We've exfiltrated some code that RB has been using to encrypt some flags! NICC also found along with the code, a snippet of text: yjp}b{k{_vog1pnb2j31dhs1bsptln. We're sure it must be the flag but can't figure out how to undo the encryption.

Note: flag format is jctf{} for this challenge, not jctfv{}

• Files
  • /files/043bd3f0df4edcbd349f8b03f743b4bf/file.py?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNTJ9.Z_IIfw.U4ps4dEPnCrk0W2R1XxDsoHIT1k

An anonymous party was using Wireshark looking network activity and stumbled across this encrypted text, they then notified NICC and sent the file. This could be a key to something.

• Files
  • /files/e3dd91277ff2cdc373f46ed6c4ff7976/TheHiddenKey.txt?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTZ9.Z_IIgw.xV0VqLzW5nEIkZRag_xi13hm43o

It appears that one of the low-level grunts of the NICC organization have gone rogue. They keep trying to get into a user's account by guessing their password. Can you tell us 1. the name of the user who is being targeted with brute force password guessing attempts and 2. the number of times the rogue user has tried to get into the account? The flag should have the format jctfv{Name_Number} where Name is the username and Number is the count.

• Files
  • /files/74c0740533a89d6c6bd83f6de540bd7b/evtx.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxODl9.Z_IIhw.AejO4hn5I2EgXeSLh0cNohqiUUU

An intercepted audio transmission carries a veiled warning. Some say it’s just noise, others believe it’s the key to an unsolved mystery. Use your forensic skills to dissect the frequencies and uncover the message lurking in the static. Flag format jctf{}

Note: For this challenge the flag format is NOT jctfv{} but is instead jctf{}

• Files
  • /files/a64e507c8276a7f521147dc5816b4bbb/unknown.wav?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxODh9.Z_IIhw.AIET5mAQ63r4hBUkR-H6s1Y5Sx0
• Hints
  1. Sounds of telephone digits being entered

The map with some weird objects stored on a USB flash drive was revealed in one of the New York City's sewage systems…Who left it there? Does it relate to a recent crime on one of NY streets? Or it might be even worse…it was carried through a sewage for miles. Anyway, this is your turn to discover the hidden message.

• Files
  • /files/a84b1ec76d10aaff608925f9a0f3631f/path-finder.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjJ9.Z_IIhw.mFwS0Jub2AOlV0uIUDQ73JzytCk
• Hints
  1. Base64 encoded

A hard drive full of photos. Hundreds of still frames, nothing out of the ordinary. But something’s tucked away — veiled, deliberate.
One image holds more than meets the eye. Peel back the layers. Follow the trace.

Flag format: jctf{IP:Port}
Note: For this challenge the flag format is NOT jctfv{} but instead jctf{}
Note: The IP is not a valid/real IP, this is for your protection.

• Files
  • /files/8c09a79520e3438e86dee39dffaf3d5b/archive.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTB9.Z_IIiA.xyP-GYvheX2c5aEubuGD3BTLpqE

The name g0ldenfalc0n7 doesn’t show up in the usual places—not unless he wants it to. He’s careful. Always has been. Covers his tracks like a ghost in the wind.
That’s why this latest slip-up smells like either a trap… or a desperate mistake.

A public repository on Docker Hub? That’s not like him. Not at all. Simon’s got that look on his face - amusement? Suspicion? I know that look. It means we’re onto something. We might have a shot at something here.

I need you to go digging. Sift through the wreckage. See what he left behind. Could be a breadcrumb. A backdoor. A crack in the armor. Hell, maybe even the key to this whole damn thing.

Doesn’t matter if it’s public or private — secrets have a way of hiding in plain sight. So whatever you find, hold onto it. Could be useful now. Could be useful later. Either way, we’re gonna need it.

Besides, if this is public he might've abandoned it and I doubt he'll come asking for it back.

Flag Format: jctfv{flag}

NOTE: This was unlocked by solving Simon and the Whale and itself unlocks a third challenge. These work together - so share notes with your team and be mindful of what you find.

Unravel the mystery of encrypted data left behind by a sinister attack and recover the hidden key to unlock the shadows. Download the the file here

“Listen, Detective,” the voice on the other end of the line rasped, like someone who'd seen too many sleepless nights. “Looks like we've got a rat in the precinct. Someone's been feeding the press, and it’s only a matter of time before the whole damn thing blows wide open. We need you to dig through the traffic captures, and Windows Logs, figure out where the leaks are coming from. Find out what’s what was spilled, so we can patch up the holes before the damage is done.”

I leaned back in my chair, the leather creaking like an old man’s bones. Another day, another mess to clean up. But something about this felt different. Dirty, like a secret that had been left out in the open too long.

Note: For this challenge the flag format is NOT jctfv{} but is instead jctf{}

• Files
  • /files/228a30854e91047f35df8e2043283f0c/DoNtSeeMe.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjN9.Z_IIiQ.LZQMHMlIMa6VXL8V6J62N6sZVRU
• Hints
  1. Understanding encoding such as base64 might be helpful. We also know the threats loves unpopular archives.

An Agent has left you a message that they received.

Your goal, listen and look at the clues with the file to lead you to the flag.

• Files
  • /files/44020399293036382be042394ebf966e/sounds_secure.mp3?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDR9.Z_IIig.ELWvXQHRDXbmkQS25tasEMKDXkk
• Hints
  1. Could be hidden inside?

A secret agent within The Consortium has made contact with NICC and ACM in hopes of becoming a double agent. In order to identify said agent, a picture was sent to NICC and ACM to decipher and make contact with the agent. Can you figure out this secret agent's pseudonym?

• Files
  • /files/c31adcf673d951ddeb4269f8c4f25d6c/noir.jpg?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDN9.Z_IIiw.UklSQMGgm_79TfA_x5ZIIP5cLMg
• Hints
  1.
  What can extract hidden txt files?

Back when NICC’s coffers were light enough to be collected in person, I got stuck with the worst job in the outfit—waiting in bank lines that moved slower than cold molasses. That was over a decade ago, but I remember the feeling. Stale air. The tick of the clock. The sound of my patience being ground into dust.

Only thing that kept me from losing my mind? A bright yellow billboard across the street. Big, bold numbers staring back at me, burning into my brain like a bad memory. A phone number. One I can’t seem to recall now, no matter how hard I try.

Thing is, I’m starting to think that number wasn’t just some meaningless ad. It might be important. Dr. Tom Lei seems to think so, too, seeing as his goons have been asking around town non-stop about it.

I dug up a picture of the bank I wasted years at. Maybe you can piece together what my memory won’t. What was the phone number on the billboard?

Flag Format: jctfv{###-###-####}

• Files
  • /files/127f6316fa6a547f5b7822fbde92ede7/2022-07-04.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTZ9.Z_IIjg.j-_cSqGMGTPpw-dWSSuj_W5nAfA
• Hints
  1. I wonder how often they update the map on these places?

We intercepted this picture from D00mSay3r - Says they were visiting a friend.
Can you narrow it down for us? Get as exact as you can - we need to follow their footsteps.
Use 3 words to describe the exact location that this photo was taken.

Flag format: jctfv{word1.word2.word3}

• Files
  • /files/2963233e65538b73e360fe96e1b4c83c/where-am-i.jpg?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNTB9.Z_IIjw.w7r2v3KJC4GTHyYgnxF-RypP7Yo

The neon buzzed outside Simon’s window, humming like a bad omen. Ever since G0ldenFalc0n7 showed up, things had gotten… complicated. People were vanishing into thin air, reappearing randomly. Dr. Tom was repeatedly coming near campus, despite his usual absense these last few years. Anna, who normally had ice in her veins, was now squirreled away whispering secrets only the walls could hear. Or so she thought.

Simon caught a whiff of something. This whole thing was rancid. While trying to talk to Anna, he overheard her whispering frantically, her voice was barely audible, dripping with a level of warmth and anxious concern he had not heard from her. "Storing it publicly wasn't smart," she whispered. "You're risking everything, Arthur! You could … What if it gets pulled?!"

That sealed it. Who was Arthur? Something was afoot. Anna would never betray NICC, this was her world! And the other day Simon was told they saw her with someone who looked like the G0ldenFalc0n7…

Is Anna working with The Consortium? Is she working with GoldenFalc0n7? Or is this something deeper?

Simon has his hands full—he needs you to follow the trail. The answers are out there, hidden in plain sight. You just need to look in the right place. Find it and get ready for the next step.

Flag format: jctfv{flag}

• Hints
  1. whale, whale, whale… what do we have here?

Looks like Dr. Tom is still using Beef N Cheddar - where The Consortium has been gathering online… They talk pretty openly, and it looks like some looselips may have been too confident in the security Dr. Tom set up. Those blabbermouths even left this finger print laying around 99AB8B9756802E8ACE7F0A7A421A949FEAFF133F.

NICC suspects it’s part of the network spreading cyber psychosis—trace its location before the infection spreads further!

• Hints
  1. • honest onion, you shouldn't get any clues. I'm sure you'll head in the right direction.

JerseyCTF V Rules

Please open the attached pdf, and read the rules and terms & conditions to gain access to all the challenges for JerseyCTF V (the flag is in the pdf)

Notes for the JerseyCTF V

Please note that all flags are case sensitive, and unless otherwise specified in the challenge description, follow the format shown below:

Flag format for JerseyCTF V : jctfv{answer_flags_like_this}

• Files
  • /files/3bd29a35710def50701057764337b2c0/JCTF_Rules_and_TC.pdf?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTV9.Z_IIkg.yVaMN3vIVo5PqosO6JxiQS1ntLo

I learned some new commands which let me format dates! I made a website to show it off.

Connection Info:
http://time-of-date.aws.jerseyctf.com/?format="%Y-%m-%d"

• Hints
  1. Never trust user input.

A mysterious cyber-detective agency, Black Hat Investigations, claims to uncover secrets others try to keep buried. But something about their website feels…off. Dig through the shadows, inspect the evidence, and find the truth. Can you uncover the hidden message?

Connection Info:
http://encoded-deception.aws.jerseyctf.com

• Hints
  1. Sometimes, secrets are buried in scripts…

To pull off a perfect heist you need a perfect crew. You get invited to a "secret" heist planning group that have come up with the perfect plan to break into "K!ngf1sh" bankvault. The plan was so good in fact you all decided to party the night away. Sadly, once you woke up from the party everyone on your team forgot about the plan and in the end you are own left with a crappy bar napkin with the plans scribbled on. Try to see if you can still pull off the legendary heist.

Connection Info:
http://the-heist.aws.jerseyctf.com

• Files
  • /files/a289f8c3237207b6622a369c77d8b9cc/Plan.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNDh9.Z_IIlA.tnKLBGDzKXZuf_IJZQS5gb5xM6M

We've received a message from Golden Falcon!
"Math is hard! If you think you have what it takes to swim with the fishes, take a dive into the kiddy pool!"
Take on his challenge to get the flag!

Connection Info:
nc kiddypool.aws.jerseyctf.com 9001

• Files
  • /files/fe4fd5380cc31b650257741b7ce55ece/kiddy?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTl9.Z_IIfw.223Tpx1zZjnINt0yxaqgJspYGbY
  • /files/3ec31a5dcba2316e25bce84cce75b961/kiddy.c?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDB9.Z_IIfw.Jm1_DESlzXUDt_LfaHEsCxHPFpw

Deep in a forgotten coal mine of code, a fragile finch guards the gold. With just so many songs to sing, one is bound to crack the silence. Send your message carefully, miner—one wrong note and the finch will scream.

Connection Info:
nc fantaxoticfledgling.aws.jerseyctf.com 1237

• Files
  • /files/33ad73ab159299b90296987c0a5970c8/fantaxotic_fledgling?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjZ9.Z_IIgA.a6xMENlweWgQwz5-By8gs17EJDk

• Maya was doing some indepth research and stated that she discovered some really important intel regarding Loab. Howevever, something happened and we lost contact with her.
• Our operatives are currently tracing her down, but Loab seems to have caught on. Whatever the case is, we NEED to gain access to that information before she finds it and wipes it from us.
• We have all of Maya's login credentials, but she seems to have implemented her own login mechanism that we can't seem to figure out.
• Think you can help?

Connection Info:
nc maya-s-terminal-rescue.aws.jerseyctf.com 5000

• Files
  • /files/e8cf1d7b60c6be92fc5d616e64c98cd1/terminal_rescue?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjh9.Z_IIgA.A08vRPjF6c7eq_BBprYkpsersNI

• The Consortium just unveiled their newest project: HexStore.
• It appears to be an online "museum" of sorts, where they share images to the world to better boost their image and align them against us.
• They seem to be hiding an important "antique". We're not entirely sure what it is, but we don't really like the sounds of it. Think you could help?

Connection Info:
nc hexstore.aws.jerseyctf.com 5000

• Files
  • /files/24f94fb8a217a94362eafb25e51a9790/hexstore?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDJ9.Z_IIgA.2SJ7M-5d2H1E7KN0DnXnDM2jil8

• We managed to uncover a mysterious underground lottery going on, hosted by Roko himself.
• It seems like he's really put all his effort into securing it, but we did manage to extract the crucial data and software before he locked us out for good.
• We need to grab that flag before he auctions it off for good, can you help us?
• If it helps, prior to the alleged launch of this lottery, Roko was going on about the number 647389. We're not sure what it means, but it might help.

Connection Info:
nc rokos-lottery.aws.jerseyctf.com 5000

• Files
  • /files/c630844955c238bb65f031ab2a13481e/libc.so.6?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxODV9.Z_IIgQ.wxGC43jPSt6EhfoNrX5JqpUKVow
  • /files/f0c76b5324528de210c7d56ebcbea668/lottery?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxODZ9.Z_IIgQ.h5QILcUyvy6bWQuqMxK1LFyg0r0
  • /files/0d0e41d776b9eff76e85f957a501737c/ld.so.2?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxODd9.Z_IIgQ.Z5r0K3K-zgkd3pH4gVqNJetXU2g
• Hints
  1.
  Try and take a break! Save your function and have exit() do the rest. I like to call those "exit functions".

We've discovered an old note taking service that Dr. Tom Lei was using a couple years back. We suspect that there's still a flag on machine that's running it. NICC has been able to recover the binary files from him, help them see if they can get a shell!

Connection Info:
nc mallorcy.aws.jerseyctf.com 9001

• Files
  • /files/7c9b28c123ca38cf81d15aef5a989179/ld-2.23.so?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTF9.Z_IIgQ.K3cRiX5aKFKwFs8T_x9-XRx_O-8
  • /files/d7657d8d5332256e8fba3113d5d0d10d/libc.so.6?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTJ9.Z_IIgQ.tdVprtBWaOUYe1o9CvHpWECA0Y0
  • /files/bf1720937b3cd02da8d983de871e77d1/notepad?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTN9.Z_IIgQ.6hds7ndIKuIONuuFpt7Yup8holw

• You are an employee of a business that uses a Scada system. A technician came to the company, plugged something in, and entered into a debug menu on the main plc of the facility. You are tasked with entering that debug menu so the company can debug the system itself. Luckily you snagged a few screenshots of the technician's source code. What inputs should we provide power?

• Key format: jctfv{__BINARY__} where __BINARY__ is the plc inputs in sequencial order and their given on or off state. Only 0's and 1's, no spaces or anything else.

• Files
  • /files/6bb14b68fa2e5c04c19cf62afcfa7ad0/heaven.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTR9.Z_IIgg.Lgq2ONPOmWoBe0uPXry-5BS66eA
• Hints
  1. • Make sure you are not taking the ladder to hell.

Just as you complete your last bin challenge, the consortium strikes again! They've broken up a flag and have hidden its pieces across all challenges labeled "piece of the final puzzle"! Go back to these challenges and see if you can find where these flag fragments are hidden!

• Files
  • /files/3dac7097330ff8ffb37a63d0a2f0d2b6/WitnessYourDefeat.txt?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjd9.Z_IIgg.Iflm8nsDYljQlJVgNn9sP97sq0E

The criminal alphabet, the noir alphabet, the alphabet of a private detective, and whatnot, but there is still something mystical that doesn't look like an alphabet, but at the same time it hides the magical message.

• Files
  • /files/be2412fe1e6cac04a88cbfe4a48dfb05/solveit.png?token=.eJyrViotTi2Kz0xRsjKxNDbTUSpJTcwFcw0tTY10lNIyc1Jh3FoAQrsNmw.Z_IIgw.uko3Jjj27dzElz9QTSYcYX4ZvDY
• Hints
  1. No word separators required.

We created a custom random number generator using XOR-Shift to help us generate pseudorandom numbers. THere may have been an issue with our initialization. Here are the first 5 generated values. Can you predict the next one?

Connection Info:
http://prng-pred.aws.jerseyctf.com:5000/

The sun begins to set as the investigator finds a clue that will change the course of his investigation. The remnants of the thief's equations lay partially washed away in the sand. The equation that lies in the sand is "y^2 = x^3 + __x + __ mod 373". These underscores represent where a number was written but has been washed away. More notes lie in the sand as well, including a coordinate (7,39), and the number 27. The investigator knows that this coordinate and number must be used this equation somehow… but what's missing? Our detective is able to deduce more notes hidden in the underbrush just out of reach. Two scraps of paper that correspond to the two gaps in the equation drawn on the beach. The first paper has two phrases crudely scrawled, being "Fantastic Four Wanted Dead or Alive," and "Issue Number?". The second paper also has two phrases scralwed, being "Alfred's first appearence in the batcave", and "Original Price?". If the investigator can deduce these classic comic book clues to determine the missing values of this equation, they should be able to find the coordinate of the thief's lair. Flag: jctfv{(x,y)}

• We intercepted a message but it seems to be encrypted. We know it is a vignere cipher that was used but do not know the key or key length. Can you crack it?
• note: The text has been changed to lowercase and only alphabetical letters were used. The text is in the English language. search "jctfv" in the decrypted text to find the flag. It will be between two "jctfv" tags. ex: jctfvflagherejctfv = jctfv{flaghere}

• Files
  • /files/e6106f96c4fd4cb787894ef7b5ae34cb/encryptedText.txt?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoxOTd9.Z_IIhA.gjqDCTu30cIu1cO1ngLdGq8zjmI
• Hints
  1. Statistically there is a way to break a vignere cipher

• It’s a murky evening, and you’ve just gained access to a server used to track sensitive agent meetings. This isn’t your first time in the digital shadows, but this one’s a bit different. The system’s using an old, unreliable signature method to verify requests—a hash stitched together with a secret key. You can almost feel the weight of that key. The question is: can you manipulate the signature and slip past the gatekeeper? Access the challenge at http://a-hash-too-far.aws.jerseyctf.com:5000/challenge. Try to enter through http://a-hash-too-far.aws.jerseyctf.com:5000/verify.

• Note: The whispers in the dark say the secret key is a solid 32 bytes.

Connection Info:
http://a-hash-too-far.aws.jerseyctf.com:5000/challenge

• Hints
  1. Look up attacks on SHA256 and why you shouldnt try to create your own signature scheme with it.
  2. Try looking at the private meetings.
  3. Use latin-1 encoding when trying to enter.
  4. Sometimes, the smallest differences in data (such as hidden characters) can make a big impact.

​​​​We have found a database used to store meeting locations. This database takes in text, hashes it using a custom hash algorithm(oh boy) and then saves the newly created file and hash. We need to upload a new form of this file to the server without the hash changing so they do not notice we changed it!

​​​​Custom hashing algorithm: Takes character string as input and breaks them up into 16 character blocks. If the final block is not full, take the blocks contents and repeat it, that is the new block value. Check the blocks contents again, if it is still not full, take the blocks contents(including newly repeated content) and repeat it again. Repeat process until block is 16 characters or greater. If block is greater than 16, only use first 16 characters of block. If there is only a single block, create a second block with with first blocks contents in reverse order. Then xor the ASCII decimal value of all characters in the first indices of all the blocks, then xor the ASCII decimal value of all characters in the second indices of the all the blocks and so forth. After all characters that share an indices in all the blocks are xor together, there should be a 16 character string with each character having a decimal value of the ASCII character it represents. Change each decimal value to its hex value. Include leading 0's for values between 00 and 0f. Use lowercase values for letters in the hex. Output the now 32 character hex string(representing 16 ascii characters) as the hash output.

​​​​Example 1:
​​​​    input: 1,2
​​​​    padding: [1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2]
​​​​    2 block minimum: [1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2],[2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1]
​​​​    xor each indices: [3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,]
​​​​    hex value: [03,03,03,03,03,03,03,03,03,03,03,03,03,03,03,03]
​​​​    Output: 03030303030303030303030303030303

​​​​Example 2:
​​​​    input: this is a test message that will show how the hash function works
​​​​    Blocking: ['this is a test m', 'essage that will', ' show how the ha', 'sh function work', 's']
​​​​    final block padding: ['this is a test m', 'essage that will', ' show how the ha', 'sh function work', 'ssssssssssssssss']
​​​​    xor each indices: [49, 115, 33, 104, 54, 49, 43, 60, 100, 125, 105, 126, 101, 33, 37, 120]
​​​​    hex value: ['31', '73', '21', '68', '36', '31', '2b', '3c', '64', '7d', '69', '7e', '65', '21', '25', '78']
​​​​    Output: 3173216836312b3c647d697e65212578

​​​​Example 3:
​​​​    input: meet at the following coordinates:40,44'37"N 74,10'47"W
​​​​    Output: 40181f1e5c577459180a17300a6e1d15

​​​​We need to send them to a specific coordinate in the middle of nowhere. Make sure your message contains this { meet at the following coordinates:23,28'57"S 124,34'34"W }. This will surely disrupt their plans.

​​​​We also found that in order to further strengthen their algorithm, they combine it with the MD5 algorithm. However it appears they have 2 servers and have implemented this differently. One server takes their custom hash and feeds that input to the MD5 algorithm while the other takes the text we sent and uses that as the MD5 input and the MD5 output as the custom hash input.
​​​​    x = user input
​​​​    MD5(CustomHash(x)) vs CustomHash(MD5(x))

​​​​Can you use the message we require to change the contents without changing the hash?

​​​​The ip address of the server is below:
​​​​    Note: The input form takes ascii character decimal values as input, it will convert them to the character value on the server side. Please input your messages as ASCII decimal seperated by "-"
​​​​    ex. Hello = 72-101-108-108-111

​​​​You can check your answer by submitting the ascii decimal value of each char in your letter to http://collision-course.aws.jerseyctf.com:25000

Connection Info:
http://collision-course.aws.jerseyctf.com:25000

Roko managed to build some application that allows members of the consortium to store their private data
We need access to the admin account in order to read their secret plans and possible misdeeds they'll carry out in the future
Unfortunately, there's no account system and we can only login as guest
Can you help us?

Connection Info:
nc cryptopass-api.aws.jerseyctf.com 8000

• Files
  • /files/50f4e227117877f0112969078217c5e8/server.py?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNDl9.Z_IIhg.hFS1tPlqjn0aNqDMJBSsxagi03E

Mary and Maya were in LoWE's to grow their crypto toolbox, when Maya saw some mysterious white seagulls… or drones, hovering around the building. Suddenly, a gust of wind made one of the drones drop a blue paper on Maya's head. Mary thinks it might have the structure and inner workings of "The Turing Lock". Can you open it to see what's inside? At the LoWE's Pro Desk, Maya spotted an oracle at nc lets-break-something-at-lowes.aws.jerseyctf.com 5555, but she's not sure if it can help…

Connection Info:
nc lets-break-something-at-lowes.aws.jerseyctf.com 5555

• Files
  • /files/792d6e6e7ac416783b27be7ab96f8827/Lets_Break_Something_at_LoWEs.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDh9.Z_IIhg.l1uYxu6vJn_5aI2Bi3SHd8Od19E
• Hints
  1. LoWE's is slow, but its formulas might not have so many random errors after all…
  2. Does the oracle really work? Why is the oracle code called "broken"?

A single artifact holds many secrets, each more elusive than the last. Will you rise to the challenge and uncover the truth hidden within?
Download the file here

Note: For this challenge the flag format is NOT jctfv{} but instead jctf{}

Our Linux web server has been compromised. The forensics team has taken a live response image using UAC to investigate the intrustion. Find the IP address of the attacker and the full path to the file where they have left their reverse shell for persistence. Flag format: jctfv{IP address:/path/to/file}.

• Files
  • /files/888a79012052aa2e094fb8cd03adc589/linux-live-response.tar.gz?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjV9.Z_IIig.9Iee_sYLBFDO2g-A-e1bcLY6GSk

• A careless RB-affiliated Netrunner fumbled a Bitcoin transaction 11 years ago, leaving a trail across the blockchain. It seems some marshals took hold of our BTC, which originated from only the most legitimate business ventures, of course.

• NICC needs you to follow the money—trace the transactions and find the final wallet holding the flag! But be careful—before reaching the destination, the funds passed through another wallet that you'll need to track along the way.

• The wallet is 1Ez69SnzzmePmZX3WpEzMKTrcBF2gpNQ55 and the transaction is 29.659K BTC! Hopefully that doesn't equal a lot of USD these days…

• The flag format is jctfv{walletHash}

• Hints
  1.
  Some sleuths have put together some great tools for exploring the blockchain!

We have logs of a machine where we believe that a transmission was being sent that we did not authorize. It seems like someone exfiltrated a flag during this time. Are you able to find and recover it for us?

• Files
  • /files/84f777457c58e65087b21537c7013f4f/output.pcap?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDV9.Z_IIiw.SVbmxvkD_2GQ_eCu73m0MplY5dI

• Our NICC agent Maya is investigating the disappearance of her former classmate Joanna Gillis. After many high profile internships, and landing a dream gig doing security research,Joanna was suddenly let go. She had been looking for work for months and met security researcher Norman Desmond at an alumni networking event.
• She looked him up after and he was a big name in information security decades ago but had since all but disappeared. He told her he is researching something big and will really shock the industry but he could use some help and she has the perfect skillset. She starts working for him out of his house and meets his weirdo assistant Max.
• She only spent a few months at the company but has now disappeared. She officially became a missing person and the authorities questioned Max and Norm but they have lawyered up and there is little to incriminate them. Maya is very curious about what happened to her colleague and hopes there is some clue she can find in her apartment.
• Maya has compiled her notes into a dossier/report linked below.

• ​​​​​​Flag format: `jctfv{part1_part2_part3}`
  

Connection Info:
http://sunset-dossier.aws.jerseyctf.com:80

• Hints
  1. There will not be any brute forcing required for any services in this challenge.

Our intelligence operatives have been chasing after a strange secretive operation between Dr. Lei and Roko, where Lei appears to be giving some sort of secret "upgrade" to Roko that even his close trusted peers aren't aware of.

Just recently, we were able to gain access to a very important server regarding this operation, but it appears they anticipated us coming and thoroughly wiped their entire hard drive of everything. The only things we managed to recover were some strange music files which appeared to have been generated by Roko himself, along with the access token we came looking for. Unfortunately, they encrypted it before we got there in time.

The only other information we have regarding this are the messages we intercepted between Lei and Roko. Information regarding the encryption process is that it was using some sort of secret password, and since we know they're quite fond of AES, the lack of an IV makes us pretty certain it's in ECB mode. They also mentioned the use of a primitive hashing scheme and, judging from their past, VERY heavily hate anything with less than 256 bits of security.

We're unsure what this all means, but we do have the files we exfiltrated from their server. Maybe it has more use than we originally thought.

• Files

  • /files/d5a89c9efbb188204a42bba221dcbc8d/intercepted.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDZ9.Z_IIjA.ewjtsKlVvpwQjoUtOYpq8JpIV5c

• Hints
  1.
  What's a hashing algorithm that turns an arbitrarily-sized piece of data into exactly "256 bits"?

  2. there's some strange patterns with the music…can you hear it?
  3. Remember that one episode in Doctor Who with the music? It really can have a deeper hidden meaning, especially to someone as smart as Roko.
  4. Turns out, when you generate an AES key from some passphrase, it isn't always 16 bytes!
  5. Music has words and lyrics, but sometimes the words aren't overtly stated, only emotionally felt through the melodies and notes themselves.

Looks like Dr. Tom Lei is back at it again with another website. This time it appears to be more than just a web server though. Can you login and find the flag?

Connection Info:
http://web.tickets-plz.aws.jerseyctf.com/

• Hints
  1. The website is protected by a three headed dog
  2. https://pkg.go.dev/github.com/bodgit/tsig

• We need you to geta flag from a company specializing in social engineering. We have word someone named Carl has information on the flag, maybe a colleague? We are going to need you to get that target to email the flag! He probably wont believe any old email though, it needs to come from someone he knows. Luckily we were able to steal the dkim key they use on their email signatures. Can you get flag to be sent to an external email address? Carl probably would boast about this somewhere online. Maybe a forum post or something?

• Something like "Hey , send an email with that flag to <your_fake_emaiil_address_here>. It is urgent!"

• Note: To stop this challenge from being used to spam arbitrary addresses, there will not be any email response email sent. Instead you can use a webportal to verify if your email went through successfully and it will give you the flag. The webportal can be reached at http://social-pressure.jerseyctf.com:32000

Connection Info:
http://social-pressure.jerseyctf.com:32000

• Files
  • /files/787a943b4d3429479b787bde6aa41d68/default.private?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMDd9.Z_IIjQ.nDRnAnEVcBekdbthh06BfDiqmGA
• Hints
  1. Company email addresses usually follow a format
  2. There is a forums site setup exclusively for the ctf

The premise is a split RSA key, try to use forensics to uncover where the fragments are hidden on the image. Once reassembled, submit the md5 hash as jctf{md5hash}.

Download Challenge Here

• Files
  • /files/50c3398f25877c0f8ed45d7d465af412/fragment00.txt?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNTN9.Z_IIjg.R_N4qILLF3X1iN19ZmH7oskqFdI
• Hints
  1. cat fragement0* > output

I still can’t believe they just left a key lying around like that. Either they got sloppy, or they never expected anyone to come looking. Hope you pocketed it—because you'll probably need it.

Word on the wire is G0ldenFalc0n7, thinks this key could be our ticket into an old C2 network. One RB was setting up back in the day. Ancient by today’s standards, but guess what? It’s still up. Still humming. But it could be a trap.

Only thing is, it’s not accepting ssh connections as far as we can tell from out here. That means you’re gonna have to get creative. Fire up netcat, see if you can slip in through the cracks. And bring that key—you never know when a door might need a little extra persuasion to open.

Just keep your eyes sharp and your ears to the wire. Places like this? They’ve got ghosts and The Consortium probably rigged something to stop folks from snooping around.

This should tie up the last 2 missions we went you on… I'm sure you'll close the book on this. Just don't miss things hidden in plain sight. Appearances are never all they seem…

NOTE: THIS IS THE FINAL IN A THIRD PART - You may need things from Ungraspable Phantom

Connection Info:
nc c2.drtomlei.xyz 1337

Anna received some intelligence that The Consortium was trying to get their hands on some machine learning researcher. The intel was scrambled, but the phrase "machine learning researchers are not good programmers" kept repeating.
She needs to get to the researcher before they do. We called up our friends at Osiris Lab but they haven't seen the professor around the Brooklyn campus in a while… And he's not in the Village either. Maybe he's in hiding or maybe he's just out enjoying one of his hobbies…
If he's hiding out, maybe he's spending time with his evil brother? Let's see if we can track them down.

Can you help Anna find the three hobbies they have in common? Once we have that she'll be able to narrow it down.
Everything you need should be online, so thankfully we won't need to bother calling anyone.

Flag Format: If a hobby has multiple words, separate those words by a hyphen. Separate hobbies using an underscore _ jctfv{hobby-one_hobby-two_hobby-three}

• Hints
  1. Perstare et Praestare

Well, maybe not a tinker… But we need help gaining a foothold against the Consortium and stopping the Turing Lock from completion.

Luckily we have somebody working on some powerful tech. They couldn't make the dead-drop location, but managed to offload it somewhere else.

Our contact said one of the first american spies would mark the spot, but they couldn't remember which spy it was. However, he does know that it's close to that guy who died dueling someone who made some disparaging remarks about his father, among 8 others nearby. So it should be straightforward to narrow down.

Get us the name of the spy and the coordinates, and we'll go pick it up!

Flag Format: jctfv{Lastname_latitude,longitude} Our system won't handle DMS coordinates, so get the DD cordinates for us.

One of our operatives was investigating Dr. Tom Lei and managed to board a private jet he chartered for some unknown reason. It's unclear whether this is just one of his leisure flights or if it's something else, but given how they seemed to go AWOL moments later it's definitely very fishy.
They managed to send us a photo somewhere in the middle of the flight, but beyond that we don't have any idea where she is or where Lei was going.
Furthermore, it was also stated by them that when the jet took off from Dublin International on December 30th 2024, an airline related to Lei's mission finished taxiing to Gate 104 after finishing its flight from Lei's target destination.
Do you think you could help us track down the airport he took off from, as well as what approximate time he landed? We don't need the exact seconds they left, but we do need to get the minutes.

Specify your flag in the format jctfv{[4 character ICAO code]-HOUR:MINUTES:[AM/PM]} in GMT
For example, if the plane took off from Newark Liberty International and landed at 1:02 AM, the flag would be jctfv{KEWR-01:02:AM}

• Files
  • /files/43ffe3156706acc4d0f667ca951064c5/recovered.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNTF9.Z_IIkQ.uJ3iF71XgyV0-dQln_zBP5nrM2s

A stranger walked in off the street, coat dripping from the rain, fed me a story that smelled like a week-old alibi.
Said there was a problem, it was urgent. Rumor has it that one of the hand picked agents in a new government agency was already compromised.
Not by The Consortium, if the whispers in the alleys are true. One of our older enemies, maybe?

This one's deep. Real deep. But how deep is that alleged connection? That’s the million-dollar question. Lucky for us, people leave digital footprints the way drunks leave bar tabs—careless, messy, and easy to follow if you know where to look.

If the rumors are on the level, this guy's got some big balls - bigger than you'd expect for someone playing a double game.

Our team is good, real good. If you can grab us a few bits of information, we can get to the rest and find out for ourselves if this is true.
Go shake some trees and knock on doors until you get their primary github username - the one for his diamond business. After that, track down his alleged maternal grandfather's first name and his alleged maternal great-grandfather's first name.

Get us that, and we’ve got leverage. We’ve got a way in. Without it? We’re flying blind, and we don’t have a doge in the fight.

Flag format: jctfv{username_grandfathersinitials_greatgrandfathersFirstName}
Example if the username was anonymous, his grandfather's initials were ABC, and his great grandfather's name was Billy: jctfv{anonymous_ABC_Billy}

The flag will not be case sensitive.

• Hints
  1. Reading the news is important, even if it bums ya out

A new player has emerged, R3d F0x, who has been stirring up trouble in the cybersecurity landscape. Who they are, or what drives them remains a mystery—some say they’re a vigilante, others believe they’re playing a much darker game. Four photos and one video are the only clues to their current location. Maybe by connecting the dots and tracing the constellation, the structure at its center will hold the key. On the day of saturn of this competition, before the light day slips into its final act, an event will occur. The name is the key to unwrap this mystery.

Flag format: jctfv{this_is_what_a_flag_looks_like}

• Files
  • /files/e22c057c19640d447ffb7231647d8cb2/Location_3.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTd9.Z_IIkg.O4T89tUwEfZATJ8VPyb_PYXL7DI
  • /files/adc7cbaad0c906996c4eb8550dcc14ce/Location_5.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTh9.Z_IIkg.xVfF0X0fm_Lk2tfJ59e9RheY_Zg
  • /files/3a72c7d647a2d61285ac13a4966e24a4/Location_4.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTl9.Z_IIkg.slzJxG5SKTMvonoj0y2-uAMv7yg
  • /files/6c04e06e8df69bf20606a589878ab0dd/Location_1.png?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjB9.Z_IIkg.CYAuTQPRorPdtpo4LgDIE2uYpWg
  • /files/c0b3e822fa082cacb3e92735e19bb590/Location_2.mp4?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMjF9.Z_IIkg.9sDOwfQlbBMZ0K2vs_zBvRjJbJo
• Hints
  1. Map the locations and form the specified shape, it is essential

Welcome to my Site Cosmonauts! I made this to document the secrets my rockets have found around the universe.

Here you can login using a user I made for you :)

Username: user
Password: ihavebadnews

I hope you like it.

Connection Info:
http://bearer-of-bad-news.aws.jerseyctf.com

• Hints
  1. There's Secrets all around!!!

NICC received an anonymous tip regarding a strange Firefox extension being passed around to famous hackers and competitive CTF players around the world. The anonymous whistle blower expressed anonymity due to being threatened by someone called "K!ngf1sh". Do some investigation work on this website and see if we can dig up anything.

Connection Info:
http://somethings-fishy-a.aws.jerseyctf.com

• Hints
  1. Avoid Public Interfaces

You’ve stumbled upon a mysterious webpage with nothing but a cryptic message: "Nothing to see here…or is there?". There must be more to it.

Connection Info:
http://layers-of-lies.aws.jerseyctf.com

• Files
  • /files/1fea88c1f2b8da7e83e36c3d643d2187/view.php?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyMTN9.Z_IIlA.92Uirv4YXhSKN33SRxUn8IqWpjk

Seems like the Firefox extension interacts with a weird webserver. There may be more then it seems going on with this extension. Do some detective work and see if you can gain access to it. See how far you can go into the machine and see if you can obtain the admin's password.

• Hints
  1. Unite wisely, leak precisely

A client wanted to me to make a website for their restaurant. I wouldn't worry too much about getting your order, the chefs are well known to take a long time to make it. But, the food is to die for. Unfortunately, the admins keep using there personal information as passwords. I keep telling them that it's not a good idea, but they never listen.

Connection Info:
http://leaky-endpoints.aws.jerseyctf.com

• Hints
  1. Was coded way to fast.

Anna found this strange website. We do not know much about it but would like to see what we could find. She told me that something strange is happening on the transport layer, can you find out more?

---

This challenge requires the ability to spoof source IP addresses. Some ISPs will block this. To help keep the challenge fair, we've setup a relay. Sending a packet to whats-your-number-relay.aws.jerseyctf.com (resolve the IP address) will rewrite the source address to 1.2.3.4 and forward it to whats-your-number.aws.jerseyctf.com. Nothing else is changed besides the source and destination IP address.

Please note that being behind a NAT or firewall may still prevent the required packets from going through. If you encounter this, you may need to use a cloud provider or VPN that provides direct access to a public IP address. You may want to practice in your LAN first.

Connection Info:
http://whats-your-number.aws.jerseyctf.com

• Files
  • /files/2d446db582335a019283045f70a37149/whats-your-number.zip?token=eyJ1c2VyX2lkIjo0OTM2LCJ0ZWFtX2lkIjoxOTUyLCJmaWxlX2lkIjoyNDd9.Z_IIlQ.EuaJlH0Uhg96_8Mn_DM-U4R9OG8
• Hints
  1. `sudo nmap -v -A -Pn whats-your-number.aws.jerseyctf.com`