Welcome To

Saburra Capture The Flag



What is a capture the flag

Capture the flag (CTF) is traditionally known as an out door game played with two flags and two teams. The game is usually integrated into another game like paintball or spotlight to make it more interesting. The objective of capture the flag is in the name, capture the enemies flag and bring it to your flag to score.

A modern CTF exists that doesn't require teams but can be played with them, and plays out more like a race. A modern CTF is completely digital and requires lateral thinking to complete puzzles that reward players with flags. Flags are either a string of random characters for example an MD5 hash (a8db1d82db78ed452ba0882fb9554fc9).

What is Saburra

Saburra is an entry level capture the flag that anyone can enjoy even non technical players. Saburra's name comes from Latin and it simply means sand. The challenges are set out so that you can start any where, but they come colour coded to show some level of complexity they hold. If you are unsure or lost start by trying level null. Level null is a simple practice puzzle to get yourself into the groove of things.

Level null

Level I

Level II

Level III

Level IV

Level V


How to guide

Picking a challenge

Pick a challenge that seems the most fun or easiest to you. For example, my teacher taught me web design and I enjoy web design so I should start at "Bad web design". Don't be a sheep and start at "Steganography" just because its the first on the list.

Divide and conquer

If you are playing Saburra with a team try to divide challenges up between yourselves rather than all working on the same one. This will greatly increase the speed at which you complete challenges.


Read the challenge intro, it is there to help you understand the challenge and give context. Literally try everything you possibly can in a challenge, no action or thought is too stupid. Most of the challenge answers get figured out by users but are never attempted to score.

Flags and Submission

Saburra flags are a couple of words or a word acting like a password. You will know when you found one due to the word "Flag:" being before another word or words e.g. "bananasontoast". To check if your flag is correct click on the clipboard in the top right corner on any page. Type only the words after "Flag:" and they should all be lowercase except for a few exceptions. If at anytime you are confused ask one of the surrounding hosts.


Challenge Backgrounds and Definitions


Is the act of hiding information in plain sight. Steganography at its core is a secret that does not draw attention to itself. Think of steg as not only a way to encrypt a message but to also disguise it. This can be done with just about any digital media, images, movies and even music files. If a message can be encrypted and then hidden in plain sight you have succeeded in creating a steg object.

Password Cracking

This is pretty self explanatory but if you seem lost here is an explanation. Password cracking can be performed in a few different ways, brute force, dictionary, rainbow or a hybrid. Brute forcing entails an individual attempting every possibility until the object unlocks. Dictionary attacks are a pre made file full of passwords that are then tested like a brute force. A hybrid involves mixing words from a dictionary and then altering small sections while repetitive testing, for example "adam" is in the dictionary and then the brute force method adds "1900" then the next attempt will be "1901" so on so forth.


Are small files stored on a users computer while they browse the internet. These files hold small amounts of data regarding their activity on websites. For example remember password or usernames, language type, theme settings, ect.

Bad Web Design

Coming soon

Reverse Engineering

Coming soon


Coming soon

SQL Injection

Coming soon

The Button

Coming soon


Web designer


Helpers and challenge makers

Adam, George and Connor

Hidden Flag: fylacterium