AlpacaHack Logo
Sign InSign Up
Daily AlpacaHack

A daily CTF challenge with a fun new puzzle every day

What is Daily AlpacaHack?

We publish one simple, beginner-friendly or educational CTF challenge every day!

Join Anytime

Solve within 24 hours of release to appear on the leaderboard.

Not a Competition

Discussion with friends or AI is welcome (account sharing is prohibited).

Solution Sharing Rules

Sharing solutions is allowed only after 24 hours have passed since release.

Solve stats

0

/29

No solved challenges yet.

Sign In to view your player stats

Today's Challenge
tchentchen
Nano Services
Web
Medium
16 solves
Submissions (latest 3)
rsk0315

SOLVED!

Jun 28, 5:20 PM

toomer

SOLVED!

Jun 28, 4:54 PM

syn9

SOLVED!

Jun 28, 4:35 PM

Leaderboard

Try the first challenge

Is this your first CTF? Let's begin by tackling the first challenge released on Daily AlpacaHack.

View challenge
admin
AlpacaHack 2100
Misc
Welcome🌱
1,924 solves
Upcoming challenges reveal the , , and in advance.
Prev

Jun 2026

Next
Solved
Unsolved
Upcoming
Mon
Tue
Wed
Thu
Fri
Sat
Sun
1
admin
Half-Year Recap
Misc
Welcome🌱
252 solves
2
minaminaominaminao
Cache Me If You Can
Web
Easy🌱
212 solves
3
minaminaominaminao
vm1
Misc
Medium
102 solves
4
pppp4649pppp4649
Small e
Crypto
Easy🌱
141 solves
5
minaminaominaminao
RPS GAME
Misc
Crypto
Medium
100 solves
6
nozokare
Flag for localhost
Web
Easy🌱
179 solves
7
tan90909090tan90909090
C++ flag checker
Rev
Hard
88 solves
8
shiragishiragi
Guess IP
Misc
Easy🌱
147 solves
9
nozokare
A Piece of DHKE
Crypto
Medium
83 solves
10
shiragishiragi
chmod-swapper
Misc
Medium
87 solves
11
tchentchen
Alpaca Certification
Web
Easy🌱
164 solves
12
rsk0315
Floating Equality
Misc
Medium
92 solves
13
pppp4649pppp4649
Elliptic Equation
Crypto
Hard
61 solves
14
tchentchen
CAuth
Web
Hard
71 solves
15
minaminaominaminao
SITE/2
Web
Easy🌱
125 solves
16
tan90909090tan90909090
Xored PNG
Misc
Medium
88 solves
17
tchentchen
Looks like Alpacahack
Web
Medium
86 solves
18
shiragishiragi
Catrunner 2
Misc
Medium
108 solves
19
minaminaominaminao
Flag Printer 20XX
Misc
Hard
64 solves
20
nozokare
xorshift521
Crypto
Hard
54 solves
21
k0080k0080
what-is-my-size
Pwn
Hard
66 solves
22
minaminaominaminao
✌️✌️✌️
Crypto
Easy🌱
91 solves
23
tchentchen
Secret Renderer
Web
Medium
83 solves
24
kanonkanon
honk the klaxon
Crypto
Medium
58 solves
25
colza
voyage
Misc
Easy🌱
92 solves
26
rsk0315
Decimal float 101.0
Misc
Medium
65 solves
27
bubububu
Style Your Alpaca
Web
Hard
54 solves
28
pppp4649pppp4649
Only forward
Pwn
Hard
54 solves
29
tchentchen
Nano Services
Web
Medium
16 solves
30
minaminaominaminao
Planned topicPython
Misc
Medium
1
admin
Planned topicWelcome
Misc
Welcome🌱
2
hiikunzhiikunz
Planned topicMathematics
Crypto
Easy🌱
3
tchentchen
Planned topicGeneral
Web
Easy🌱
4
hiikunzhiikunz
Planned topicJavaScript
Rev
Medium
5
Coming soon

Want a harder challenge?

Go to B-SIDE

Writeups

Writeup for Only forward: 3 Solutions

goroshirow

ja
Only forward

1 hour ago

nitcelcius

Writeup for Only forward

nitcelcius

ja
Only forward

2 hours ago

kakur41

Writeup for Daily AlpacaHack 6/21-6/27

kakur41

ja
Decimal float 101.0

+6

4 hours ago

kakur41

Writeup for Daily AlpacaHack 6/14-6/20

kakur41

ja
SITE/2

+6

4 hours ago

kakur41

Writeup for Daily AlpacaHack 6/7-6/13

kakur41

ja
C++ flag checker

+6

5 hours ago

kakur41

Writeup for Daily AlpacaHack 5/31-6/6

kakur41

ja
Half-Year Recap

+6

5 hours ago

kakur41

Writeup for Daily AlpacaHack 5/24-5/30

kakur41

ja
AlpacaForm

+6

6 hours ago

kakur41

Writeup for Daily AlpacaHack 5/17-5/23

kakur41

author
ja
Python:Impossible

+6

12 hours ago

kakur41

Writeup for Daily AlpacaHack 5/10-5/16

kakur41

ja
Bounds Checking

+6

13 hours ago

Writeup for AlpacaHack 2100

haruhana

ja
AlpacaHack 2100

13 hours ago

Rows:

Nano Services

Topic: XSSReleased: Jun 29, 2026

16 solves
Web
Medium

by

tchen

tchen

Very small services.

Beginner Hint 1: About the Admin Bot
  • In this challenge, you are given not only the web application itself but also an Admin Bot.
  • The Admin Bot has a cookie containing the flag, and it opens a specified path using headless Chrome.
  • Therefore, your goal is to make the Admin Bot trigger your payload and send the cookie value to an external server.
  • You can prepare your own server as the destination or use an existing service that lets you receive and inspect HTTP requests.
  • If you are not yet familiar with how to use the Admin Bot or how to inspect incoming requests, it may help to solve Fushigi Crawler first and read its writeup.
Beginner Hint 2: Approach
  • The cookie has the HttpOnly flag enabled. This means that even if you succeed in XSS, you cannot leak the cookie using document.cookie.
  • It looks like there are 3 functions you can choose from via the func parameter. Is that all?
nano-services.tar.gz

Please sign in to submit the flag.

descriptionsolves