2025RCTF
Signin
直接修改分为100
RCTF{W3lc0m3_T0_RCTF_2025!!!}
Speak Softly Love
Challenge 1: Video ID
Even with the limited hardware of that era, this small player could still produce surprisingly gentle melodies. Please help me locate the ID of the original upload of this piece.
附件是一个视频,打开看看
根据题目要找到视频的id,尝试关键词搜索
得到id8ssDGBTssUI
Challenge 2: Code Revision
The developer behind it has quietly maintained his corner of the net for many years. Please help me locate the version entry in the author’s own code history where he introduced a safeguard to prevent endless “soft error” loops caused by missing playlist items.
在视频的简介中
会跳转到这个网站
在下边找到
跟进
把题目给ai看看
知道是在0.9修复了
去svn中寻找
找到r178
Challenge 3: Name-pronunciation URL
The developer has quietly maintained his corner of the net for many years. Please help me locate the full URL that points to the recording in which he pronounces his own name.
https://mateusz.viste.fr/mateusz.ogg
Challenge 4: Donation address
The developer has quietly maintained his corner of the net for many years — a place filled with personal tools, archived ideas, and even a way to show appreciation if his work ever brought you something valuable. Please help me locate the address he published for donations in digital currency.
有一个gopher节点
进入
得到地址16TofYbGd86C7S6JuAuhGkX4fbmC9QtzwT
Shadows of Asgard
Background Story
During a red team exercise, Loki the Trickster successfully compromised Thor’s machine and planted a backdoor. Thor discovered the anomaly and identified Loki’s C2 server IP, but as a script kiddie, he only knows how to run directory scanners and has no idea how to counterattack.
In desperation, Thor captured all the network traffic and came to you for help. The AllFather Odin watches from his throne, curious to see if you possess the wisdom to unravel Loki’s schemes.
“In the halls of Asgard, deception wears many faces. Even Huginn and Muninn, Odin’s ravens, struggle to discern truth from illusion when Loki weaves his tricks.”
Challenge 1: The Merchant’s Mask
Loki, master of disguise, never reveals his true intentions at first glance. His C2 server hides behind a false front—a seemingly legitimate corporate website designed to fool mortal eyes.
What is the name of the company Loki used as camouflage on his C2 server’s front page?
渊恒科技
Challenge 2: The Parasite’s Nest
Like a serpent hiding in Yggdrasil’s roots, Loki’s backdoor didn’t run standalone—it parasitized an existing process on Thor’s machine to avoid detection.
Identify the complete file path where Loki’s C2 agent was running.
在第六个流中,有aeskey和aesiv,还有data,
key和iv解base64后在解decimal,后to hex得到hex格式的密钥
iv进行同样的操作,之后解密data
得到C:\\Users\\dell\\Desktop\\Microsoft VS Code\\Code.exe
Challenge 3: The Hidden Rune
Loki commanded his agent to reveal its current working directory. But the Trickster is never straightforward—his commands are hidden in layers of encryption and steganography.
What is the taskId for the pwd command that Loki executed?
继续解密流量
发现上传的图片也有内容,解密
继续
得到idc0c6125e
Challenge 4: The Forge of Time
In Midgard, every realm has its moment of creation. Loki probed Thor’s machine to learn when its primary storage was first forged.
When was Thor’s C: drive created?
解密
2018-09-14 23:09:26
Challenge 5: Raven’s Ominous Gift
“Two ravens sit upon Odin’s shoulders: Huginn (thought) and Muninn (memory). But there is a third raven in Norse tales—one that follows Loki, a harbinger of mischief. They say this raven is inauspicious, a dark omen of trickery to come.”
In the final act of his infiltration, Loki left behind a parting gift—a file hidden in plain sight on Thor’s compromised machine. This raven’s message contains the truth you seek.
What secret message did Loki hide in the file he uploaded?
解密这个
得到RCTF{they always say Raven is inauspicious}
最后得到flagRCTF{Wh3n_Th3_R4v3n_S1ngs_4sg4rd_F4lls_S1l3nt}**
Asgard Fallen Down
“Asgard fallen down, fallen down, fallen down,
Asgard fallen down, my fair lightning…”The first breach was a lesson. The second breach was a catastrophe.
Loki returned, not with louder thunder, but with deeper silence. He learned from his defeat—learned that the best place to hide is not in darkness, but in the blinding light of chaos. This time, when he struck, he did so while Thor himself hammered at his gates.
Thor, determined to turn the tables, launched a full assault on Loki’s C2 infrastructure. Vulnerability scanners roared like Mjölnir’s thunder. Directory brute-forcers swept like Heimdall’s gaze across every path. The network burned with the fury of Asgard’s vengeance.
But Loki had already won.
Challenge 1: The First Command
After successfully infiltrating Thor’s machine, Loki’s agent came to life. Like all beginnings, the first action reveals intent.
Hidden among thousands of scanning requests and server responses, Loki issued his opening move—the first command that set his plan in motion.
Question: What was the first command Loki executed after his agent established connection?
Flag Format: complete_command (The exact command Loki sent to the agent)
干扰的流量太多,不太好找
在流207中发现类似连接成功的流量
解码看看,看到了熟悉的进程
同时我们注意到,响应包中有三个奇怪的base64字符串
解码看一下,发现第一个长度是32,第二个是16,猜测为AES的key和iv
继续往后看,在之后紧跟着的包中看到,一串神秘的base64
使用之前得到的密钥和iv可以成功解密
得到命令spawn whoami
然后在之后的
得到命令执行结果
Challenge 2: The Heartbeat
Thor’s attacks were chaotic—random intervals, sporadic bursts, the rhythm of fury. But Loki’s agent operated with cold precision.
Buried in the noise, the agent sent regular heartbeats back to its master, each pulse proving it remained alive and obedient. These signals followed a steady cadence, mechanical and unwavering.
Find the pattern. Find the pulse.
Question: How many seconds passed between each heartbeat of Loki’s agent?
Flag Format: integer (e.g., 30)
很明显之前的命令执行过程含有心跳包机制,在207流中很明显看到时间间隔是10s
Challenge 3: The Heart of Iron
“Every warrior has a heart that drives them. For mortals, it beats with blood. For machines, it pulses with silicon and electricity. Loki, ever curious, sought to know the very core of Thor’s weapon—the processor that powers his digital fortress.”
During his infiltration, Loki commanded his agent to enumerate the environment, cataloging every detail of Thor’s system. Among the mundane variables and paths, one piece of information reveals the machine’s very identity—its processor, the beating heart of computation.
Like a smith examining the forge that created a sword, Loki identified the specific metal and make of Thor’s processor.
Question: What processor model powers Thor’s machine?
Flag Format: Complete_Processor_Model_String (e.g., Intel64 Family 6 Model 85 Stepping 4, GenuineIntel
继续解密即可
找到响应包解密
得到答案Intel64 Family 6 Model 191 Stepping 2, GenuineIntel
Challenge 4: Odin’s Eye
“Odin sacrificed his eye to drink from Mimir’s well and gain wisdom. Loki needs no such sacrifice—he simply steals the sight of others.”
In the final moments before vanishing, Loki commanded his agent to capture what Thor’s own eyes were seeing—a snapshot of the screen, frozen in time. Within this stolen image lies evidence of Thor’s own weapons, the very tools he was using to hunt Loki.
The irony is exquisite: Thor’s scanner, visible on his own screen, was documented by the very enemy he sought to find.
Question: According to the screenshot Loki exfiltrated, which vulnerability scanning tool was Thor running at that moment?
Flag Format: ToolGithubRepoName (e.g., if the tool’s repository is https://github.com/user/AwesomeTool, answer AwesomeTool)
搜索关键词build:20251115可在2787流中找到本题的执行命令
发现之后有很多大块的响应包,猜测是可能图片base64后太大一次不好传输于是分段传输
正则匹配,解密
不知道为啥cbc没解出来,cbcnopadding出了
解密result
得到图片,工具是TscanPlus
Wanna Feel Love
She only wanted to sing.
She wants to tell you.
She just feels love.
Challenge 1
She only wanted to sing, but her voice was hidden in silence. What is this email trying to tell you? Look beyond what you hear — seek the whispers in the shadows, the comments that were never meant to be seen.
打开eml文件
邮件的内容感觉很眼熟,像我给新生出的垃圾邮件题,丢进去看看
得到Don't just listen to the sound; this file is hiding an 'old relic.' Try looking for the 'comments' that the player isn't supposed to see.
Challenge 2
She wants to tell you something, encoded in melodies. Within the digital symphony, her true voice emerges. What is the hidden message found in the XM file? The words she longed to sing, the feeling she wanted to share.
把附件提取出来
导出后在开头和结尾发现
没搜到openmrt,但是
怎么感觉出题人写错了,下载mpt导入看看
看到了类似摩斯密码的东西,但是不是,放大仔细看看
发现间隔非常整齐,50ms,猜测是01串
手敲一下
I Feel Fantastic heyheyhey
Challenge 3
She just feels love, and her legend once spread across YouTube. Her song touched hearts, but the original video on the YouTube platform has been removed — deleted, re-uploaded, distorted, like memories fading with time. Through the fragments of public records, find where her voice first echoed: the original video ID, upload date (YYYY-MM-DD), and the one who first shared her song.
搜索I Feel Fantastic heyheyhey
吓人什么东西
在wiki和yutube上找到一些关键信息
在I Feel Fantastic - YouTube还有其他网站可以找到
Video Id -rLy-AwdCOmI
Upload Date -2009-04-15
Uploader-Creepyblog
同时ai也可以直接做出来
Challenge 4
Her creator captured her voice, preserved in a 15-minute audio/video DVD. She only wanted to sing, and he gave her that chance. If you wish to purchase her album, to hear her songs of love, which link should you visit? After purchasing, who is the sender? And what is the actual creation year when these musical compositions first came to life?
Purchase Link-Android Music Videos
Sender - Chris Willis
Creation Year - 2004
我最开始以为是那个paypal的地址,但是是这个网站的地址,继续在下边这给网站中可以找到其他信息
同时结合这个图,确定发送者是Chris Willis
时间2004年
Challenge 5
Some called her creator a murderer, others said he built her out of love. She only wanted to sing. She wants to tell you. She just feels love. The truth lies in older archives — an obituary, a quiet memorial, where the story of her creator rests in digital silence. Find the developer’s digital grave. (URL, no trailing slash)
medium的评论区找到
RCTF{sh3_ju5t_f33ls_l0v3_thr0ugh_w1r3s_4nd_t1m3}