L33t H4xx0r (Web Exploitation) – 70


If you could bypass the login you could get the flag. Link


Looking inside the source,we are directed to source.txt to look at the password comparison code.


The password is the flag itself! So we can’t be expected to guess it, we need to use the hint that there is a vulnerability in the code. After googling about php strcmp vulnerabilities we see that when comparing a string and an array, the result is always 0. So we need to set password to be an array in the URL.




Slime Season 3 (Programming) – 60


I only pay in coins because I’m hipster, but I forgot to bring my nickels today! But I really want to buy this elite gaming computer. What’s the smallest amount of coins you need to make $1,827.43 using quarters, dimes, and pennies.


Immediately, this rings dynamic programming bells on making change that I learnt in my algorithms class, however as this is american currency, we can simply use greedy instead. 

For the so-called canonical coin systems, like the one used in US and many other countries, a greedy algorithm of picking the largest denomination of coin which is not greater than the remaining amount to be made will produce the optimal result.[2] This is not the case for arbitrary coin systems, though: if the coin denominations were 1, 3 and 4, then to make 6, the greedy algorithm would choose three coins (4,1,1) whereas the optimal solution is two coins (3,3).

Therefore, we don’t need to use programming for this, we can simply just do the calculations by hand. 

7309 quarters + 1 dime + 7 pennies



MoonWalk (Forensics) – 60


There is something a little off about this picture. If you could help us we could give you some points! Just find us a flag!


There doesn’t appear to be anything ABCTF related using strings, or any sort of “invisible” text after exploring the image in gimp.

We’re going to use the program binwalk to look into the PNG and see if there are any embedded files hiding inside the image. Binwalk will look for the headers of other files and see if they are hiding inside.

0             0x0             PNG image, 3200 x 2953, 8-bit/color RGBA, non-interlaced
85            0x55            Zlib compressed data, best compression
2757          0xAC5           Zlib compressed data, best compression
765455        0xBAE0F         JPEG image data, JFIF standard 1.01
765485        0xBAE2D         TIFF image data, big-endian, offset of first image directory: 8
1809691       0x1B9D1B        StuffIt Deluxe Segment (data): f

The JPEG is pretty interesting, at offset 765455, now all we need to do is extract it. We can use another program, foremost, to extract out the file from a given offset.

foremost -v -s 1494 PurpleThing.png

And we have extracted this cool looking image with our flag on it


Java Madness (Reverse Engineering) – 50


Hey if you can get this to pass some tests you could probably have the flag.


Time for some source code auditing, From the looks of it, and running the code, the program requires 5 arguments and then prints out those arguments in reverse.

java what_the_hack a b c d e 

We need to make this variable equal to “abctf is the coolest ctf”. So let’s put it in reverse!

java what_the_hack 'ftc' ' tselooc' ' eht' ' si' ' ftcba'
Flag: ABCTF{ftc tselooc eht si ftcba}

Best Ganondorf (Forensics) – 50


You know the deal. Find a flag in this this file?


After downloading the JPEG, it can’t be opened, apparently the header is corrupted, so let’s use a hex editor and see if we can fix it up. All JPEG images have the following starting bytes: FF D8 FF.

So let’s change the first few bytes and see if that fixes our image. It did and we can see the flag written on a fantastic image of cash money.


Chocolate (Web Exploitation) – 50


If you could become admin you would get a flag. Link


Looking at the HTTP header for the site, we see a cookie being exchanged.

It has this value.


Which when decoded from URL format gives us


Aha, now doesn’t this just look like base64. Decoding it gives us,


So, let’s change it to

{admin:true} then re-request the page.

e2FkbWluOnRydWV9 is our new cookie value.

We can use the chrome dev console to change the value of our cookie.


Refresh the page and we get our flag


Archive Me (Reconaissance) – 50


If you could look at our website from a while ago im sure the flag would be there…


Seems like we need to view abctf.xyz from the past. Using the way back machine, we see there are 2 snapshots taken on the 10th of May 2016, one of which proudly displays the flag right under the main title.


Drive Home (Reconaissance) – 50


We found this link scribbled on a piece of paper: document/1_TxYCrk5vIMlUjiB1OioXmR7b-Uq_a9aPIh9JyYlPNs/edit?usp=sharing.
It is broken but we need you to fix it!


This link looks very similar to a google drive (doc) link, so, looking at existing google doc URLs, we see the only thing missing is a /d/ between document and /1_TxYCr…..




Up ↑