Sign In Sign Up

Daily AlpacaHack

A daily CTF challenge with a fun new puzzle every day

What is Daily AlpacaHack?

We publish one simple, beginner-friendly or educational CTF challenge every day!

Join Anytime

Solve within 24 hours of release to appear on the leaderboard.

Not a Competition

Discussion with friends or AI is welcome (account sharing is prohibited).

Solution Sharing Rules

Sharing solutions is allowed only after 24 hours have passed since release.

Solve stats

0

/171

No solved challenges yet.

Sign In to view your player stats

Today's Challenge

Submissions (latest 3)

SOLVED!

May 20, 4:44 AM

SOLVED!

May 20, 4:38 AM

SOLVED!

May 20, 4:27 AM

Leaderboard

Period

Try the first challenge

Is this your first CTF? Let's begin by tackling the first challenge released on Daily AlpacaHack.

AlpacaHack 2100

Upcoming challenges reveal the , , and in advance.

May 2026

Solved

Unsolved

Upcoming

Mon

Tue

Wed

Thu

Fri

Sat

Sun

27

shiragi

Misc

Easy🌱

125 solves

28

serioton

Misc

Medium

75 solves

29

minaminao

permission denied

Misc

Hard

78 solves

30

minaminao

permission denied 2

Misc

Medium

78 solves

1

admin

Misc

Welcome🌱

228 solves

2

tchen

Alpaca Rangers 2

Web

Easy🌱

194 solves

3

pppp4649

Crypto

Easy🌱

148 solves

4

hiikunz

Web

Medium

141 solves

5

serioton

Misc

Medium

110 solves

6

trimscash

Pwn

Easy🌱

138 solves

7

minaminao

permission denied 3

Misc

Medium

110 solves

8

baumroll1234

Vending Machine

Misc

Easy🌱

168 solves

9

hiikunz

Crypto

Medium

112 solves

10

rsk0315

Bounds Checking

Pwn

Hard

83 solves

11

serioton

Rev

Easy🌱

119 solves

12

minaminao

Misc

Medium

101 solves

13

tchen

Super Short Python Golf

Misc

Medium

114 solves

14

minaminao

Equation Cipher

Crypto

Medium

99 solves

15

tan90909090

curl as a service

Web

Misc

Medium

104 solves

16

k0080

Please Link This

Pwn

Hard

71 solves

17

tan90909090

curl as a service 2

Web

Misc

Hard

81 solves

18

shiragi

Flag for Switch

Web

Easy🌱

127 solves

19

pppp4649

Crypto

Medium

91 solves

20

tchen

Web

Medium

52 solves

21

Planned topicPython

Misc

Medium

22

Planned topicOne-Time Password

Web

Medium

23

Coming soon

24

Planned topicCUDA

Rev

Hard

25

Coming soon

26

Coming soon

27

Coming soon

28

Coming soon

29

Coming soon

30

Planned topicXSS

Web

Hard

31

Planned topicStack

Pwn

Hard

Want a harder challenge?

Writeups

Writeup for Small d

tadanobutubutu

ja

12 hours ago

Daily AlpacaHackに挑戦するつくよみちゃん 05/19 crypto/small d/pppp4649

tsukuyomi-chan

ja

12 hours ago

Writeup for Small d

goroshirow

ja

13 hours ago

Writeup for Daily AlpacaHack 5/11-5/17

labpump

ja

curl as a service 2

+6

16 hours ago

Writeup for Flag for Switch

baumroll1234

ja

Flag for Switch

2026/05/18 22:06

Writeup for Flag for Switch

tadanobutubutu

ja

Flag for Switch

2026/05/18 19:58

Writeup for Flag for Switch

goroshirow

ja

Flag for Switch

2026/05/18 15:17

Daily AlpacaHackに挑戦するつくよみちゃん 05/18 web/Flag for Switch/shiragi

tsukuyomi-chan

ja

Flag for Switch

2026/05/18 15:09

Writeup for curl as a service 2

nitcelcius

ja

curl as a service 2

2026/05/18 12:54

コメントを入力 Daily AlpacaHackに挑戦するつくよみちゃん 05/17 web-misc/curl as a service 2/tan90909090

tsukuyomi-chan

ja

curl as a service 2

2026/05/17 17:13

Rows:

Kakuzuke

Topic: LFIReleased: May 20, 2026

52 solves

Medium

by

tchen

CTF Player Ranking Test

Beginner Hint 1: Overview of the Challenge

In POST /, you can read files under the choices directory.
The goal is to read /flag.txt.
Strings like ../ do not seem to be filtered, but the 5-character limit appears to prevent path traversal.

Beginner Hint 2: How to Approach the Challenge

The code assumes that req.body.choices is a string, but is that really true?
However, you cannot send JSON. You need to send the body as application/x-www-form-urlencoded.

kakuzuke.tar.gz

description solves