Easy Capture-The-Flag Challenges
When building a Capture-The-Flag (for a conference), you need to have a good mix of very easy challenges and very hard challenges. You need to get people playing for the first time some easy wins to encourage them to dig deeper but you also need to keep the hardcore teams busy for a while.
In this post, I will share four examples of simple challenges created for the amazing conference Christchurch Con (kudos to the organisers for putting together such a great con). These challenges are by design very simple and you can adapt them for your CTF for a conference or just to have fun at work. One of these challenges was the most often solved challenges during the conference.
Challenge 1
To host this challenge, you just need a simple web server. When you visit the page, you can see the following:
The source code of the page gives up the flag pretty quickly:
<html>
<h1>It Works!</h1>
<svg width="500" height="500">
<text x="0" y="15" fill="red">THE FLAG IS</text>
<text x="100" y="15" fill="red">flag{platypus-PR7R8zkGKVrmZvTQ}</text>
<rect width="300" height="20" style="fill:rgb(0,0,0);stroke-width:3;stroke:rgb(0,0,0)" x="100" y="0" />
</svg>
</html>The code above is just an embedded SVG with the flag behind a black rectangle.
Challenge 2
The second challenge was very similar but with a PDF this time, you can find the code to generate it below:
require "prawn"
Prawn::Document.generate("hello.pdf") do
text "The flag is flag{axolotl-RFW8Zpt8v0U12Uez}!"
fill {rectangle [57,724], 200, 20}
endChallenge 3
In this challenge, an image with the flag is created and split in 10 slices (shredded):
# gem install rmagick
require 'rmagick'
name = Magick::Image.new(1280, 720) do
self.background_color= "Transparent"
end
name_text = Magick::Draw.new
name_text.annotate(name, 0,0,0,0, "The FLAG is\nflag{horse-W81cALar36yN4GQz}") do
self.pointsize = 74
self.font = "Magistral.TTF"
self.gravity = Magick::CenterGravity
end
name.write "full.png"
img = Magick::Image.read('full.png')[0]
10.times do |i|
puts i
z = img.crop( Magick::NorthWestGravity, i*128, 0, 128,720)
z.write("#{i}.png")
endChallenge 4
In this challenge, we do something similar but then we randomly mix the slices (I wrote a similar challenge for Ruxcon a few years back)
# gem install rmagick
require 'rmagick'
name = Magick::Image.new(1280, 720) do
self.background_color= "Transparent"
end
name_text = Magick::Draw.new
name_text.annotate(name, 0,0,0,0, "The FLAG is\nflag{cat-lGkLa1Xh6g3fjObA}") do
self.pointsize = 74
self.font = "Magistral.TTF"
self.gravity = Magick::CenterGravity
end
name.write "full.png"
img = Magick::Image.read('full.png')[0]
names = (0..9).to_a.shuffle
10.times do |i|
puts i
z = img.crop( Magick::NorthWestGravity, i*128, 0, 128,720)
z.write("#{names[i]}.png")
endYou now have 4 challenges you can use for your CTF (or modify to improve them). Have fun!
