● Warmups

a. Rot 13
■ The question name itself is the hint, i.e, the given
ciphertext pppgs{ebg13nyjnlffgnlf} is encoded using
ROT-13 Cipher
■ Use https://www.dcode.fr/en and search for ROT13
Cipher and input this ciphertext to obtain the flag right
away
■ Flag: ccctf{rot13alwaysstays}

b. Open Source Intelligence

■ In this challenge you have to stalk the creators of the ctf,
who if you don’t know already from discord, are Karthik
and Vikhyath
■ Use Linkedin to your advantage and search the
companies they work in
■ In this case, Karthik works in Green Monk and Vikhyath
works in Technoculture Research (ignore abbreviations
like Ltd. and Pvt.)
■ Taking the first letters from each of the companies and
referring to the given example in the question, you get two
possibilities GMTR and TRGM. Try the first one after
enclosing the string in curly brackets {} and prefixing it
with ccctf, you get the flag
■ Flag: ccctf{GMTR}

c. Convert binary to text

■ The description and title give clear instruction on what to
do for this challenge
■ Just google for “Binary to text converters”
■ Also, if you notice, the first 3 binary numbers are the
same. So that is a clue that it correlates to “ccc” of “ccctf”,
which is the flag format
 ■ Flag: ccctf{allthebest}

d. Lorem Ipsum
■ Open the given drive link to find that a word doc opens up
■ Use Ctrl+F to to search for “ccctf”, which is the flag format
■ Flag: ccctf{loremipsum}

e. Search for flag.txt or find command in linux

■ For this challenge, you need a lot of patience or Linux
■ You’ll have to look through each folder to see if the flag.txt
file is present in it
■ If you have Linux, then you can use the terminal and
navigate to the directory where the downloaded folder is
present using the command “cd *name of folder*“. Make
sure you have extracted the .rar file beforehand.
■ Once you are in the directory, use the command “grep
flag.txt”
■ Flag: ccctf{flagisHere}

● Crypto
a. Base (((829-676)/3)^2-2599)^6)
■ On solving the above expression, you get “Base 64” as
the answer, which is a very common type of encoding
used in cryptography
■ Google for “base64 decoder” and input the give ciphertext
into it and get your answer
■ Many of you faced issues with this question as you used
only one online decoder to get the job done, but every
decoder has slightly different settings, so make sure you
try multiple decoders if you are not getting the answer.
■ Flag: ccctf{base64roxx}
 b. OTP
■ The answer to the fill in the blanks is the word “time” as it
is the 4th dimension mentioned in Insterstellar. This gives
us the hint that One Time Pad is used.
■ By google this, you can find out that it is a very common
type of encryption. You can again use
https://www.dcode.fr/vernam-cipher to decrypt this. Make
sure to input the key and ciphertext onto the proper fields
■ Again, many of you continued to use the same decryption
tool and it did not work. So always try using a different
decryption tool as there are many available online
■ Flag: ccctf{vernameisonetimepad}

● Akbar and Birbal - The Puzzle Marathon

a. Start Here
■ Reading the given paragraph, the flag is given right there
■ Flag: ccctf{Akbar and Birbal}

b. The Code to be Cracked

■ The word “Morsify” in the paragraph should give you a
good enough hint that Morse code is being used here
■ Since the downloaded file has beeps, each beep is part of
the Morse Code
■ To make your life simpler, you could have Googled
“Morse Code Audio Decoder” and found out that
https://morsecode.world/international/decoder/audio-deco
der-adaptive.html exists for that very purpose
■ Upload the file there and click on “Play” and see the flag
appear right in front of you
■ Flag: ccctf{akbartestswitsofbirbal}
c. Quizzy Quiz
■ Answer 1 - Abu'l-Fath Jalal-ud-din Muhammad Akbar
■ Answer 2 - Din-i Ilahi
■ Answer 3 - Tansen
 ■ Answer 4 - FTX
■ Answer 5 - Andrew Tate / Top G
■ Answer 6 - Adin Ross
■ Answer 7 - Jerome Xavier
■ Flag: ccctf{adtfaaj} or ccctf{adtftaj}

d. Ad Sense
■ Audio 1 - Frooti
■ Audio 2 - Idea (SIM Carrier)
■ Audio 3 - Centrefresh
■ Audio 4 - Imperial Blue
■ Audio 5 - Cadbury / Dairy Milk
■ Flag: ccctf{ficic} or ccctf{ficid}

e. Missing Piece
■ Just solve the puzzle by moving the pieces around
■ Flag: ccctf{sageis:)xdd}

f. Word Games
■ The given link leads to a book and the given numbers are
in the format PAGE NUMBER - LINE NUMBER - WORD
NUMBER
■ Flag: ccctf{superbgifts}

g. The Final Milestone

■ At first glance, it seems like the audio is gibberish but on
careful analysis, it seems like a sped up portion of audio
■ Use a program like Audacity or https://audioalter.com/ to
alter the speed and pitch of the audio so that you are able
to recognise that this is someone speaking a few words
■ Flag: ccctf{this is a long text but make sure to give
spaces wherever necessary because this is going to
be a long audio without any punctuation}
h. SQL Injection
■ On opening the link, we see that it is a login form
■ The question itself suggests us to do an SQL Injection
attack and the description asks you whether you are
admin or not. Hence we know that we need to be an
admin to access the flag
■ By searching online, you can use the simplest of SQL
Injection attacks. Just insert “admin’ OR 1=1#” into the
“Username” field and “admin” into the password field
■ Do note that many SQL Injections use “--” instead of “#”.
This is because the syntax of the exploit is dependant on
the version of SQL being used in the backend. That is
why the clue (-- == #) is given so that you use “#” instead
of “--” in your exploit
■ Flag: FLAG-238974289383274893

i. Can you find the robots?

■ This question stresses a lot on the word “robots” and the
description talks about a secret text file, so you should
probably Google what is the secret robots text file
■ You should end up finding out that there is a “robots.txt”
file in a server if that is used to prevent overloading of a
site with requests
■ At the end of the page’s url, add “robots.txt” and click
Enter
■ You will see “Disallow: /lbb4c.html” written. But if
something is not allowed, then you MUST try it out
■ So remove “/robots.txt” (including the “/” sign) and put in
“/lbb4c.html” and click Enter
■ You will now see the flag on the webpage
■ Flag: picoCTF{ca1cu1at1ng_Mach1n3s_1bb4c}
 j. Stack Overflow or?
■ When you run the downloaded executable file on your
terminal, it asks you for an input (Google how to run an
executable file on terminal)
■ This type of vulnerability is susceptible to binary
exploitation (Google it)
■ This article here does a very good job of explaining all the
concepts leading to the final solution, so refer to that.
■ Flag: ccctf{buff3rov3rfl0wisd0p3}

● CCCTF Specials
a. Want extra points?
■ Once you fill the Google Form, you get a message that
accuses you of not opening Discord and Instagram
■ Opening the Discord of Coding Club CTF, you can find
Part 1 of the flag in the title of the notes and resources
section, which happens to be where the flag was placed
last time also
■ Part 2 of the flag could be found in the bio of Coding
Club’s Instagram Page
■ Flag: ccctf{beatingaroundth3bush}