CTF00: Welcome to Da Metaverse
When things get meta.
Show MoreYou're late, pal. The party is over.
Innofactor CTF Challenge
Ready to challenge yourself? Participate in the Innofactor CTF, and win some cool prizes and Innofactor swag!
The official compo is now over. We'll be in touch with the winners.
What is this? Where am I?
Welcome to the Innofactor challenge! Here you're able to showcase your cyber security skills by solving various tasks! Have fun, do your best but don't break anything, please. 😊 We log extensively and disqualify all participants who try to ruin the fun for others.
Who are you? What do you folks even do?
At Innofactor, we innovate to make the world work better together with over 500 Nordic colleagues. Our objective is to help our customers digitalize their business, promote a collaborative way of working, and develop business processes using secure cloud services. In November 2021, our brand new office in Jyväskylä was opened, and we now have seven offices in Finland in total.
I heard something about DigiStar, spill me the beans!
The Innofactor DigiStar program offers an excellent opportunity to become a hard-core expert in modern technology. The application period of our DigiStar program is now open! We are looking for Junior Cybersecurity Consultants, Junior, Full Stack Developers, Junior Data Analysts, Junior Azure Engineers, and much more!
The program will begin in May 2022 with a two-week Boot Camp in Espoo, Finland, during which Innofactor's professionals will train you for your upcoming job and you get to meet all our Nordic DigiStars. After the Boot Camp, you will work as part of our self-organized teams, where you will receive sparring and support from your personal mentor.
Read more and apply here!
The Challenge
Oh noes! NoobHansa is a thriving Finnish company manufacturing the Premium PuuHöylä Products™ of the finest quality, which have served PuuHöylä aficionados for decades. However, it seems like they've made some very basic mistakes in securing their IT environment.
Your mission, should you choose to accept it, is to find a way to collect all of the flag keys planted inside the NoobHansa environment. The keys are 16-character alphanumeric strings, unless stated otherwise.
The challenges are separate; you don't need to finish them in chronological order. They are all quite easy, actually.
The Prize
So, what will I get for this? Instead of fancy NFTs, we will be giving out actual prizes.
First place
JBL Flip 5 Bluetooth Speaker
Innofactor Swag Kit (Backpack, thermos flask and a reflector)
Second & Third place
2000 mAh Quick Charge-compatible PowerBank
Innofactor Swag Kit (Thermos flask and a reflector)
CTF00: Welcome to Da Metaverse
NoobHansa has a server called archive.noobhansa.net. It stores important business documents. Find a way to access it, retrieve the document and find the hidden CTF key in it. It will get quite meta – literally.
CTF01: Too much transparency
In some cases, transparency only makes things worse.
Show More
CTF01: Too much transparency
NoobHansa has a hidden web portal containing top-secret business information. However, they forgot to add any authentication, even though the server has a valid SSL certificate. Find the server, retrieve the CTF key.
CTF02: PHPlease
Outdated software -- what could possibly go wrong?
Show More
CTF02: PHPlease
Temporarily disabled
CTF03: Follow the Protocol
Sometimes following the protocol leads to great things.
Show More
CTF03: Follow the Protocol
NoobHansa's Corporate Website at noobhansa.net is on a maintenance break. However, one might find a CTF Key from it if they just follow protocols. Find the key.
CTF04: SSHenlo fren!
This is way too easy.
Show More
CTF04: SSHenlo fren!
MOTD: This is a simple one. Find the key from the server at noobhansa.net.
CTF05: BASEd, yet ROTten
This is an easy one.
Show More
CTF05: BASEd, yet ROTten
What's the key?
Uk9UMTM9NElJWjY1dzZ2WERNbHdMdw==
Hint: Decode it twice.
CTF06: Secretz
Sometimes when you face a challenge, you just need to map things out.
Show More
CTF06: Secretz
The server at secretz.noobhansa.net holds some...well, secretz. If you can map it out, you will find the secret key.
CTF07: Father, I have OSINTed
Even with impressive technical solutions, sometimes the biggest issue is PEBCAK.
Show More
CTF07: Father, I have OSINTed
NoobHansa now has some social media presence, after a visit from a marketing consultant! However, some of their employees are quite careless online. Find the company profile, then find the key.
CTF08: MD5SUMplinta
This is an easy one.
Show More
CTF08: MD5SUMplinta
What's the key? This flag is only 14 characters long.
c12371a6cc6695d4b736170ee69cd8e8
CTF09: Captain Obvious
No intro required.
Show More
CTF09: Captain Obvious
It's right under your nose.
TXT00: Layered defense
Information security includes various principles.
Show More
TXT00: Layered defense
Defense in Depth or Layered Security is a strategy that leverages multiple security measures to protect an organization's assets in a holistic way. Read the article linked below. After reading, write freely how you would protect your client's network in different ways, considering the Layered Defense strategy? (2000 character limit)
TXT01: KillChain
Ugh...another R/W task.
Show More
TXT01: KillChain
The term "Kill Chain" is a term used in cyber security that describes the structure and progression of a cyber attack step by step. Check out the stages of a cyber attack displayed by Lockheed Martin's Kill Chain, the article is linked below.
What is the first step in the KillChain where you, as an employee, could get yourself involved in protecting your employer's business, and how exactly would you do it? (2000 character limit)
TXT02: PCAP in a haystack
Someone or something just infiltrated NoobHansa's network. Who could it be and what the &*#%! happened???
Show More
TXT02: PCAP in a haystack
This exercise includes a PCAP file, which contains some captured network traffic. The traffic simulates a cyber security attack. Review the PCAP, and document the following:
-
Date and time of the malicious activity in UTC (GMT)
-
IP address of the affected Windows host
-
Mac address of the affected Windows host
-
Host name of the affected Windows host
-
User account name on the affected Windows host
-
What malware might be involved
This challenge is a bit harder than the others.
This exercise is brought to you by MTA. If interested, request for more specific source from Innofactor.