# ACE CTF

| Name | category | | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | | [Buried Deep](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#buried-deep) | Web | | [Webrypto](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#webrypto) | Web | | [Token Of Trust](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#token-of-trust) | Web | | [Flag-fetcher](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#flag-fetcher) | Web | | [Bucket List](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#bucket-list) | Web | | [Broken Secrets](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#broken-secrets) | Forensics | | [Hidden in Traffic](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#hidden-in-the-traffic) | Forensics | | [Virtual Hard Disc](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#virtual-hard-disk) | Forensics | | [Fractured Frames](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#fractured-frames) | Forensics | | [Keyboard Echo](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#keyboard-echo) | Forensics | | [Tabs\&Spaces](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#tabs-and-spaces) | Steganography | | [Cryptic Pixels](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#cryptic-pixels) | Steganography | | [HeaderHijack](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#headerhijack) | Steganography | | [Fall of 2022](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#fall-of-2022) | Osint | | [The Symphony of Greatness](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#the-symphony-of-greatness) | Osint | | [For The Fans](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#for-the-fans) | Osint | | [A Little Extra Knowledge Is Dangerous](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#a-little-extra-knowledge-is-dangerous) | Cryptography | | [DONOTOPEN](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#donotopen) | Reverse Engineering | | [Insanity Check](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#insanity-check) | Misc | | [Hash Guesser](https://aurichia.gitbook.io/aurichia-docs/ctfs-tours/2025/ace-ctf#hash-guesser) | Misc | {% stepper %} {% step %} ### Buried Deep > "I’m not a hacker. I’m just someone who wants to make the world a little better. But the world isn’t going to change itself." > > Submit your answer in the following format: ACECTF{3x4mpl3\_fl4g} > > The flag content should be in lowercase letters only.

then after simple enumeration we can find something interesting in the css

we found the 3rd part of the flag? thats weird lol so lets just continue then i found

then i tried going in one by one and we can find the other 2 parts of the flags that are only encoded inside of those endpoints so you can just decode and craft the flag {% code overflow="wrap" %} ``` ACECTF{1nf1l7r47ing_7h3_5y57em_15_345Y_WH3N_Y0U_KN0W_WH3R3_7h3_53cr3t5_4r3_bur13d} ``` {% endcode %} {% endstep %} {% step %} ### Webrypto > I think we can all agree that most of us grew up watching the iconic cartoon Tom & Jerry. Every kid would feel that surge of adrenaline during the thrilling chases and chaotic conflicts between the mischievous mouse and the ever-determined cat. The excitement of those scenes—the heart-pounding moments of escape—sometimes felt almost real. > > But then, I heard a little rumor: what if all those chases were fake? What if Tom and Jerry were actually friends all along? That revelation shook me. I had no one to ask about this mind-bending twist, so I decided to take matters into my own hands—I created a web app to settle this question once and for all. > > I know the truth now. Do you think you can uncover it too?

so this challenge just reveals the backend logic of the challenge so first it will compare the value of tom and jerry and then also compare the md5 values after appending the values of tom and jerry to ACECTF #### exploit : so we can actually break the logic of the machine just buy inputting arrays to the php like\ endpoint/?tom\[]=1\&jerry\[]=2 so when they check the values of the array \[1] and \[2] are still different and then when they check the values of the md5 from tom / jerry should be possibly an array or NULL so imagine if it returns NULL if im not wrong then it will check if ACECTFNULL == ACECTFNULL ofcouse this will return true and the server will give us the flag

{% endstep %} {% step %} ### Token Of Trust > At first, this web app seems straightforward, but there’s something more lurking beneath the surface. It relies on a token for user authentication, but not everything is as secure as it seems. Look closely, and you might discover that the system’s trust can be manipulated. > > The secret is hidden within the way this token is used. Can you find the key to unlock what’s been concealed? The challenge is waiting for you to crack it. > > Submit your answer in the following format: ACECTF{3x4mpl3\_fl4g}

coming in the website we are getted by the main page that told us about going the /login with a POST header

going inside the login page he gave use a json payload for us to send to the website

after doing what he told us to do the server will return us a token that by experience we can already tell that this is a jwt cookie exploit after checking the /robots.txt we found the other endpoint called /flag that accepts the jwt cookie so changing the alg to none and changing the username to admin then removing the 3rd part of the jwt we have crafted our payload

{% endstep %} {% step %} ### Flag Fetcher > Hey guys, I created a flag fetcher using some web stacks & technologies. It was supposed to fetch the flag.webp image file which contains the flag but there was some kind of error in doing that. Can you verify it? Maybe just get the flag I don't really care if you fix it or not.

after coming in the link i saw that the web was suspicious after coming into the endpoint it has a delay then it automaticly redirects us to picture isnt this weird? talking about the redirect but also the delay so i went to intercept and check what was happening

after intercepting then a slight enumeration we can see that the server is taking lots of network that contains the flag and we solved the challenge {% endstep %} {% step %} ### Bucket List > You know what's a bucketlist? In simple terms, it's just a list of wishes people want to achieve before the leavee this world. I found it to be very limiting & ironic because how can you know when you'll leave the world behind? It's better to enjoy every moment and take on every opportunity you can. One of my whishes though is to pet a cat, do you mind checking this one out. So cute.

so we were greeted by this cute cat but looking at the url this is not normal it was using AWS bucketlist thing i forgot about the name but we can go to the original page

we can see that the server lists all of the endpoints now we just need to find the flag

just a simple search for txt we found this secret.txt file

we found a base64 data

simple decode and we got the flag {% endstep %} {% step %} ### Broken Secrets > You’ve found a suspicious file, but it seems broken and cannot be opened normally. Your goal is to uncover its secrets. > > Submit your answer in the following format: ACECTF{3x4mpl3\_fl4g}

when we check the file type it says 7z so i tried using 7z to extract the data

well this is weird word files? going inside the /media folder we can find a not suspicious folder literally

when we xxd we can see the IHDR chunk this is something thats common in pngs so lets try to fix it

we only need to fix the first byte of the picture then we can open the picture

{% endstep %} {% step %} ### Hidden in the traffic > A whistleblower tipped us off about a secret communication between two devices. We managed to intercept the network traffic, but the flag is hidden within the data. Your task is to analyze the provided PCAP file, uncover the hidden message, and extract the flag. > > Submit your answer in the following format: ACECTF{3x4mpl3\_fl4g} starting off the challenge we have to understand what the challenge is asking for it saying about a secret communication between two devices when we first open the file in pcap and when check the data theres a huge load of icmp data thats suspicious from that we can already suspect that icmp is the primary target cause we also know that icmp a protocol makes a devices can comminucate with other devices i will be using pyshark to get the data from the icmp packets in the capture file ```python import pyshark cap = pyshark.FileCapture("mys.pcapng", display_filter="icmp") hidden_message = b"" for packet in cap: if hasattr(packet.icmp, "data"): icmp_data = packet.icmp.data.replace(":", "") hidden_message += bytes.fromhex(icmp_data) print("Hidden Message:", hidden_message.decode("utf-8", errors="ignore")) ``` this will take all the data from the icmp packets > AABCDEFGHIJKLCABCDEFGHIJKLEABCDEFGHIJKLCABCDEFGHIJKLTABCDEFGHIJKLFABCDEFGHIJKL{ABCDEFGHIJKLpABCDEFGHIJKL1ABCDEFGHIJKLnABCDEFGHIJKL6ABCDEFGHIJKL\_ABCDEFGHIJKL0ABCDEFGHIJKLfABCDEFGHIJKL\_ABCDEFGHIJKLDABCDEFGHIJKL3ABCDEFGHIJKL4ABCDEFGHIJKL7ABCDEFGHIJKLhABCDEFGHIJKL}ABCDEFGHIJKLAABCDEFGHIJKLCABCDEFGHIJKLEABCDEFGHIJKLCABCDEFGHIJKLTABCDEFGHIJKLFABCDEFGHIJKL{ABCDEFGHIJKLpABCDEFGHIJKL1ABCDEFGHIJKLnABCDEFGHIJKL6ABCDEFGHIJKL\_ABCDEFGHIJKL0ABCDEFGHIJKLfABCDEFGHIJKL\_ABCDEFGHIJKLDABCDEFGHIJKL3ABCDEFGHIJKL4ABCDEFGHIJKL7ABCDEFGHIJKLhABCDEFGHIJKL}ABCDEFGHIJKL this is the output that we get i was a bit confused but then when i asked deepseek he seems to know the answer and created this script ```python # Input string data = "AABCDEFGHIJKLCABCDEFGHIJKLEABCDEFGHIJKLCABCDEFGHIJKLTABCDEFGHIJKLFABCDEFGHIJKL{ABCDEFGHIJKLpABCDEFGHIJKL1ABCDEFGHIJKLnABCDEFGHIJKL6ABCDEFGHIJKL_ABCDEFGHIJKL0ABCDEFGHIJKLfABCDEFGHIJKL_ABCDEFGHIJKLDABCDEFGHIJKL3ABCDEFGHIJKL4ABCDEFGHIJKL7ABCDEFGHIJKLhABCDEFGHIJKL}ABCDEFGHIJKLAABCDEFGHIJKLCABCDEFGHIJKLEABCDEFGHIJKLCABCDEFGHIJKLTABCDEFGHIJKLFABCDEFGHIJKL{ABCDEFGHIJKLpABCDEFGHIJKL1ABCDEFGHIJKLnABCDEFGHIJKL6ABCDEFGHIJKL_ABCDEFGHIJKL0ABCDEFGHIJKLfABCDEFGHIJKL_ABCDEFGHIJKLDABCDEFGHIJKL3ABCDEFGHIJKL4ABCDEFGHIJKL7ABCDEFGHIJKLhABCDEFGHIJKL}ABCDEFGHIJKL" # Split the string by "ABCDEFGHIJKL" parts = data.split("ABCDEFGHIJKL") # Extract the first character of each part (except the last one, which is empty) flag = "".join([part[0] for part in parts if part]) print("Extracted Flag:", flag) ```

{% endstep %} {% step %} ### Virtual Hard Disk > One of the first things I learnt when I started learning to hack was linux. It was fun until I hit a ceiling of understanding about the differences in Operating Systems, what's a Shell, Kernel, etc. > > But once I got better I started developing a liking towards the terminal and how the Linux operating system is `better` than say Windows, or `worse` in some cases. How none of them is superior, nor the other inferior. We shall find out with this challenge. > > Be careful, a lot of fake galfs around. cause we are going to work with disk things i forgot what its called im gonna use sleuthkit to solve it

then after we know where the offset it we can just do fls

we actually found some interesting stuff so lets try seeing what inside the so called flag

so the flag is not yet found so lets get a bit more info i saw one of the files also had a key

so theres also a key for this flag so i begin to think that this flag uses something like vigenere

and i was correct and solved the challenge {% endstep %} {% step %} ### Fractured Frames > A forensic investigator retrieved this image from a suspect’s device, but something isn’t right. The structure shows unusual modifications. Could it be that vital information was concealed rather than erased? > > Flag Format: ACECTF{3x4mpl3\_fl4g}

we were given a picture of me JK but the picture looks kinda cut so we can try resizing the picture and maybe find something

cause this file is a jpg file we can go to the bytes after FF C0 after 8 bits we can resize the picture i just added another 08

we found the flag {% endstep %} {% step %} ### Keyboard Echo > You have intercepted USB traffic from a device and captured the data in a .pcapng file. However, the keystrokes are encoded and need to be converted into readable text. > > Your task is to analyze the provided packet capture, extract the keystrokes, and reconstruct the original input. > > Flag Format: ACECTF{3x4mpl3\_fl4g} i actually never solved USB traffic thing ctf so i started by studying about the vulnerabilty

but then after i came across this web

we found this script that says it can convert the letters also? this is very handy so i used this payload {% code overflow="wrap" %} ```python # This script extracts the keypresses from a pcapng file. import os pcapng_filename = "abcd.pcapng" keypress_ids_filename = "keypress_ids.txt" # create the output for command_pcapng_to_keypress_ids = ( f"tshark -r '{pcapng_filename}' -T fields -e usb.capdata > {keypress_ids_filename}" ) print( f"Running the following bash command to convert the pcapng file to 00xx00000 nrs:\n{command_pcapng_to_keypress_ids}" ) os.system(command_pcapng_to_keypress_ids) # read keypress id file switcher = { "04": "a", # or A "05": "b", # or B "06": "c", # or C "07": "d", # or D "08": "e", # or E "09": "f", # or F "0A": "g", # or G "0B": "h", # or H "0C": "i", # or I "0D": "j", # or J "0E": "k", # or K "0F": "l", # or L "10": "m", # or M "11": "n", # or N "12": "o", # or O "13": "p", # or P "14": "q", # or Q "15": "r", # or R "16": "s", # or S "17": "t", # or T "18": "u", # or U "19": "v", # or V "1A": "w", # or W "1B": "x", # or X "1C": "y", # or Y "1D": "x", # or Z "1E": "1", # or ! "1F": "2", # or @ "20": "3", # or # "21": "4", # or $ "22": "5", # or % "23": "6", # or ^ "24": "7", # or & "25": "8", # or * "26": "9", # or ( "27": "0", # or ) "2D": "-", # or _ "2E": "+", # or = "2F": "[", # or { "30": "]", # or } "31": '"', # or | "33": ";", # or : "34": "'", # or " "35": "`", # or ~ "36": ",", # or < "37": ".", # or > "38": "/", # or ? } def readFile(filename): fileOpen = open(filename) return fileOpen file = readFile(keypress_ids_filename) print(f"file={file}") # parse the 0000050000000000 etc codes and convert them into keystrokes for line in file: if len(line) == 17: two_chars = line[4:6] try: print( f"line={line[0:16]}, relevant characters indicating keypress ID: {two_chars} convert keypres ID to letter: {switcher[two_chars]}" ) except: pass ``` {% endcode %}

running the code i seem to only find a part of the flag so i saved the data from the reader to a file then use another script to read the text

and we found the flag ACECTF{y0u\_h4v3\_f0und\_17} {% endstep %} {% step %} ### Tabs\&Spaces > A mysterious ZIP file containing a collection of images and a file has been discovered.The task is to retrieve the flag.

atfirst we extract the file we can find a folder filled with hidden picture but there was one picture that was unique than the other

when doing steghide the file seems to give a txt this is where the actual ctf is lol

PS i dont even know why i tried printing a file called "whitespace"

from what the challenge is called tabs and spaces we can try to get those and maybe change it to something like binary im just gonna use python to make stuff easier ```python with open("whitespace_flag.txt", "r") as file: content = file.read() binary_output = "" for char in content: if char == " ": binary_output += "0" elif char == "\t": binary_output += "1" print(binary_output) ```

{% endstep %} {% step %} ### Cryptic Pixels > This image looks normal at first, but something important is hidden inside. The secret is carefully concealed, making it hard to find. > > Your task is to explore the image, uncover the hidden message, and reveal what’s concealed. Do you have what it takes to crack the code and unlock the secret? > > Submit your answer in the following format: ACECTF{3x4mpl3\_fl4g} so from the desc we should read the desc carefully it says do you have what it takes to "crack" the code this will be useful later

there was embedded data inside the picture so after extracting

we were given 2 zips but im sure the flag is in the B8 file

so we actually need to crack the code to the zip we can just use zip3john then john using the most famous and overused wordlist

after cracking then extracting the password we actually got the flag

as usual in this ctf we still need to do extra stuff

using a rot13 bruteforce tool online we manage to get the flag and solved the challenge {% endstep %} {% step %} ### HeaderHijack > A secret agent's intercepted video file refuses to play. A mysterious checksum file was found alongside it. Your task is to repair the file and retrieve the flag... so first we were given a zip file and it gave us an mp4 when we do xxd we can see the moov byte so to fix this mp4 we also have to use the moov byte and fix the other parts of the header

we fixed the video and at the end of the video

thanks to peter breaking the stuffs we actually found the flag {% endstep %} {% step %} ### Fall of 2022 > It was a peaceful time — schools were over, college admissions were delayed, and COVID was slowly on the decline. It seemed like the perfect time to relax and check my phone for her txts. > > The funny thing is, I never got any. So I considered it just another gloomy year. > > Anyways, here’s the domain for this CTF: [acectf.tech](https://acectf.tech/) > > What? You already knew this domain? Oh, I guess you’ll have no trouble finding the flag then. > > Good Luck! the way he gave us a domain and not just a full url is sus so i tried doing nslookup

and we found the flag {% endstep %} {% step %} ### The Symphony of Greatness > Hey everyone, myself *modernlouis*. I remember starting to explore music outside of my native language years ago. Back then, I was just a kid, trying something completely new and unfamiliar. At first, I did it to feel included with others who were effortlessly singing along to the most popular songs of the time. > > Over the years, I listened to a *lot of artists*, but for a long time, I couldn’t settle on an all-time favorite. That changed during the recent pandemic. With all the extra time on my hands, I dove deeper into my love for music. Slowly and without even realizing it, I found myself drawn to a specific kind of sound. > > What kind of music, you ask? Well, not the ones filled with meaningless words just to make rhymes. Not the albums entirely focused on heartbreak stories. And definitely not the tracks made just to curse or diss someone—come on, let’s move past that. > > *I admire musicians who showcase raw vocal talent, seamlessly blend different genres, and have a a signature sound that was instantly recognizable and highly danceable.* > > Now, here’s the challenge: Your task is to figure out which band I’m talking about. The biggest hint? **Me...** > > Flag Format: The Flag is the band's name followed by their most streamed song, in this format: **ACECTF{band\_name\_song\_name}** > > Example: If the band is One Direction and their most streamed song is Night Changes, then the flag would be: ACECTF{0n3\_d1r3c710n\_n16h7\_ch4n635} so at first glance we can already see that he uses a weird word called *modernlouis*

after looking it up we found a band called modern talking

after seeing that we can try to submit the flag and not forget the flag format and we actually solved the challenge ACECTF{m0d3rn\_74lk1n6\_ch3r1\_ch3r1\_l4dy} {% endstep %} {% step %} ### For The Fans > Yo, I’ve lowkey always been a Drake fan, that’s why my username’s "**DrakeSaltyOVO**". It was literally everywhere on my dashboard until I had to take it down 'cause people just kept hating. But, like, that’s one thing I’ve always related to with my guy Drake, and honestly, I’ve been an even bigger fan ever since. 😂 Ya, laugh all you want, but I’m literally the only one with the flag fr, rofl! i lowkey was listening to not like us while listening to this so after my teammate found the twitter i decided to continue and help in finding the flag in the twitter he was talking about a blog so i searched up his username online

after searching his name in the website we found an account with the same username

when doing a base64 from that file header we can already know that its a 7z file so i created a script to save that into a script {% code overflow="wrap" %} ```python import base64 # Your Base64-encoded string encoded_string = "N3q8ryccAAQrDS+tIAAAAAAAAABqAAAAAAAAANGqpB7VL3HfX5dq2a0oNrtZRM2Hum9ExZnUSpeMMG2rzSg6lQEEBgABCSAABwsBAAIkBvEHARJTD3GIJuGJqEfIwbSE/71QeN8hIQEAAQAMIBwACAoBra6o3QAABQEZAQAREwBmAGwAYQBnAC4AdAB4AHQAAAAZABQKAQCfS+NlYELbARUGAQAgAAAAAAA=" # Decode the Base64 string decoded_data = base64.b64decode(encoded_string) # Save the decoded data to a file with open("output.bin", "wb") as file: file.write(decoded_data) print("Decoded data saved to 'output.bin'") ``` {% endcode %}

it was asking for a password i suddenly remembered that the twitter said something about the password and we can expect it was his birthday by confirming the time to crack and we found it 2000914

and we solved the challenge {% endstep %} {% step %} ### A Little Extra Knowledge Is Dangerous > Have you ever heard the quotes, *A little knowledge is a dangerous thing* and *In the land of the blind, the one-eyed man is king*? They strike me as deeply contradictory—one condemning the slightly knowledgeable, while the other exalts them. > > This contradiction highlights something unsettling: fairness doesn’t seem to exist in this world. Everyone seems to twist things to suit their own agendas, leading to divisions—arbitrary ones—where people impose their ideologies on others. > > What if we eliminated excess knowledge and these divisions altogether? Perhaps then we could live like illiterate cynics—but in peace. > > That’s the essence of this challenge I’m presenting to you. Or should I call it a sermon? we were given this file > QUNFQ1RGe/MV82dTM1NV95MHVfN3J1bmM0N/zNkXzdoM18zeDdyNF9rbjB3bDN/kNjNfcjRkMG1fNTdyMW42NjY2NjY2NjY2NjU1NTU1NTU1NV/94eHh4eHh4YmJieHh4eHh4Y2N/jY3h9 so i tried doing base 64

seems like this encoded are separated into parts to make it easier i made into parts too

by deleting the chars slowly and carefully i managed to extract the flag > ACECTF{1\_6u355\_y0u\_7runc473d\_7h3\_3x7r4\_kn0wl3d63\_r4d0m\_57r1n66666666666555555555\_xxxxxxxbbbxxxxxxccccx} and we solved the challenge {% endstep %} {% step %} ### DONOTOPEN > A suspicious script file seems to be hiding something important, but it refuses to cooperate. It's obfuscated, tampered with, and demands a password. Unravel the mystery to uncover the hidden flag. so we were given a file when i was checking the file using binwalk

thats weird so i extracted the data we were given a script that has some useless stuff that we can filter out and also a web request thing that i also moved to the bottom

{% code overflow="wrap" %} ```python print(FLAG_PREFIX % hashlib.blake2b(("ACE@SE7EN" + "Vansh").encode("utf-8")).hexdigest()[:32]) ``` {% endcode %} we can just print the above and we can actually get the actual flag without using any of the other distractions {% endstep %} {% step %} ### Insanity Check > You might've breezed through the easy Sanity Check, but this challenge is for true contenders! If you want to prove your sanity is as unhinged as mine, you’ll have to earn it. > > How, you ask? > > Back when we were building these CTF challenges, everyone would upload their carefully crafted puzzles, and I was the one reviewing them. But me being me—I rejected a ton of them, tossing them straight into the bin for all sorts of reasons. Naturally, my teammates started questioning my sanity, some even calling me insane. But if there was one thing that remained constant, it was the bin. Now, it’s your turn to dig in and you already know where to start... The same place where you proved you were sane! > > I think you must be in the Discord server by now - [https://discord.gg/R](https://discord.gg/BWYPxRQPSd)EDACTED

my friend managed to find a user called pastebin isnt this weird then after getting the hint

going inside the paste bin we found the flag {% endstep %} {% step %} ### Hash Guesser > Welcome to the only cracking challenge of ACECTF1.0, here we have a Hash that we need to crack. The target hash has been taken from a very famous wordlist which has around what 14 million passwords? Yeah, but it's not that simple, the target hash has been `base32 encoded` & then `reversed` before generating the `MD5 hash`. I guess that's enough information for you to start, good luck. so we are provided a code to reverse the stuff and we are provided a nc command to connect to the server so i tried stuffs weirdly the server tells us when a bit is right like 0/32 when we submit 32 0s we will get 0/32 but when we do all a we will get 1/32 that reminds me of a bitflip attack in picoctf while its different in use but still it could work so after brute forcing the nc we obtained the flag ACECTF{h45h\_cr4ck1n6\_r3qu1r35\_4\_l177l3\_w17} {% endstep %} {% endstepper %}