Skip to content

cursorhigh/ColdStartCTF-II-2025-Challenges

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Writeups
Writeups
 
 
README.md
README.md
 
 

Repository files navigation

CTF ColdStartCTF-II-2025-Challenges

BINARY EXPLOITATION

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa

Somewhere deep in its memory, a forgotten function waits to be awakened. Can you find it? And can you force the program to go there?

CRYPTOGRAPHY

Beeps and Pauses

-- --- .-. ... .

Flag format: HKSTR{all_lowercase} [use underscores]

Do you have a strong base?

  • Points: 50

Vm0wd2VFNUdWWGhTV0doWVYwZFNUMVpzWkZOWFZteFZVMnhPV0ZadGVGWlZNbmhQVmpGYWRHVkdiRlZXYkhCUVdWVmFTMk14WkhGU2JIQk9VakpvVVZaclpEUlpWMDV5VGxac2FGSnRVbFJVVkVwdlZWWlplRmR0ZEZSTlZuQjZWMnRvVDJGV1NuUmhSemxWVm5wR2RsWXhXbXRXTVdSelYyMTBUbUpGV1RGV2EyUXdZekZhV0ZOcmFHaFNiRXBYV1d0YVMxZEdVblJsUjNScVlrZDBObGxWV21GVWJGbDRVMnhzVjJFeVRYaFdWRVpyVTBaT2NtSkdTbWxoTUhCWlYxZDBZV1F3TVhOVmJHaHNVbTVDYzFacVJtRlRWbEY0VjJ4a2FGWnNjRlpWYkZKSFZqSktTRlZZWkZwaGEzQklWV3BHVDFkWFRraGhSbEpUVmtaYVdsWnRNVEJXTWxGNFYydGtWbUpyTlZsWmJHaFRZMVpTVjFwR1RsZGlSbkF3VkZaU1UxWXdNWEpqU0d4V1RXNW9NMVpxUm1GT2JFWlpZVVprVTFKWVFrbFdiWEJIVlRKT2RGSnJhR3hTYXpWeldWUkdkMkl4V25STlNHUnNVbXhHTTFSc1ZtdGhiRXBYVjJ4T1dtSllUWGhXTUZwWFpFZFNTVnBHYUZkaVdHaFlWakZTVDJJeFdYbFRhMlJxVWxad1YxWnRlRXRXTVZaSFVsUnNVVlZVTURrPQ==

3x_enc_3x_base

“Unwrap the spiral. Layer by layer. Until truth shines again.”

RSA

  • Points: 200

We intercepted this RSA message. Can you decrypt it?

n = 31436211274852062801590948458671058204728701377920047195870016302697956796267506278727106968536534553505650010973423533569252216811398069950057574348601027314737123

e = 65537

c = 3176611519162232504923830289342761365803687618696235270518081158616456548209602003028376375895590811801457539128295861518597778939388448662467170072813023243436186

All the best 👍

Retro Typing Assistant

  • Points: 100

Old thumbs typed fast. Can you read what they meant? Ask a boomer..

Cypher text : 7387608974640277478268

Flag Format : HKSTR{abc_def_gh}

Echoes of the Keypad

Turns out, this message is straight from the era of Nokia brick phones.

“First decode the tones. Then decode the taps.”

Flag format: HKSTR{abc_def_gh}

Layered Lies

  • Points: 250

This message has been through... a lot.

籔粂籼类籔粂籼类籔粂籼类籔簺籼簴籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼类籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籽籡籝簽类籔粂簽簴籕籜簹籽籕籜簹籾籙籲籼类籔粂簽簴籔粂籼类籔粂簽簴籔粂籼籾籙籲籼类籔粂簽簴籕米簽类籕米簽籽籕米簽籽籕籜簽簴籕米簽类籕米簽籽籕籜簹籽籕籜簽簴籕籜簹籽籕籜簹籾籙籲籼类籔粂籼籾籙籲籼籾籙籲簹籽籕籜簹籽籕米簽类籔粂籼类籕米簽籽籕籜簽簴籕籜簹籽籕籜簹籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簽簴籕籜簹籽籕米簽类籔粂籼类籕米簽籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簹籽籕米簽类籔粂籼类籕米簽类籔粂籼类籕米簽籽籕籜簽簴籕籜簹籽籕米簽类籔粂籼籾籙籲籼类籔粂籼籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簹籽籕籜簽簴籔粂籼类籔粂簽簴籔粂簽簴籕籜簹籽籕籜簹籾籙籲簹籽籕米簽类籔粂簽簴籕籜簹籽籕籜簹籾籙籲籼籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簽簴籔粂籼类籔粂簽簴籔粂簽簴籔粂籼籾籙籲簹籽籕籜簽簴籕籜簹籽籕籜簹籾籙籲簹籽籕籜簹籽籕米簽类籔粂籼类籕米簽类籕米簽籽籕籜簹籽籕籜簽簴籕籜簹籾籙籲籼类籔粂籼籾籙籲籼类籕米簽籽籕籜簹籽籕籜簽簴籕米簽籽籕籜簹籽籕籜簽籆籔粂籼类籔粂籼类籔粂籼类籔簺籼簴籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籙籲籼类籔粂籼类籙籲籼类籔粂籼类籔粂籼类籔粂籼簴籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粃簽类籔粂籼类籔粂籼类籔粂籼类籔粂籼类籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籁籙籍粀籽籡籝簽类籔粂簽簴籕籜簹籽籕籜簹籾籙籲籼类籔粂簽簴籔粂籼类籔粂簽簴籔粂籼籾籙籲籼类籔粂簽簴籕米簽类籕米簽籽籕米簽籽籕籜簽簴籕米簽类籕米簽籽籕籜簹籽籕籜簽簴籕籜簹籽籕籜簹籾籙籲籼类籔粂籼籾籙籲籼籾籙籲簹籽籕籜簹籽籕米簽类籔粂籼类籕米簽籽籕籜簽簴籕籜簹籽籕籜簹籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簽簴籕籜簹籽籕米簽类籔粂籼类籕米簽籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簹籽籕米簽类籔粂籼类籕米簽类籔粂籼类籕米簽籽籕籜簽簴籕籜簹籽籕米簽类籔粂籼籾籙籲籼类籔粂籼籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簹籽籕籜簽簴籔粂籼类籔粂簽簴籔粂簽簴籕籜簹籽籕籜簹籾籙籲簹籽籕米簽类籔粂簽簴籕籜簹籽籕籜簹籾籙籲籼籾籙籲簹籽籕籜簹籽籕米簽籽籕籜簽簴籔粂籼类籔粂簽簴籔粂簽簴籔粂籼籾籙籲簹籽籕籜簽簴籕籜簹籽籕籜簹籾籙籲簹籽籕籜簹籽籕米簽类籔粂籼类籕米簽类籕米簽籽籕籜簹籽籕籜簽簴籕籜簹籾籙籲籼类籔粂籼籾籙籲籼类籕米簽籽籕籜簹籽籕籜簽簴籕米簽籽籕籜簹籽籕籜簽籆

FORENSICS

ZIP Odyssey

I wonder how an English dictionary would be helpful..

easy pcap 🦈

/
../ ._ .."" '""--.._ :--.__ ./ ""--.._ \ ""--..../ o ) ) ___ ) ) \ .-'. /.-' ( : ; \ ( .'''' .-' : ; ""--..../ )--- .-'..'

Sheet of secrets

(●'◡'●)

Excel

Isn't it a lovely day?

Flags

You rock!

Wrong Start

xxd_pooh(😎)

🤐

.pptx

Easy pcap 🦈

/
../ ._ .."" '""--.._ :--.__ ./ ""--.._ \ ""--..../ o ) ) ___ ) ) \ .-'. /.-' ( : ; \ ( .'''' .-' : ; ""--..../ )--- .-'..'

Kings of Diamonds

A seemingly harmless .jpg file is all you’ve got. But nothing in CTF is what it appears to be. Here is a password dict to help u out

Operation Shadow Recovery

A 256MB storage device was seized after a cyberattack. All files were distorted some deleted, but a flag remains hidden in the remnants.

Hidden in Plain Sight

You've been handed a suspicious .pcap file. It looks like just another HTTP traffic capture until you dig a little deeper.

hint- DNS often whispers secrets in binary… sometimes even in ASCII.

MISC

Signal from the Watchpost

You receive a series of illustrations showing a person holding two flags in different positions. No text, just silent gestures — like some old scouting code.

Flag format: HKSTR{ALLCAPS}

Lunar Love

Exhibited in several museums around the world, he used this alphabet to converse with director Jesse Lerner.

Flag Format: HKSTR{all_lowercase} [use underscores]

A link between worlds

You’ve come across an ancient inscription — one that echoes from the kingdom of Hyrule itself. The script looks unfamiliar, yet strangely artistic… almost legendary. Can you decipher the text left behind by the sages?

Flag format: HKSTR{ALL_UPPERCASE} [put underscores]

The Breakfast Protocol

Two culinary legends stood guard over ancient digital relics—the mighty Dosa, crisp and agile, and the wise Idli, soft yet impenetrable. Together, they formed the Breakfast Protocol, a legendary wall protecting the Source of Sambar—a data core containing secrets of the Internet.

But peace was never meant to last.

A rogue AI has infiltrated the temple of Tiffins and tampered with the sacred recipe scrolls. The result? A protected .zip archive disguised as a harmless recipe. Inside it, the details to the Data Masala are rumored to lie. Only the worthy can unveil the hidden flavours.

But before starting out, how about having a breakfast at the Swami South Indian Food near the Delhi Campus?

Handle With Care

Fsociety is back at us again! They are trying to stop Hackster from conducting the CTF event, but our Chief Intelligence Officer has informed us about it, he has shared some classified call recording between two attackers. Now it is your duty to reach the end.

Along with the pdf he has shared shared a hint - Look for the patterns!

Modern Art

“Not all code is written in black and white.”

Flag Format: HKSTR{all_lower}

OSINT

Home Invasion

  • Points: 150

Mission Update: We’ve gained access to some compromised Fsociety surveillance nodes.

They thought they could take us down. They thought we wouldn’t strike back.

But now it’s payback time.

The feed is live. The IP belongs to a rogue Fsociety agent — the one who led the last breach against us. All we need is one piece of intel to lock him in his city.

http://109.233.191.130:8080/

Find the cords to "love city_name" sign. Dox the traitor. Deliver justice.

Note: The feed might be lagging. Try changing to Motion JPEG or try again after some time.

Flag Format : HKSTR{XX.xxxx_YY.yyyy}

📱 Part 2: The Smartphone

  • Points: 200

Answer the asset number of the smartphone owned by the CEO of the company found in the "00_engineer" challenge. Flag Format: HKSTR{ABCD-12345}

INSIDE JOB

  • Points: 500

ALERT: We’ve uncovered a mole inside HACKSTER.

Our suspicions have been confirmed — someone has been leaking sensitive internal data directly to Fsociety. The traitor? None other than our newly recruited OSINT analyst. We should’ve trusted our instincts...

Before we lock him down, we need to know exactly what was leaked.

Operation: Gridlock

  • Points: 300

Deep within the archives of the Bureau of Navigation, you discover a dossier. Inside, there is a single cryptic code: 39J-J6L-2LCC

There are no further instructions—just this sequence, and a note: “The answer lies where grids meet reality.”

Your mission:

Decipher the code. Uncover the precise coordinates it points to.

Submit your answer in the following flag format:

HKSTR{latitude_longitude}

Example: HKSTR{XX.XX_XX.XX}

THE FINAL BOSS

A rogue agent escaping from Fsociety recently uploaded a mysterious encrypted file to our network, claiming it holds critical intel stolen from Hackster. The encryption method? A custom protocol that only decrypts data via a specific interface: https://byte-lock.vercel.app/

The decryption password? It’s split into two separate parts, each hidden within different OSINT challenges across this CTF. Only the most resourceful investigators will be able to uncover both parts and unlock the final message.

Think you're worthy of revealing what Hackster tried so hard to protect?

Mjolnir

ALERT: Fsociety is escalating their offensive — intercepting comms, hijacking data, and exposing secrets.

To counter this, we've hidden our most sensitive intel inside a seemingly harmless .jpg file.

Like the hammer of Thor, only the worthy can wield this knowledge.

Will you rise to the challenge and uncover what lies beneath the pixels?

🧩 Part 1: The Employee

An software engineer's nameplate was picked up near Tokyo Station. This should be a lost item. Answer the URL of the website (index page) of the company where this engineer works. Flag Format: HKSTR{https://google.com}

REVERSING

Let's Play a Game

Just clear all levels to get the flag ;)

Polite.exe

A friendly executable that has some… colorful opinions about people who run it. Dig deeper. It’s hiding something.

Project Erasure

You’ve been given an executable by a rogue AI group. The moment you run it, all hell breaks loose — warning sounds, deletion messages, even a threatening countdown. But is it actually doing anything? Or is this just an elaborate scare?

Your job: Stay calm, reverse the binary, and find the hidden message before the countdown ends.

“Not everything that screams is dangerous. But something is definitely hidden.”

operation - Detective 2

organization under attack , hacker hides the data . was only able to get the log file only hint : {0x400D80} (uint32_t)0x00410EA0 == 0x400D80 Ex - flag{xxxxxxxxxxxxxxxxxxxxxx}

Tic Tac Toe

Win the game to get the flag :)

Flag format: CTF{}

Wild Encounter!

It's a wild Pokémon! 🐉 It's attacking you with numbers: 3152346, 1213523, 5326231 Can you guess its next attack before it's too late?

Hint: Only true trainers know how to predict such fury.

Operation - Detective-1

You find a sus log file , only hint - flag = ''.join(chr(b) for b in blocks if 32 <= b <= 126) print("flag{" + flag + "}") and a normalize python file Flag format : flag{xxxxxx_xxxxxx} [case sensitive plz be mindful]

STEGANOGRAPHY

Scalable Vector Secrets

You’ve been handed a simple SVG file. Nothing fancy — just shapes and colors. But someone said this innocent vector drawing isn’t so innocent after all.

Can you dig into the source and uncover what it's really hiding?

Flag Format: HKSTR{ALL_UPPERCASE}

Eaten secrets

Your pokemon is hiding something.. I am sure he has eaten a secret! When I approached him, he attacked.. ...

Tip: Check the mdata in your pokeball, they might contain some data about your pokemon's secrets...

Bit by Bit

"They say a picture is worth a thousand words — but sometimes, it's what hides in the smallest shifts(lsb) of color that reveals the truth."

SSTV

“You don’t hear it — you see it.”

WEB

Sudoku

  • Points: 250

Solve the puzzle, sift through the noise, and uncover what lies beneath the surface. https://sudoku-site-five.vercel.app/

Double Agent

  • Points: 300

You’ve been monitoring fsociety's activity after a suspected breach in your security intelligence platform. Everything seemed normal… until a pattern emerged. A so-called “security expert” has been publishing articles discussing fsociety—nothing that raises suspicion at first glance.

But here’s the twist: our sources indicate that this individual is a double agent, feeding hidden messages to fsociety operatives. The content looks clean but is actually hidden with clues for fsociety members.

https://fsociety-article.vercel.app/

WELCOME

Feedback

  • Points: 200

https://docs.google.com/forms/d/e/1FAIpQLSeRe5HywGM-jMnntGrr0NSoSXSNF4TryPSSAIN2f-BCa5IEnw/viewform?usp=header

Insanity Check

  • Points: 200

Flag format: HKSTR{all_lowercase}

Sanity check

Read the rules once just for the sake of it..

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors