Skip to main content

Fall 2025 Flash CTF

Welcome to the Fall 2025 Flash Capture The Flag competition! You are allowed & encouraged to use any online tool including Google and AI. Attacking the competition platform is strictly prohibited.

NOTE: Correct submissions are being saved, refreshing won’t erase them from the server.

Name: Not set
Loading leaderboard...

Open Source Intelligence

1 - Tree 10 ptsEasy

A local historian has uncovered a strange property deed, but the original owner's name is smudged. The deed is for a famous local landmark in Athens, Georgia, pictured below.

We need to find the full name of the man who originally owned this tree and granted it its 'freedom'.

Flag Format: thp{First_MiddleInitial_Last}


Challenge Author: Zayan Hoodani (zayanh)

2 - Discord Bot 20 ptsMedium

We've received this Discord bot repository where sensitive information may have been exposed. Can you find the flag?

Flag Format: thp{}


Challenge Author: Zayan Hoodani (zayanh)

3 - Off The Grid 30 ptsHard

We've been tasked to find the exact time Zayan went off the grid. All we have is this note found at their desk.

note

Link is case-sensitive.

Flag Format: thp{DD-MM-YYYY_HH:MM}


Challenge Author: Zayan Hoodani (zayanh)

Cryptography

4 - Mirror 10 ptsEasy

Oh no! There is a malicious virus on our servers that's making all of our text backwards, there is only one way to stop it and that is to enter a super secret phrase. Luckily we managed to get the phrase, unluckily it has been encoding.

Can you figure out the plaintext of the encrypted password:

gsk{uorkgsvhxirkg}

Flag Format: thp{}


Challenge Author: SriRam Surisetty (famousmagic87870)

5 - Choo Choo 20 ptsMedium

One spooky night a train conductor is all alone at a railway station after a long day's work. However, he notices that there are a weird number of train tracks and that they have been shifted around. All of a sudden he hears an eerie train horn, and then all of a sudden he sees a ghost train rush by him!!! When the train finally stops a skeleton walks out and hands him this message:

ao{lbatplar}h_d

What are the ghosts trying to say?

Flag Format: thp{}


Challenge Author: SriRam Surisetty (famousmagic87870)

6 - Emoji 30 ptsHard

We've received an emoji that apparently contains the flag, can you find it? Here's the emoji:

😀󠅤󠅘󠅠󠅫󠅕󠅝󠅟󠅚󠅙󠅏󠅔󠅕󠅓󠅟󠅔󠅕󠅏󠅘󠅡󠄢󠄤󠄠󠅘󠅡󠄠󠄢󠅭

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

Password Cracking

7 - Let's Rock 10 ptsEasy

We've received this password hash that seems to originate from the RockYou breach. Can you crack the password?

Hash: 31d8c2fe81a635bef93315aa8234c1a0

Flag Format: password


Challenge Author: Divesh Gupta (legendile7)

8 - Mask Up 20 ptsMedium

We've received this password hash that seems to follow the pattern of THP-PASS-#### where # is a number. Can you crack the password?

Hash: fbb4ba434d9d6413e4f3a3381a646cb3

Flag Format: password


Challenge Author: Divesh Gupta (legendile7)

9 - Dawg 30 ptsHard

We've received this password hash that seems to be a dog breed appended by a special character and number. Can you crack the password?

Hash: ce7f4c18a74bfa86af7c22b7222e34f3

Flag Format: password


Challenge Author: Divesh Gupta (legendile7)

Forensics

10 - Amogus 10 ptsEasy

This image is suspicious, can you find the flag?

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

11 - Data Exfil 20 ptsMedium

We've got a packet capture where someone downloaded some secret files. Can you find the flag?

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

12 - Encrypted Email 30 ptsHard

We've received a raw email of someone sending suspicious data to someone. Can you find the flag?

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

Log Analysis

We're conducting our biannual Microsoft Exchange Server security audit. Can you go in and see if anything has gotten through our standard spam filters?

NOTE: Challenges 13-15 all use this same file.

13 - Microsoft Exchange Audit 1 10 ptsEasy

How many SMTP SEND events are in the logs?

Flag Format: thp{#}


14 - Microsoft Exchange Audit 2 20 ptsMedium

Which IP address in the 185.220.101.0/24 subnet successfully delivered an email (not quarantined/rejected)?

Flag Format: thp{#.#.#.#}


15 - Microsoft Exchange Audit 3 30 ptsHard

Which internal email account received the most emails from external sources?

Flag Format: thp{email}


Challenge Author: Hung Nguyen (triumviratesys)

Web App Exploitation

16 - Robot 10 ptsEasy

It seems like some clanker hid something on this website. Can you find the flag?

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

17 - Notes 20 ptsMedium

Can you find the flag on my notes website? (NOTE: Bruteforcing web challenges is out of scope and should not be done.)

Website: https://notes.thehackpack.org

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

18 - Fetch The Flag 30 ptsHard

Can you find the flag on this fetch service? (NOTE: Bruteforcing web challenges is out of scope and should not be done.)

Website: https://fetch.thehackpack.org

Flag Format: thp{}


Challenge Author: Divesh Gupta (legendile7)

Reverse Engineering

19 - Binary Keystone 10 ptsEasy

Can you find the right key to unlock the core logic?

Flag format: thp{key}


Challenge Author: Swapnil Roy (thespcrewroy)

20 - String Mangler 20 ptsMedium

A mysterious program is asking for a password. Can you figure out what it wants and claim your flag?

Flag format: thp{input}


Challenge Author: Divesh Gupta (legendile7)

Survey

21 - Survey 10 ptsEasy

Thank you for participating in The Hack Pack's Fall 2025 Flash CTF! We would love to hear more about your experience. Answering this survey gets you a flag worth 10 points!

Survey Form: https://forms.gle/6EBUZ1xyu38jndPA7

Flag format: thp{}