Navigate a DNS-based labyrinth by following CNAME records in four compass directions (up/down/left/right) and reading TXT records until one contains the flag. Depth-first search with a visited set prevents loops.
The server returns a word from a custom protocol. Wrap the response in the expected format — prepend ‘?’, uppercase, append ‘!’ — send it back, and the server returns the flag.
A sorted word list and a known sequence of binary-search response sizes pin down a unique word character by character. Reconstruct it by matching the precounted word counts at each prefix level.
A flag is hidden inside 3000 recursively nested ZIP archives. Loop backwards from flag3000.zip to flag1.zip, extracting and deleting each archive in turn until the innermost file is revealed.
100 nested password-protected ZIPs. Crack each archive’s password against the rockyou wordlist, extract, delete, and repeat — 100 times.