Skip to main content

I cracked or decoded something in the Cyber Range, how do I get points for it? a.k.a. - Flags and Puzzle Challenges

  • Updated

Riddles, Scavenger Hunts, Flag Challenges

We enjoyed building these vulnerable websites for you, and when we have fun we tend to get a little evil. We have hidden messages in just about every single range we have. Some of these challenges score in the form of a flag, others score automatically by performing some action. This article will attempt to help explain how to solve this type of challenge and earn points for it – without giving away any answers.

 

Flag challenge: You will crack some secret message somehow and it will spell out something along the lines of “Flag = xxxxx” or “Your Flag is….”. it will mention a flag. This can be submitted in the scoring dropdown along the top, or on the My Stats -> Challenges page. Note that flags will be case sensitive and you want to submit it how it’s found spacing-wise also.

'Visit this location' challenge: You have cracked some kind of encrypted message or riddle, and at the end of this riddle there are some special characters - /. These point towards a URL, visit this spot in order to score. Remember URL’s are actually case sensitive.

'Do this thing' challenge: Once you crack this kind of message, it will give you a mission. Maybe you need to place an order for something specific or focus your efforts on a particular user – read your decrypted messages very carefully.

 

The key here is attention to detail, what special characters exist? What is the capitalization in the original message? What is the message telling you to do? Some of these challenge automatically score once you do what the message instructs you to do, others are indeed flags. It can be confusing to solve some of the auto-scoring ones, but if you think like an attacker and take your time to understand the message, you’ll figure out how to get points from it.

 

It's also important to note here that there are red herrings out there. There are hints towards things that are actually dead ends and won’t lead to points. An example of a red herring is in the forum on Shadow Bank, there is a credit card number. There is nowhere on Shadow Bank to use a credit card so there are no points for this discovery. You can always ask an instructor or ninja for assistance if you aren’t sure what you have found is a red herring or if you are onto something point-worthy.

Related articles

Comments

0 comments

Article is closed for comments.

Powered by Zendesk