CTF Challenges

Welcome to my personal Capture The Flag (CTF) challenges! Test your skills on simple challenges and learn about various areas of cybersecurity. Each challenge has a hidden flag that you need to find. The format for each flag will be "ATO{flag_here}". Good luck!

Total Points: 0

Using a hint halves the amount of points you can recieve on that question, so use them wisely!

Challenge 1: Cyrpto is love, crypto is life (100 points)

My friend Blaise de Vigenere sent me a link to a video, but I don't think it works. He also sent me this audio message, but all I can hear are these beeps. Can you help me?

zaktc://odn.cymalfo.uvd/akljy?z=HRmicP4A2I8

Figuring out the morse code is the KEY to solving the cipher.
Available Points: 100

Challenge 2: No comment... (150 points)

Oh shoot, I accidentally linked my online personal diary and I can't figure out how to delete it!

https://ottoportfolio.anvil.app/_/theme/challenge2.html

It's important to do regular scrubs for sensitive information from any client-side code. Even a simple HTML file can reveal secrets like API keys, credentials, internal network architectures, or even FLAGS if left unchecked!
Available Points: 150

Challenge 3: "Kung Pow: Enter the Code" (200 points)

I forgot my key, can you help me find it? Reverse engineer the code on this page to find the key for the flag: Challenge 3

Warning: The code for this challenge is safe, but you should always analyze unknown code/binaries in a safe, isolated environment.

The code calls to an inaccessible server to validate the key, but it looks like they left the way to generate the key exposed! Interpret the code to figure out how it is generating the key. Sensitive functions should always be kept hidden from potentially bad actors so they can't be reverse engineered!
Available Points: 200

Challenge 4: Killer Rabbit of Caerbannog (175 points)

Look how cute my dog is! No way he's hiding any secret files...

Steganography challenge image
It's possible to hide messages, files, or even code inside of images! Files can be extracted from images using opensource tools such as "steghide". Always be careful when downloading things online, even seemingly harmless photos could ruin your day. (no password needed on this challenge)
Available Points: 175

Challenge 5: Lost and Found (125 points)

My wife and I went on an amazing honeymoon to a desert oasis, but I can't remember the name of the resort! Can you help me figure it out? I remember flying into Pheonix, AZ and I was able to find this picture from our trip, maybe that will help!

Honeymoon
Looking at the map and guessing may not be the best techinque here. Did you know that you can do a reverse image search on Google? Always be carful posting pictures online, you may be giving poeple more information than you think!
Available Points: 125

Challenge 6: Where's The Dude? (225 points)

I messed up some dude's rug and now I'm trying to find him. All I have is his email, but he keeps saying the same thing everytime I send him a message; I don't think he actaully reads his emails. Maybe he has an X (Twitter) page that I can DM him on, can you help me find his handle?

thats.a.bummer.man1998@gmail.com

The flag is the Twitter handle (excluding the @ symbol).

OSINT techniques can reveal surprising connections. Even if your email/phone number isn't displayed on your social media profiles, people can still trace connections. Always be careful what you post online, you are not as anonymous as you might think! More information about X security policies can be found here: https://help.x.com/en/safety-and-security/email-and-phone-discoverability-settings
Available Points: 225