Git (100pts)


Do You Know! The current CTF you’re participating in is actually running on my BSCS final year project, called fypCTF. Why not take a peek and see if you can find anything interesting? Flag format: aupCTF{your-answer}


visiting the GitHub repo we can see the l33t words in a tag 5t4r-th3-r3p0




Flag: aupCTF{5t4r-th3-r3p0}



Ash (100pts)


Throughout my gaming journey, I have achieved the incredible feat of being a two-time back-to-back Combo Breaker Champion. I’m curious if you can find the exact count of tournaments I have emerged victorious in my primary game.

Flag format: aupCTF{count}


A quick Google search reveals that the challenge revolves around Arslan Ash, who impressively secured the title of Combo Breaker Champion two times in a row. Arslan Ash has emerged victorious in numerous tournaments

for reliable sports data, Liquipedia as a credible source. According to Liquipedia, Arslan Ash has won a total of 19 taken 7 tournaments.



Flag: aupCTF{19}



Centurion (100pts)


One of the oldest Institution created by the person in the photo. Your task is to find the institution created by him and find the first ever-batch strength and the date it opened.


Flag Format: aupCTF{dd/mm/yy_strengthofthebatch}


reverse search the image and you will find that the person in the photo is Sir Sahibzada Abdul Qayyum who created Islamia Collage Peshawar

you can find the creation date and the strength of first batch in the following 2 articles

Historical Background

The College began its instructional activities, six months later i.e on 1st October 1913.

Islamia College, Peshawar

The college, which began its educational voyage with just 33 students in 1913, became a full-fledged University in 2008.



Flag: aupCTF{1/10/1913_33}



Records (200pts)


Our website has been hacked, and the attackers have hidden a flag in an unexpected location in a txt. To find the flag, you’ll need to look beyond the usual pages and directories on our website. Keep in mind that the attackers may have used clever tricks to hide the flag, so you’ll need to be creative in your search. Remember, the flag may be hiding in plain sight, but you’ll need to know where to look. Good luck!



looking at the DNS records of using we can find the flag in the txt record




Flag: aupCTF{st0p-l00k1ing-my-dns-r3c0rds}



Wisdom (200pts)


I was curious to discover the total number of books present within our library. help me find it


Flag format: aupCTF{TotalBooks-TotalJournals}


By conducting a reverse image search, you can easily identify the location as the Library of Agriculture University Peshawar. Simply search for “Agriculture University Peshawar library” and you will come across the official webpage of the library, which can be found here.




Flag: aupCTF{113600-11605}



Don’t copyvio me (200pts)


I love Wikipedia because it’s free and open source to view - but I also hate it because people can remove content if they think it’s a “copyright violation” - even if it’s not. Our University kept having that happen to us - but thankfully our page looks pretty great right now!

Can you tell me who kept doing that to the university and the total bytes of data they deleted? Don’t use any commas.

Flag format: aupCTF{username_#}


Visit the Wikipedia page of Agriculture University Peshawar and click on “View History” to access the revision history. Perform a search for “copy” within the revisions, and you will discover a few relevant results. However, note the title “Don’t copyvio me”. Therefore, further searching for “copyvio” yields only two results, both made by user: Joelmills. On first time, he deleted approximately 10,003 bytes, and on second time, approximately 9,966 bytes were removed.



Flag: aupCTF{Joelmills_19969}



About-Face (300pts)


I’d love to work for a social media company when they’re just starting out. Imagine getting a job at thefacebook, I mean facebook, I mean Meta - whatever they want to go by these days, way back when?

Come to think of it, dropping the from their name was probably the smartest idea they ever had. My uncle said he applied for a role with their Network Operations team after he heard that they dropped ’the’ from their name, but never heard back and thinks it’s because the person he emailed left their job.

I don’t believe him, but he told me I can always reach out to the person he emailed to confirm. I doubt they still work there, but can you tell me the role he applied for and the first name of the person he reached out to? He said it should be easy to figure out - that team had only one role available that year and he applied before December.

Flag Format: aupCTF{role_title_firstname} All lowercase.


There are a few important points from the description:

  • when did facebook dropped the from Thefacebook? In 2005
  • when did his uncle applied for the job? before December 2005
  • his Uncle applied in the network operations team

It is well-known that Facebook changed its domain in 2005. Therefore, to gather information about Facebook prior to this change, we should explore the archives before December of that year. By utilizing the Wayback Machine and searching for, we can access numerous snapshots. Our focus lies on the year 2005, specifically before December.


Let’s examine the snapshot from November 27, 2005


Upon examining the jobs page, various positions are listed. However, the specific job we are interested in can be found within the operations department.




Flag: aupCTF{senior_linux_systems_administrator_robin}