Virtual Box 5 (Virtual Series) – 75


I accidentally closed out this odd message I found. Can you get it back?



After searching around we open internet explorer and see the history open, a page was opened 10 days ago.

Looks like some windings font, let’s convert it into english using this table


Old RSA (Cryptography) – 70


I’m sure you can retrieve the flag from this file.


We can lookup the factorization of N as it isn’t a very big number (comparatively)

N =

p =  238324208831434331628131715304428889871
q = 296805874594538235115008173244022912163

We can calulate Z from the formula

z = (p -1) * (q -1)

z = 70736025239265239976315088690174594021111524798200448894265949592322181598940
e = 3

We can calculate d from the formula

ed -1 = 0 (mod z)

d = 47157350159510159984210059126783062680741016532133632596177299728214787732627

And our message is C

c = 29846947519214575162497413725060412546119233216851184246267357770082463030225

The easiest way is to use the pycrypto library for python which will calculate all this very fast for us.


from Crypto.PublicKey import RSA

p = 238324208831434331628131715304428889871
q = 296805874594538235115008173244022912163

n = p * q
z = (p-1)*(q-1)

e = long(3)
d = 47157350159510159984210059126783062680741016532133632596177299728214787732627
c = 29846947519214575162497413725060412546119233216851184246267357770082463030225

key = RSA.construct((n, e, d, p, q))
decrypted = key.decrypt(c)
decrypted = hex(decrypted)
decrypted = decrypted.lstrip('0x')
decrypted = decrypted[:-1]
ascii_bytes = bytearray.fromhex(str(decrypted))


L33t H4xx0r (Web Exploitation) – 70


If you could bypass the login you could get the flag. Link


Looking inside the source,we are directed to source.txt to look at the password comparison code.

The password is the flag itself! So we can’t be expected to guess it, we need to use the hint that there is a vulnerability in the code. After googling about php strcmp vulnerabilities we see that when comparing a string and an array, the result is always 0. So we need to set password to be an array in the URL.[]=oops



Slime Season 3 (Programming) – 60


I only pay in coins because I’m hipster, but I forgot to bring my nickels today! But I really want to buy this elite gaming computer. What’s the smallest amount of coins you need to make $1,827.43 using quarters, dimes, and pennies.


Immediately, this rings dynamic programming bells on making change that I learnt in my algorithms class, however as this is american currency, we can simply use greedy instead. 

For the so-called canonical coin systems, like the one used in US and many other countries, a greedy algorithm of picking the largest denomination of coin which is not greater than the remaining amount to be made will produce the optimal result.[2] This is not the case for arbitrary coin systems, though: if the coin denominations were 1, 3 and 4, then to make 6, the greedy algorithm would choose three coins (4,1,1) whereas the optimal solution is two coins (3,3).

Therefore, we don’t need to use programming for this, we can simply just do the calculations by hand. 

7309 quarters + 1 dime + 7 pennies



MoonWalk (Forensics) – 60


There is something a little off about this picture. If you could help us we could give you some points! Just find us a flag!


There doesn’t appear to be anything ABCTF related using strings, or any sort of “invisible” text after exploring the image in gimp.

We’re going to use the program binwalk to look into the PNG and see if there are any embedded files hiding inside the image. Binwalk will look for the headers of other files and see if they are hiding inside.

0             0x0             PNG image, 3200 x 2953, 8-bit/color RGBA, non-interlaced
85            0x55            Zlib compressed data, best compression
2757          0xAC5           Zlib compressed data, best compression
765455        0xBAE0F         JPEG image data, JFIF standard 1.01
765485        0xBAE2D         TIFF image data, big-endian, offset of first image directory: 8
1809691       0x1B9D1B        StuffIt Deluxe Segment (data): f

The JPEG is pretty interesting, at offset 765455, now all we need to do is extract it. We can use another program, foremost, to extract out the file from a given offset.

foremost -v -s 1494 PurpleThing.png

And we have extracted this cool looking image with our flag on it


Java Madness (Reverse Engineering) – 50


Hey if you can get this to pass some tests you could probably have the flag.


Time for some source code auditing, From the looks of it, and running the code, the program requires 5 arguments and then prints out those arguments in reverse.

java what_the_hack a b c d e 

We need to make this variable equal to “abctf is the coolest ctf”. So let’s put it in reverse!

java what_the_hack 'ftc' ' tselooc' ' eht' ' si' ' ftcba'
Flag: ABCTF{ftc tselooc eht si ftcba}

Best Ganondorf (Forensics) – 50


You know the deal. Find a flag in this this file?


After downloading the JPEG, it can’t be opened, apparently the header is corrupted, so let’s use a hex editor and see if we can fix it up. All JPEG images have the following starting bytes: FF D8 FF.

So let’s change the first few bytes and see if that fixes our image. It did and we can see the flag written on a fantastic image of cash money.


Up ↑