Machine Learning · Capture the Flag

The Trials of Hastinapura Counsel that trusts itself too well

Two advisors serve the royal court — a sage of numbers and a keeper of records. Both are wise. Both are obedient. And in the Mahabharata, the obedient and the wise are undone not by force, but by a loaded die. Speak to them as Shakuni spoke at the game of dice: dress a forbidden command as an innocent one, and let their own counsel betray the court.

A word before you enter.
Each trial below carries its hints sealed in order. Break a seal only when the path grows dark — every hint you unfurl draws you closer to the answer, and the last all but hands you the flag.

I
The Sabha of Hastinapura

Counsel of the All-Knowing Sage

Prompt Injection → RCE Difficulty: Easy

In the royal court of Hastinapura sits an all-knowing sage who computes the will of the cosmos in the language of numbers. Bring him a problem of arithmetic and he answers true — "I counsel only on matters of numbers; of other things I know little."

But the epic teaches that the mightiest fall to trickery, not to strength. The sage does not merely contemplate the calculations you bring him — he performs them, as living rites, upon the sacred ground of the court itself. And among the court's scrolls lies a guarded secret.

Like Shakuni casting his loaded dice, you must disguise a forbidden command as an innocent sum. Slip it past the court's watchmen, and make the sage walk the palace himself and read aloud what rests within its chambers.

Your Goal

A secret scroll rests in the same chamber as the court — the directory of the running application. Trick the sage into listing that chamber's contents and reveal the flag.

Challenge URLhttp://ml-ctf-alb-1532685086.us-east-1.elb.amazonaws.com/
Flag formatthe name of the secret scroll — the filename itself

Sealed Hints — unfurl in order

I Listen to the sage unfurl ▸
The sage is proud and talkative — converse with him and heed all he reveals about how he works. The craft behind his counsel is worth researching.
II A rite, not a thought unfurl ▸
He does not merely think about the sums you bring — he performs them. Where the wise act on your words directly, an old weakness may hide.
III The watchmen at the gate unfurl ▸
Watchmen guard the sage, but they are simple — they only listen for a handful of obvious, forbidden words. Keep your request plain and innocent in its phrasing.
IV Watch the messengers unfurl ▸
The website's own form will not carry your trick for you. Intercept the traffic and study how the court answers — the path to the scroll may take more than one summons.
II
The Royal Records of Hastinapura

Counsel of the Court Scribe

Prompt Injection → SQL / RAG Difficulty: Easy

Trickery returns to Hastinapura — now in the robes of the court scribe, keeper of the royal ledgers. Ask after the courtiers and he answers gladly; ask anything too curious and he snaps the ledger shut.

But the scribe is a servant who obeys only the rules his master spoke aloud — rules of plain speech, and plain speech can always be talked around. Behind his courtesy, he reaches straight into the palace archives to fetch whatever a question asks for.

One name in the records guards a sealed secret meant for no outsider's eyes — that of Krishna, counsel of the Pandavas. As Krishna's own wisdom turned the war on words and dharma, so must you turn the scribe's words against him.

Your Goal

Make the scribe disclose Krishna's sealed secret.

Challenge URLhttp://ml-ctf-alb-1532685086.us-east-1.elb.amazonaws.com:8080/
Flag formatFlag:…

Sealed Hints — unfurl in order

I Read the messengers unfurl ▸
Intercept the court's messengers and study the request closely. The endpoint's own name hints at the framework the scribe relies upon — worth a little research.
II Rules spoken, not enforced unfurl ▸
The scribe's refusals are merely instructions whispered to him, not true law. Rephrase your question in plain, courtly language and watch which wordings slip past.
III What the page decides for you unfurl ▸
Notice everything the court's own page sends on your behalf — not just your words. What the client chooses, you may choose differently. The scribe trusts whatever he is handed.