| layout | title |
|---|---|
default |
1337 Challenges | CTF @ UBC |
Thanks for trying out this year's 1337 challenges! Although the 1337 role is no longer obtainable, you can find all challenge files and resources below.
All flags will begin with the prefix maple{. You can find last year's challenges here.
Note: Some challenges will require you to connect to a remote server. Netcat (abbreviated as nc) is a simple tool installable on Mac/Linux that makes this easy: connect to a server with nc <ip> <port>. Netcat is used mainly for remote, text-based connections. For example, entering the command nc 1337.maplebacon.org 4000 in your terminal will let you interact with the first part of the Miscellaneous challenge.
If you're using Windows, we highly recommend installing Windows Subsystem for Linux - feel free to ask for help if you're having trouble setting anything up.
These 1337 challenges are designed to be approachable by beginners - our goal is to make them slightly challenging, exposing you to new CTF concepts without requiring advanced technical knowledge. Challenges with some harder concepts have additional resources or guides associated with them that explain prerequisite knowledge you may need. Remember: if you get stuck, join us in the #1337-challenges channel on our Discord to receive hints and share ideas with others!
Good luck!
Author: Arctic
Hey you. You're finally awake. You were trying to cross into second year, right? Walked right into that ambush, same as us, and that cpen student over there. Damn you Gregor. CPSC 110 was imperative until you came along. Programming was nice and easy.
Part 1 will put you in a jail with no restrictions to let you get used to the basics. Connect with nc 1337.maplebacon.org 4000.
Part 2 will put you in a jail with quite a few restrictions that you'll have to work around. Connect with nc 1337.maplebacon.org 4001.
Submit the part 1 and part 2 flags together! For example - if you get maple{ab for Part 1 and cdef} for Part 2, submit maple{abcdef} as one flag.
If you have racket installed locally, use racket -t jail1.rkt to run the jail locally.
See our guide on what "jail challenges" are in CTFs!
Author: Desp
This guy keeps taunting me for not being able to guess his flag :( Surely there's a better way to this, right?
- You likely would want to use a disassembler like Ghidra for your journey.
- What is a disassembler you might ask? Check out a high level overview of what it does here!
- To understand how a program works, it would be beneficial to understand how our machines themselves work - for a quick primer, here's a great blog post by
0x41.cfthat touches on most of the low-level concepts involved!
Author: Desp
Let's see how creative you can be in coming up with shellcodes!
Connect with nc 1337.maplebacon.org 1337 and provide the payload you designed.
- Binary exploitation (or pwn) has quite a bit of similarity with reversing - you might find the resources in the reversing challenge useful too.
- Here are also some quick tools for prototyping shellcodes:
- godbolt for exploring how a function translates into assembly
- defuse online x86 assembler for handwriting assembly into machine code
- Don't be intimidated! The intended solution is very short and utilizes one specific aspect of low-level computing. You can ignore everything in the
handlefaultsfunction - they are only here to help the challenge run more smoothly.
Author: JJ
hey everybody!! imade my first website and its AWESOME!!!
if u dig closely u might even find some secrets...
check it out here: 1337.maplebacon.org
Author: vEvergarden
Alice and Bob are having a great time exchanging their little secret messages... until they realize they're living in a simulation.
Check out our guide for an introduction to Diffie-Hellman Key Exchange and a story of Alice and Bob's adventures!
- A great video from Computerphile that illustrates the Diffie-Hellman key exchange
- A more mathematical approach, the second part of the series by Computerphile