Notifications
3RD PLACE TAKEN - LET'S GOOOOOOO!!!!!!
Third place has been claimed by sambot!! Big congrats on snagging the last cash prize of $100!!!
The rest of top 10 is still open and yours for the taking! Everyone in the top 10 will receive an exclusive 'CTF' T-shirt, along with some exclusive stickers, bomb stickers, and pins! They could be yours, you just gotta try harder ;)
Keep on hacking, friends!!!!
2ND PLACE CLAIMED - THERE'S MORE!?!?!?!?
Second place has been claimed by omaru! Congrats on the win!!!
omaru will be receiving $200 and merch.
Third place will receive $100 + merch. Keep at it friends!
1ST PLACE SNAGGED - BUT WAIT THERE'S MORE!?
First place has been claimed by silver_anth & pogo, and answers have been verified.
Congrats, my friends. You absolutely killed it.For everyone that still wants to go for it - there will be a monetary prize for the first independent competitor to complete the final challenge. It's still very worth it to take a shot. ;)
THE CTF IS NOW LIVE (UPDATED)
bash explode's new album is a capture the flag challenge. Every song title on the album is a hint to the challenge. This CTF consists of passive OSINT Recon, Music Theory, Audio Analysis, and a small portion of Network Penetration Testing.
To participate you should purchase the album at https://bashexplode.bandcamp.com/album/ctf
You can also scrape the audio or whatever on any streaming platform, but the compression might screw up some of the challenges*
This is meant to be an independent CTF. I know that is very hard to enforce. But please try to work independently and do not sure answers with others. Additionally, please do not post solutions anywhere online until the CTF is officially over September 28.
The only challenge that deals with active penetration testing is related to a database where you will find the credentials via recon. Do your best not to do any other active pentesting activity.
Each challenge answer can be attempted 10 times before failure. There are no spaces in any answer, if you think there are spaces remove them. phase cancellation, ur cmd, and post resolve do not require brackets {} for the answer.
Scope:
Recon - any bash explode related social media account, all official accounts are @bashexplode (all accounts are linked at https://bashexplode.com) [Nothing before 2022 will be relevant]; bashexplode.com, *.mp3.zip, *.wav.zip, *.explode.shMusic Theory/Audio Analysis - the tracks on the album
Penetration testing (you'll find creds somewhere, don't brute force it, if you break a server that's a bummer for everyone) - *.explode.sh
Reward:
The first place contestant that finishes the CTF will be rewarded $500 USD directly from bash explode, as long as malicious action was not used to gain the answers of the flags. (1st place will be asked to prove out the solution of every challenge)The top 10 contestants will receive an exclusive bash explode CTF T-Shirt (as long as you're comfortable sharing your address, otherwise if you're at DEFCON bash explode can get it to you)
The top 20 contestants will get bash explode pins and stickers
All rewards roll up, don't worry.
There may be an updated prize pool in the next few days. So keep at it.*If you can't afford the album for whatever reason, download it at: https://ctf.mp3.zip
UPDATE NOTES: ctf.explode.sh was changed to *.explode.sh independent clause was added prize pool may update note added
RULE UPDATE
DO NOT SHARE ANSWERS
This was originally meant to be an independent CTF. I know that is very hard to enforce. But please try to work independently.
Additionally, please do not post solutions online until the CTF is officially over September 28.
There may be an updated prize pool in the next few days. So keep at it.
THE CTF IS NOW LIVE
bash explode's new album is a capture the flag challenge. Every song title on the album is a hint to the challenge. This CTF consists of passive OSINT Recon, Music Theory, Audio Analysis, and a small portion of Network Penetration Testing.
To participate you should purchase the album at https://bashexplode.bandcamp.com/album/ctf
You can also scrape the audio or whatever on any streaming platform, but the compression might screw up some of the challenges*
The only challenge that deals with active penetration testing is related to a database where you will find the credentials via recon. Do your best not to do any other active pentesting activity.
Each challenge answer can be attempted 10 times before failure. There are no spaces in any answer, if you think there are spaces remove them. phase cancellation, ur cmd, and post resolve do not require brackets {} for the answer.
Scope: Recon - any bash explode related social media account, all official accounts are @bashexplode (all accounts are linked at https://bashexplode.com) [Nothing before 2022 will be relevant]; bashexplode.com, *.mp3.zip, *.wav.zip, ctf.explode.sh
Music Theory/Audio Analysis - the tracks on the album
Penetration testing (you'll find creds somewhere, don't brute force it, if you break a server that's a bummer for everyone) - ctf.explode.sh
Reward: The first place contestant that finishes the CTF will be rewarded $500 USD directly from bash explode, as long as malicious action was not used to gain the answers of the flags. (1st place will be asked to prove out the solution of every challenge)
The top 10 contestants will receive an exclusive bash explode CTF T-Shirt (as long as you're comfortable sharing your address, otherwise if you're at DEFCON bash explode can get it to you)
The top 20 contestants will get bash explode pins and stickers
All rewards roll up, don't worry.
*If you can't afford the album for whatever reason, download it at: https://ctf.mp3.zip
THE ALBUM IS LIVE ON BANDCAMP
BUY/LISTEN/DOWNLOAD HERE: https://bashexplode.bandcamp.com/album/ctf
JOIN THE DISCORD FOR SUPPORT
If you have any questions about the contest, please join the discord and choose the "hacker" role in the #roles channel. It will open up the the "CTF Zone" category with the #ctf-announcements, #ctf-general and #ctf-support
If any answers are posted or exposed anywhere you will be disqualified from the the challenge and relinquish your claim to the reward.
CHALLENGE OPENS IN AN HOUR
The challenge will open at midnight UTC. You may begin with the singles that have been released from the album:
- hold the lin3
- nostalgia per minute
- epoch
- post resolve
The album will be available on bandcamp at https://bashexplode.bandcamp.com/album/ctf in a few hours.
SIGN UP NOW
The contest rules and scope will drop when the album is officially released on August 3, 2023. There are absolutely no prerequisites besides having a working computer (a DAW will probably help too!). You can sign up now and even start doing some recon on some of my social media accounts (nothing prior to 2022 matters). You won't be able to enter any flags until the contest officially starts though. Good luck :)
Are you up for the challenge?
PRE-SAVE/PRE-ORDER THE ALBUM NOW
You can now pre-save 'CTF' on Spotify, and pre-order on iTunes! https://distrokid.com/hyperfollow/bashexplode/ctf
bash explode is releasing a new album!
bash explode's new album 'CTF' will be released on August 3rd, 2023. The album itself is a CTF. Good luck :)