Is this a prank? Apparently, someone hacked our site and compromised our logo. Again. They even went to the length of designing a new flag for us. They also left us a message...Dear Cyber Catamounts,
Greetings. We have noted that you’re quite fond of flags, but how can you call yourselves flag lovers if you can’t find a flag within a flag? Here’s a new flag for you, have fun scratching your heads over it. We’ll see who’s the real flag lover.
Sincerely,
FL@g L0v3Rs (by no means related to Starbucks lovers)
​
✨Special prize ✨
Whoever solves this challenge first gets:
-
The title of the flag l0v3eR (announced in our slack channel)
-
Your own personalized flag (designed by a random senior)! Chose your own color scheme at https://color.adobe.com (up to 6 colors) and contact us through email or slack for any elements you prefer.
Week 7
10/19-10/23
Dotty Hackers
{Crypto} Briefing:
Lately, the hacker group in our school has been acting sort of weirdly, or should I say “dotty?” We found this weird string lying around in one of the computers they’ve hacked. Can you try to decode it to find if there’s some sort of password inside that they’ve stolen?
4f7572.......206..........e65787......4.2....074617267657.4...206172.6....520746865206d6f647.........3e2.8.0a6........205061737...3.776f726420746f2074.....6865207379737...........4656d206973...2.0.315.....f416d5f6...15.......f.6241.4......4.5f683478...3072
Week 6
10/12-10/16
The White Boxes
{Forensics/Linux} Briefing:
​
Over the weekend one of our agents was trying to sell some used items on a site. On this site, in order to sell an item, you must upload a picture of the item(s). When the agent went to upload the individual pictures of the two items they were trying to sell the picture upload boxes were different. Find out why the picture upload boxes were different and use it to figure out if anything suspicious is going on with the website. Hint: The difference in the picture upload boxes is the key to solving this mystery.
Week 5
10/5-10/9
Clues in History
{Forensics} Briefing:
Clues about our ancestry, the early stages of earth, and even extinct animals can be found all around us if we know where to look and how to recognize them. Just like these clues, it's up to you agent to find and recognize the clue in this document. We got our hands on this document when An agent of ours was helping a teacher grade assignments for a world *history* class and noticed that something extremely dangerous. When the teacher emailed the assignment google docs to the agent there was something that the agent found suspicious right away. It seemed like there was a coded message in the document that the hacker wanted the teacher to find so that they could hack into the teacher’s computer. Help us find and decode the hidden message so that the teacher’s cybersecurity doesn’t get compromised.
Week 4
9/28 - 10/3
The Tale of Terrible Texters
{Crypto) Briefing: Recently our agents have found a very interesting conversation between two hackers of a local hacking group called The TechTalkers, which could threaten the security of our school. The conversation was brought to our attention by an inside double agent who got us some text messages between members of the group and it's up to you agent to decode the messages, find out their meaning, and stop these hackers.
Hint: The messages contain a lot of emojis and it seems like those emojis are referring to turning something on or off. Find out what it is and why it's being turned on/off for a chance to stop the TechTalker's evil plans.
Endgame
{Web) Briefing: Hi all, we've found an API endpoint that looks pretty suspicious. We know this hacker team is pretty bad on the defensive side, so we're sure that a word list of the 1k most common passwords will be of use. However, we have received intel that in order for you to gain access, the password must be encoded in base32. Good Luck!
Challenge credits to CyberFastTrack. Thank you for the learning resource!
Week 3
9/21 - 9/25
Homerun!
(Crypto) Briefing:
Attention CyberCatamounts agents: we have discovered a new group of hackers that go by the name of The Baseballers who are avid sports fan. One of our agents who is an enormous baseball fan found a suspicious website selling baseball tickets and decided to do some investigating. We have been tracking the hacker's specific activity on the site and have discovered a message. It's up to you agent to use your baseball knowledge to figure out what the baseballers are up to.
​
Hint: Think about the number of bases in baseball plus one
Hint 2: If you don't know how what happened to the message (how it was encoded), maybe think about using one of our tools...
Week 2
9/14 - 9/18
[REDACTED]
(Forensics) Briefing:
Agent, we want you to be out on the lookout for anything suspicious and see if you can find any threats to our system. Your first lead is that our team found this document lying around in one of the hacker's computers. Careless, we know, but we can exploit this weakness! See if you can recover the secret password as it could help us to learn more about the hackers and their next plan.
Logo? Gone. Hotel? Trivago.
(Forensics) Briefing:
In case you didn't notice, our logo has been compromised... And unfortunately, we have a pretty good idea of who did it. They're really just trying to get revenge on the money we rightfully stole back. Our team thinks that they've hidden a message in this compromised black and white image, so can you try to uncover it?
Week 1
9/7 - 9/11
Dash for the Cash 🤑
(Web) Briefing:
The hacker group is really on another level now... They have a company name, SCDP Associates, which is acting as their alias! We need you to infiltrate their vulnerable Employee Portal and find a way in so we can find out what they've been up to. Hurry! We think they've been stealing money from our club.
Note: this challenge is purely thinking skills based and no technical skills are required. Use your head, persist, and you'll get it!
​
Hint: What happens when you try to sign in? Does the url change? How could you take advantage of that? Remember: you can't change anything on the website, but you can change the url...
​
-- XOR and 3M535C
Website credits to CyberFastTrack. Thank you for the resource!
Demo Challenges
8/17 - 9/7
print("hello flag!")
(Python) Briefing:
An interesting one for you, agent. We captured a hacker’s computer, and our forensics expert recovered this deleted file from it. It seems like a flag generator, but the codes are obfuscated. We could spend forever reversing the python script, or we could just run it to print the flag, Can you figure out how to get it running?
​
-- XOR
Oh no! Someone spilled their Starbucks Frappe :(
(Binary) Briefing:
I was sitting in my first period Google Meets meeting when someone knocked over their Starbucks Frappe. How sad. However, the team thinks this was a signal to the other notorious C0Ff33L0verS hacker team members that are hiding in our school. We were able to obtain the username and program they use to login to their secret system, but we can’t figure out how to sign in!
​
-- 3M535C
Worse Codes
(Crypto) Briefing:
Great news, we managed to track down the station of a notorious hacker group. They were gone when we arrived, but they left in a haste and left something in behind. We find this shred of paper in their station, which also has a telegraph. We believe it’s an encoded message. Can you find a way to crack it?
​
-- XOR
​
Hint: Come on, who still uses telegraphs now? Oh, did you know who invented telegraph in 1835?
Hint 2: The flag is the decoded secret code, all uppercase.
​
Encoded Message:
. -.. --- -.-. -. . ..--.- . .-.. -... ..- --- -..
---... . -.. --- -.-.
- . .-. -.-. . ...
Beep. Boop. Beep. Plants?
(Web) Briefing:
The team has discovered a suspicious website that was linked on the Panther Creek website*-supposedly selling house plants? (To be honest, the Poplantis is pretty cool though, if I say so myself). This might be the next step in uncovering the C0Ff33L0verS hacker team’s plans, as we believe there’s something preventing our reconnaissance robots from crawling on their website. Give it a go!
​
-- 3M535C
​
Tip: What tells “search engine crawlers which pages or files the crawler can or can't request from your site?”
​
Note: For legal reasons, this website is not on the PC website, so don’t search for it.
​
This was actually a challenge created by CyberFastTrack, so thank you to them for the learning resource!
Something's fishy...
We’ve received intel that a hacker is hiding behind “FishyToni,” and our intelligence specialists haven’t been able to uncover any new findings with this name. Maybe you could try using the resources you have access to in order to try and uncover their secret? One more thing Agent, we’ve also found a random post on a forum from them stating that they like birds that tweet.
​
-- 3M535C
​
Tip: Social media reveals a lot about someone.
(OSINT) Briefing:
Keen eye
(Forensics) Briefing:
We need your help here, agent. We’ve intercepted a message between two hackers. It seems like an innocuous image, but we get the feeling that there’s something fishy going on here. Can you take a close look at the image, and find the hidden message in it?
​
-- XOR
​
Hint: Sometimes, patience and persistence are all it takes.
​
Out of patience? Hint #2: Make sure you are looking in the right direction… (The right direction for you, that is.)
​
Still no luck? Well, don’t fidget, zoom in, and look closer…
​
Hint #3: ...For all too often, the answer goes right above someone’s head.
Suggestions? Want a new type of challenge?
Tell us here!