During the Bugcrowd CTF, the participant solved various challenges that ranged from easy to medium difficulty:
For the Bank challenge, they realised that although withdrawals were not possible, there was a maximum amount that could be deposited, which led them to deposit the maximum possible amount of 2,147,483,548.
For the Exif metadata secrets challenge, they searched for the image using reverse image search engines and analysed the geolocation coordinates in the Exif data, finding the flag hidden there.
For the Nested Maze challenge, they noticed that the passwords for each nested zip file followed a sequence, which allowed them to access the final zip file without having to decrypt the others, and found the flag there.
For the dependency dilemma challenge, they found the flag in the GitHub repository amongst the commit history for the first commit.
For the Excel-sior challenge, they searched for hidden worksheets using the “UNHIDE” formula in Excel, and found the flag in a sheet named “Flag”.
For the Unicode war challenge, they used cURL to input the credentials, which recognised the non-ASCII characters, and logged in successfully.