Promotion Party Flags


Gotta Collect Them All!

After this, there is no turning back. You take the blue pill—the story ends, you wake up in your bed and believe whatever you want to believe. You take the red pill—you stay in Wonderland, and I show you how deep the rabbit hole goes. Remember: all I’m offering is the truth.

Congratulations!

You found a hidden flag - I just love CTFs! Great job. Make sure you let me know at my reception for a special prize (full disclosure - it really will not be that special). For those unable to make the reception, you can send an email in absentia to [email protected], and I will both acknowledge your awesomeness at the ceremony as well as bad-mouth your inability to be there live. Sadly, I could not control too much of the invite website myself, but I did control enough to hide a flag … or two! Since you clearly share my love for puzzles, you are sure to love my custom “Cyber” version of Cranium at the reception. You might want to study up on your H4cK3R trivia (like the above quote!) ahead of time.

Please let me know if you can make it by sending an R.S.V.P.

You can also visit the original invitation:
https://einvitations.afit.edu/inv/anim.cfm?i=442139&k=06654008785E.

Last Note

There is nothing hidden on mjkranch.com [currently]. The only challenges are the two codes hidden in the invitation.

Solutions

I’ve received so many correct emails so far - many more than I expected. David Yang was the first complete solve with an awesome base64 encoded response. My mentor, Madeye (LTC W. Clay Moody), also went above and beyond in his submission, so much so that I want to share his solution with you all. Instead of just solving the problem, he actually scripted the solution; a through-back to the many hours we spent working on RunCode challenges. Below is his Python script. Enjoy!

Spoiler

from bs4 import BeautifulSoup as bs
url = "https://einvitations.afit.edu/inv/index.cfm?i=442139&k=06654008785E"

html = requests.get(url).text
soup = bs(html,features="html.parser")

links = soup.find_all('a')[:2]

flag0 = links[0]['href'].split('/')[-1].decode('base64')
print flag0.split('\n')[0]

flag1base64 = links[1]['href'].split('+')[-1].split('@')[0]
pad = len(flag1base64) % 4
equals = 4-pad
flag1 = (flag1base64 + equals * '=').decode('base64')
print flag1.split('\n')[0]

celebration