Fall 2023 Walkthrough
Here you will find the walkthroughs to solve each of the Fall 2023 Capture the Flag challenges.
Easy Login Quest
Home Base
Number
Earl
Diamond and Pearls
RSA 1
RSA 2
X or Y
X or Z
Speech!Speech!Speech!
Here Kitty, Kitty!
Military Power
Cute Dog :)
Cosmo's Key
Find a cipher grid table online, it should be set up like this one.

Take each letter of the key “COSMOISCOOL” on the top of the grid, and then go down to the letter of the encrypted message. Once you have pinpointed that, look for the letter of that row on the left side. Do that for each letter, and you will get the GOOOCOUGARS as the deciphered message
Talent Show
Run the image through Bing Reverse Image search, pulls up an IV Press article that is locked, but the name of the school is present in the headline. Typing in the whole headline to google pulls up a YouTube video with clips from the show, including the little girl doing gymnastics to love is an open door from Frozen
Inspector, please!
Between the heading, the name of the challenge, and the contents of the YouTube video, it becomes clear that we need to inspect the html. Doing so will reveal a flag hidden in the comments.
Rick the Stegasaurus
Upload the image to StegOnline and choose “extract data”. Then select 0 for R, G, and B and press Go. Flag will appear in the strings
Robot Uprising
Add /robots.txt to youtube.com and you find a message saying that this occurred in the mid 90s
What Would Python Do
Meme Meta
Open the image, click on properties, flag is written in place of title
Hash Browns
After running “hashbrown” through all for provided hash functions, MD4 is the one that produces “0f1530ec0ff026f3672a474fa62a5ff9”
Password Sleuth
If you inspect the javascript, you’ll be able to see that the username and password are available on the client side. Simply input the values and the page will reveal the flag.
Wayback
Using the website Wayback Machine, you can find a NYT snapshot from the specified date. Doing so reveals the golfer to be Lucas Glover
Cryptic Map
The star on the map seems to lie close to the border between California, Arizona, and Mexico. Zooming into this area on Google Maps will reveal a place called “Center of the World”, which seems to fit with the call to meet the friend “at the center”. Plugging this address into a coordinate finder will give you the pieces you need for the flag.
Guess my name...
Open up the html file. Right click and select “View Page Source”. Looking at the HTML you will see in the script it has the correct name “Jerry George Kramer.” If you continue to scroll through you will also find the flag.

Hidden Redirect
I can't see
Some of the pixels aren’t true black, so if you run a script that takes every not exactly black pixel and turns it white, the flag will appear. Example Script:

Output script:

SQL Fun
The correct code for the SQL query is: SELECT * FROM Customers WHERE COUNTRY = "Germany" ORDER BY CustomerName; The third name will be Die Wandernde Kuh, which is the flag.

Chuck the Horse
Download the image. The flag has been hidden in the metadata of the file. An image analyzer like Aperi’solve will do an analysis and use zsteg extract to look for any hidden strings. If you go to the zsteg box from the analyzer you will see the flag.

Easy Hex
Go to cyberchef.org. Input the given hex code and use the “from Hex” method. This will give you the hex code translated into the flag.
John's Netflix
Using johntheripper (command: john --wordlist=rockyou.txt --format=Raw-md5 sample.txt) where sample.txt is the provided hash yields the password ‘monkey’
Syntax Error
Fixing the syntax of ‘append’ to be in dot notation ( valid_names.append(name) ) and running the script will print the flag.
Lighthouse
Download the image, and then put it in Bing image search. This will show that this lighthouse is called the Annapolis Royal Lighthouse in Nova Scotia. Open up maps and you will see that right next to the lighthouse is a market called the Red Onion Market, which is the flag.
Gingham Cipher
You can get each of the grayscale values for the nine squares in the pattern by opening it with Paint and using the color grab tool. If you subtract 40 from each of these values and plug them into a hex decoder, the present the man’s wife wants will appear.
The ROT13 Revelation

Unveiling Crypto

Wifi Gateway

Go to command prompt/ terminal. Type in ipconfig. Under Wireless LAN adapter Wi-Fi you will see the Wifi Gateway.
Python If....Else

Who is the Winner?
-download - add this at the end print(decode_secret(bezos_cc_secret)) -then you get this as your flag byuindctf23{everyone_wins!
Scavenger Hunt
change it to black to see the code

String Story
They have to go into the terminal and plug in the string command and grep (which is like a ctrl f) to then find the flag. It’s hidden in the code. If that doesn’t work, then you can always download and open it up on the notepad. This is similar to the picoctf strings it challenge.
Ximeno's Password
Using the information on Ximeno’s Instagram, you can generate a wordlist using cupp. Using that wordlist with john and the provided hash will yield the password.
The Next Level
If you look at the metadata of the image, you’ll notice the copyright looks strange. If you plug the string into a base64 decoder, you’ll get a string that looks like hex. Decode that and you get the flag.
Cewl Password
The name of the challenge hints at using the web scraping tool “cewl”. Using this command with the -w option on the provided website and letting it run for about thirty seconds will produce a wordlist. Using that wordlist, you can use john to crack the sha512 hash. Flag: byuindctf{saisissante}
Elf 64
Bleed royal
Using this website: https://stylesuxx.github.io/steganography/; Upload the image file. Once that file has been uploaded, you can hit the decrypt button and it should spit out the flag.
Teachers Learn too
Redaction
