Wei's

PicoCTF - speeds and feeds

26 Sep 2022

Challenge

Tags

PicoCTF 2021 / Reverse Engineering

Description

There is something on my shop network running at nc mercury.picoctf.net 16524, but I can’t tell what it is. Can you?

Prereguisite

G-code

Writeup

  1. Save G-code to the file 
    
 nc mercury.picoctf.net 16524 > g.gcode
  2. Go to this website and open g.gcode.
  3. Here’s flag ! picoCTF{num3r1cal_c0ntr0l_e7749028} ٩(^ᴗ^)۶

PicoCTF - Sleuthkit Intro

26 Sep 2022

Challenge

Tags

PicoCTF 2021 / Forensics / sleuthkit

Description

Description Download the disk image and use mmls on it to find the size of the Linux partition. Connect to the remote checker service to check your answer and get the flag. Note: if you are using the webshell, download and extract the disk image into /tmpnot your home directory.

Prereguisite

mmls, which is a tool of sleuthkit used to display the partition layout of a volume system (partition tables).

Writeup

  1. Download the file. 
        
 wget https://artifacts.picoctf.net/c/114/disk.img.gz
  2. Unzip. 
        
 gzip -d disk.img.gz
  3. Display the partition layout of a volume system (partition tables). 
        
 mmls disk.img
  4. nc saturn.picoctf.net 52279 and input 202752.
  5. Here’s flag ! picoCTF{mm15_f7w!} ٩(^ᴗ^)۶

PicoCTF - Safe Opener

26 Sep 2022

Challenge

Tags

PicoCTF 2022 / Reverse Engineering

Description

Can you open this safe?
I forgot the key to my safe but this program is supposed to help me with retrieving the lost key. Can you help me unlock my safe?
Put the password you recover into the picoCTF flag format like:
picoCTF{password}

Writeup

  1. Download the progrem SafeOpener.java. There is a method named openSafe used to check if password correct. String encodedkey is password which was transferd to byte array and encode.
  2. We can derive the password by decoding string encodedkey. Add four lines to openSafe method.
  3. Execute the program. Here’s flag! picoCTF{pl3as3_l3t_m3_1nt0_th3_saf3} ٩(^ᴗ^)۶

PicoCTF - Redaction gone wrong

26 Sep 2022

Challenge

Tags

PicoCTF 2022 / Forensics

Description

Now you DON’T see me.
This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you find an important key that was not redacted properly?

Prereguisite

pdftotext
You can download by sudo apt install poppler-utils.

Writeup

  1. Download the pdf. 
    
 wget https://artifacts.picoctf.net/c/264/Financial_Report_for_ABC_Labs.pdf
  2. Convert pdf to txt. 
    
 pdftotext Financial_Report_for_ABC_Labs.pdf
  3. Grep the flag. 
    
 cat Financial_Report_for_ABC_Labs.txt| grep pico
  4. Here’s flag! picoCTF{C4n_Y0u_S33_m3_fully} ٩(^ᴗ^)۶

PicoCTF - Matryoshka doll

25 Sep 2022

Challenge

Tags

PicoCTF 2021 / Forensics

Description

Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What’s the final one?
Image: this

Prereguisite

Binwalk, which is a tool for searching a given binary image for embedded files and executable code.

Writeup

  1. Download the file. 
    
 wget https://mercury.picoctf.net/static/205adad23bf9d8303081a0e71c9beab8/dolls.jpg
  2. Unzip the file 
    
 binwalk -e dolls.jpg
  3. Use ls command, we can see that there are one file(dolls.jpg) and one folder(_dolls.jpg.extracted). Second picture(2_c.jpg) is in _dolls.jpg.extracted/base_images.
  4. Repeat unzip like step 2 three times. 
    
 cd _dolls.jpg.extracted/base_images
 binwalk -e 2_c.jpg
 cd _2_c.jpg.extracted/base_images
 binwalk -e 3_c.jpg
 cd _3_c.jpg.extracted/base_images
 binwalk -e 4_c.jpg
 cd _4_c.jpg.extracted
  5. Now If we use ls command to list all file under the folder, there is a file named flag.txt !
  6. Here’s our flag. ٩(^ᴗ^)۶ 
    
 cat flag.txt
 # picoCTF{96fac089316e094d41ea046900197662}