The following is a list of all of the challenges used for the 2012 CTF along with their description and link for convenience. Each of these challenges contain a README which well tell you how to stand up the challenge and the correct key to allow you to check yourself when you solve it.
| Title | Value | Repository | Description |
|---|---|---|---|
| None Shall Pass | 100 | 2012-web-a | You have been asked to perform a penetration test on a web site that was a prototype and is now being used in production. The customer, a puggle breeder, suspects that the user authentication needs more locking down, but knows little else. You have been given nothing but a web URL. Visit the [server](http://$htaccess) to see where the user logs in. You should be able to break in and view the flag. Please, think of the puggles. |
| A Personal Voyage | 200 | 2012-web-b | Join Carl for a journey through space and time on this latest episode of [COSMOS](http://$cosmos). |
| Is anyone out there? | 300 | 2012-web-d | MySpace is feeling a bit left out after everyone moved their social circles to Facebook (see what I did there?). After a series of privacy problems at Facebook, MySpace has seen an opportunity to win their users back with some great new features. We caught them testing a new [chat service](http://$nodejs:3000) but it doesn't seem to be much better than any of their other web properties. At least you can't change the background...oh the humanity. |
| Travelling Through the Cosmos | 400 | 2012-web-e | Scientists have determined the Great A'Tuin's gender at long last, unfortunately they put it inside the [Discworld Planetary Information System](http://$turtles) and then had a rather unfortunate meeting with Death. Sadly, the late scientists were pretty bad at web sites and budget cuts had meant that they had to make their own information system. Even worse, though they were smart they were, as so many scientists are, a little mad (and really bad at web design, if we hadn't mentioned it). We honestly have no idea what they were even trying to do with their system. Maybe you'll have better luck than we did.
|
| Making the grade | 500 | 2012-web-f | It looks like there's a vulnerability in the [student directory](http://$haystick) system. You've been dying for that new Macbook Pro with Retina display and need some fast cash so a few other students have paid you to change their AP Calculus grades. This can only be done through an admin account. |
| Title | Value | Repository | |
|---|---|---|---|
| Binary, Binary Everywhere and not a knot in site | 100 | 2012-grabbag-b | Time to start [adding](http://$static_file_server/gbb-abb864b2337d4308a765db53b13dcf11/file.txt).
|
| Old Guy Quotes | 200 | 2012-grabbag-a | These aren't the [files](http://$static_file_server/gba-c345af8a4089431abf90532b9bd851f2/file.zip) you're looking for. *waves hand*
|
| Sam's Revenge | 300 | 2012-grabbag-c | We believe Sam has been spying on one of his friends, unfortunately all we were able to get as far as evidence was a pcap [capture](http://$static_file_server/gbc-88acf1ca7abb4f27972b0658d9fe191a/capture.pcap) and an archive of his home [directory](http://$static_file_server/gbc-88acf1ca7abb4f27972b0658d9fe191a/archive.7z). Unfortunately, the archive is password protected. You need to get at the information in this archive and find out if it contains enough evidence to prosecute Sam.
|
| The Esoteric Challenge | 400 | 2012-grabbag-e | [Neoplasticism](http://$static_file_server/gbe-88a4b38b72ec4ee5abdab0ab50d2edb2/esoteric.png) in a CTF? Wat? Better ask a Librarian!
|
| Ankh-Morkpork: City Limits | 500 | 2012-grabbag-g | Captain Carrot welcomes you to the Great Wahoonie! We have a special problem for you, if you'd follow us down to the old UU, there's a [small problem](http://$static_file_server/gbg-fca5db8e3ba946c2a0e6e98b2fbf6bc3/program.exe) we'd like you to take care of.
|
| Title | Value | Repository | Description |
|---|---|---|---|
| Everybody's Quacking Up | 100 | 2012-forensics-b | It seems like something's not quite [ducky](http://$static_file_server/fb-c7802d54508f4678a8752455845de7c0/duck.jpg) YEEEEEAAAHHHH!
|
| (No Subject) | 200 | 2012-forensics-a | Hey Jon,
|
| Enron | 300 | 2012-forensics-c | Our network administrators have informed us of some unusual activity on the network to and from our [web server](http://$django/). I guess it looks like files have been downloaded and uploaded to the server from outside the network. We are concerned that an attacker may have downloaded our wiki and altered it in some way. If you find anything in the code, you need to figure out what it does. We can't have our corporate secrets falling into the wrong hands! |
| MITRE Cyber Academy | 400 | 2012-forensics-e | Joe produced a [screen cast](http://$static_file_server/fe-b09ebcf01ca6460da2cabac350d92fa4/video.flv) showing how to log into the MITRE Cyber Academy from a Windows machine. Unfortunately, before he was able to upload it to our server he dropped his computer and the hard drive died. Luckily we were able to recover most of the data but the video seems to be corrupted. We really don't want to redo this video so if it is recoverable that'd be great.
|
| TV on the Fritz | 500 | 2012-forensics-g | It looks like our favourite show isn't coming in... or is [it](http://$static_file_server/fg-1db66fc00f4b473c95079b0167627886/image.bmp)?
|
| Title | Value | Repository | Description |
|---|---|---|---|
| Confused Highway Engineers | 100 | 2012-networking-a | So, it’s bad enough when we let those highway engineers work on our roads. We get gridlock, accidents, and all kinds of overlong red lights. Now, they let them onto our network! This (link) is the kind of [traffic](http://$static_file_server/na-7269e30b3ce1434c97c2254d201ebef9/challenge.pcap) we get. Can you flag down some help for them?
|
| Huck FIN | 200 | 2012-networking-b | I done found myself [this awful old pile of bits](http://$static_file_server/nb-dc65bd97552846bd9aa2c1dbc18404d6/challenge.pcap) and I just don’t know what to do with none of them. Perhaps you could find a body to help me with this and we could set down for a good ol' time. What do you say about that?
|
| Down the Rabbit Hole | 300 | 2012-networking-c | We recently intercepted some traffic between the Matrix and the real world. It is our belief that the messages may contain access codes to the Zion mainframe. These codes are vital to our success in eliminating the human resistance. Here is the [conversation](http://$static_file_server/nc-3810c6011c6f4e3e91e817e9319ca40c/challenge.pcap).
|
| Agent 007 | 400 | 2012-networking-d | Congratulations, you have successfully infultrated MI6 as a double agent. Your next mission, which you will accept whether you like it or not, is to steal Agent 007's latest mission plans. Now that you have access to MI6 you have access to their intranet system. Download the [client login program](http://$server) and get in anyway you can. |
| Dr. Lanning's Last Words | 500 | 2012-networking-e | Detective Spooner, Dr. Lanning was found outside of his office after a rapid deceleration caused by the pavement outside. We do not believe this was a suicide, unfortunately he is in no state to tell us and all of the security cameras in his office seem to be broken. Luckily he left us a service running at $server that is listening on the port of the current year. We tried talking to it but our guys are at a loss. |
| Title | Value | Repository | Description |
|---|---|---|---|
| All Your Base | 100 | 2012-crypto-a | We found a leak hinting that someone is making a Nintendo 64 port of the popular video game "Zero Wing". Among the leaked information was [this file](http://$static_file_server/ca-2a223af624354249ac69bb8019c5f490/leak) that could not be opened. See what you can figure out.
|
| Alexander Kemurdjian | 200 | 2012-crytpo-c | The Russian lunar rover, Lunokhod 1, was mysteriously reactivated after many years of innactivity. It has started transmitting data but Russia has lost the keys for decrypting it. They have enlisted our help in reversing their encryption by giving us the program used to encrypt it. Here is the [encryption program](http://$static_file_server/cc-21a8ba3d5f514842ac2a2f8c73a864fe/encryptor) and the [data](http://$static_file_server/cc-21a8ba3d5f514842ac2a2f8c73a864fe/flag.encrypted). Good luck.
|
| While You Were Gone | 300 | 2012-crytpo-b | Mrs. Ross called. She said something about Congress and a new standard. I know you were talking about making a new emblem for the country. She even sent [this package.](http://$static_file_server/cb-4cd58a5b16644c9cae3a3f6b8483e6c7/flag.bmp.encrypted) It looks off to me, like there's something tucked inside. Give it a look when you get back, alright?
|
| Danger Zone | 400 | 2012-crypto-d | The KGB has been sending encrypted [transmissions](http://$dangerzone/flag.encrypted) to their agent Kenny Loggins. In order to bring him in we need to show a judge what they are sending him. Luckily for us they have a server located at that responds to all requests by encrypting the data sent to it. We have also found that they host the source [code](http://$dangerzone/encryptor.c) for their encryption mechanism on the same server. |
| Pool on the roof | 500 | 2012-crytpo-e | Prove yourself, Crash, in this latest phase of the challenge. You've only got a little time to show Burn. Here's the next [target](http://$pool) that the ref's have picked out. |