Mad Hatters CTF - Spring 2025

Mad Hatters CTF - Spring 2025Spring CTFQ1 — A Mechanical GardenQ2 — Kitty ConundrumQ3 — Travel Document TurmoilQ4 — Strange WavesQ5 — Strange MessageQ6 — Cruise CrashingQ7 — Insecure AnalysisQ8 — Guessing GameQ9 — Delicious HashbrownsQ10 — Hashtastic!

Spring CTF

Q1 — A Mechanical Garden

Our intelligence team has intercepted a photograph during surveillance operations on a suspected adversary. The image appears to have been taken at a location containing numerous tall, cylindrical structures arranged in what seems to be some kind of outdoor display. These mysterious objects vary in size and appearance, suggesting they may be of historical or technical significance. Your task is to analyze this reconnaissance photo and extract critical information that could reveal the adversary's whereabouts and intentions. Every detail matters in this operation—the structures, their arrangement, any visible markings, and the surrounding environment could all provide valuable intelligence. Can you help us decode what this location is and what secrets it might hold?

mechanical-garden

  1. In what city was this photo taken?

  2. What is the name of the location this picture was taken?

  3. What type of devices are the tall structures in the picture?

  4. What is the name of the left most tall structure?

Q2 — Kitty Conundrum

This is Butter the cat. We have reason to suspect that she may be hiding a flag somewhere. Maybe Butter's name holds the key to unlocking the secret?

smooth

  1. What is the flag?

Q3 — Travel Document Turmoil

We've been tracking an adversary and we aren't sure where they went, but we found this document that they were looking at. We have reason to believe it contains information about their destination but it is password protected. Can you uncover its secrets?

Download getaway.pdf (46KiB)

  1. What is the password?

  2. What is the flag?

  3. What country is featured in the document?

Q4 — Strange Waves

We intercepted this strange audio file during our investigation. It doesn't sound like speech or any code that we know of, but we suspect there's something hidden inside. Can you figure out what it's trying to tell us?

Download suspiciousaudio.wav (321KiB)

  1. What is the flag?

Q5 — Strange Message

We've received a strange message from an unknown source, but it appears to be encoded somehow. Our cryptanalysis team needs your help to decipher this mysterious communication and extract any hidden intelligence.

  1. What is the flag?

Tip
This message appears to use multiple layers of encoding or translation. Try common encoding methods like Base64, or hexadecimal. The flag name suggests you may need to apply more than one decoding/translation step to reveal the final message.

Q6 — Cruise Crashing

An adversary we've been tracking posted this photo on social media with a caption saying their cruise is docked and they're leaving the city. We need to analyze this image to gather intelligence on their location and movements to track them down.

hotel

  1. What hotel was this picture taken at?

  2. What date was this photo taken?

    Important

    Enter your answer in this format exactly: mm/dd/yyyy hh:mm:ss

  3. What cruise was docked at the time the photo was taken?

Tip
Examine EXIF metadata to identify the location. Cross-reference cruise schedules with the identified location and timestamp to determine which ships were docked at that time.

Q7 — Insecure Analysis

Our security team intercepted suspicious network traffic during a recent incident. The captured packets contain evidence of insecure communications and data transmissions. Your task is to analyze the packet capture file and extract key information that will help us understand what happened.

Download capture.pcap (216KiB)

  1. What is the MAC address of the server hosting the flag?

    Tip

    Use lowercase for any letters in your hexadecimal string.

  2. What file format is the flag stored in? Provide your answer as a MIME type (Google is your friend!)

  3. What web browser was used?

  4. What webserver is being used?

  5. What version number is the webserver software?

  6. What full URL was the flag located at?

  7. What hypervisor are these machines running on?

  8. What is the flag?

    Important

    Remember to format your answer as a flag!

Tip
Use Wireshark to analyze the packet capture. Look for HTTP traffic, examine packet headers for server information, and check the frame details for MAC addresses. How do we identify network interfaces in a network? The OUI (Organizationally Unique Identifier) in MAC addresses can reveal hardware manufacturers and virtualization platforms.

Q8 — Guessing Game

Our developers created a simple number guessing game, but they claim there's a "magic number" that will reveal a secret flag. Can you analyze the code and figure out what number they're looking for?

The program accepts numeric input and will tell you if you've found the correct value.

Download guessing_game.py (1.4KiB)

  1. What programming language is this challenge written in?

  2. What is the magic number?

  3. What is the flag?

Tip
When analyzing code, look for hardcoded values, conditional statements, or mathematical operations that might reveal the target number. Pay attention to hexadecimal values (0x1337) and how they're used in calculations. You can also run the code and examine the logic flow.

Q9 — Delicious Hashbrowns

For each of the following examples, provide the hashed version of the provided password using the request algorithm.

  1. Hash the password breakfast using MD5

  2. Hash the password S4ndw1ch! using MD5

  3. Hash the password b4c0n&3ggs using SHA224 (not to be confused with SHA256)

  4. Hash the password C@FFe3!sn0t4m3 using SHA384

  5. Hash the password IL0veSc0n3s! using MD4

Q10 — Hashtastic!

Now that you know how to hash passwords, can you figure out how to unhash them? Provide the original passwords for these hashes to win!

Tip
We have used common, insecure passwords so you should be able to break these without any specialized hardware or knowledge. Have fun!

  1. 3383d030eded1acba9f9e691cbc98313

  2. 745e7ab6a738c76e8a95e9592169bc8c

  3. 4a776128be891c64b4b080f5d2965c70a72d05aee413803ef0e9d7eb8a522a7d

  4. fb160f94fc0c2a9e9602a42784fb535d8d0eb21e7ed45f2fce6f36cadf525bdf

  5. fedc0d398b252f26b2df7bb57869bab89157a179195198d04c7bf4e0979d91e7d154f188e910568effbc00d466e0f273800da20b88bd32dfb8c838fff343b3e7

All done with this event? Click this button to submit your answers and ask for an officer to verify your completion.

Clear your answers for this event: