PicoCTF 2019 Part 2

This flag gives a weird Text File that has the flag hidden inside. At first glimpse, without downloading the file, I figure it must be hidden as a txt file, but it is another file type. After downloading the file, I use the file command to read the kind of file it is. Upon reading the output, I notice that flag.txt is a PNG image file, so I changed the extension to png and used eye of gnome to view the png file and get the flag.

Flag = picoCTF{now_you_know_about_extensions}

First Grep
The title of this challenge gives an obvious hint as to what the command we are going to use is. Grep is going to be piped into the reading the file to find an expression that is being passed. I am going to use the cat command to read the file, then pipe grep and search the file for anything that begins with pico. So the command would look like this “cat file | grep pico”. Which gives the flag.

Flag = picoCTF{grep_is_good_to_find_things_eda8911c}

In this challenge, we are being challenged to use Netcat to comment to the shell server on port 32225 to get the flag. Netcat is used to read and write to TCP and UDP listening ports. When using the command, I am given the correct flag.

Flag= picoCTF{nEtCat_Mast3ry_b1d25ece}

This challenge required me to connect to the shell server using SSH and then to run a program. The knowledge necessary to run this challenge is how to run a program on a Linux environment. First, I connected using ssh to the shell server. Then I used the listing command ls to view the files in the directory. I noticed that a file named run_this is in the directory, so I ran the program using the command “./run_this.” Running that command returned the flag.

Flag = picoCTF{g3t_r3adY_2_r3v3r53}

This challenge required me to find a site that is not allowed to be seen by web scrapers. This challenge was named aptly for the type of file we are looking. When someone does not want google or other scrapers to find a site they may be hosting on their servers they use a file called robots.txt. This file is typically found by inputting the directory of the website and appending robots.txt at the end. I tried this and was given the robots.txt file. From there, we can view the file that is not allowed. As seen in the picture below, a file named 0194a.html is being disallowed.

When going to the file in question, the flag is seen.

Flag = picoCTF{calculating_Mach1n3s_0194a}

So Meta
In this challenge, we are given an image file that contains the flag. According to the name of the challenge, it is safe to assume that the flag is hidden in the metadata. I used a tool called exfiltool to extract the metadata out of the image file, and from there was able to see the flag under the artist’s header.

Flag = picoCTF{s0_m3ta_dc38ce45}

Strings it
In this file, we are given a program that has the flag hidden inside. The object is not to run the file, but to find it in the source code. Because the challenge is called strings it, I assume that I must have to use the strings command to find the data. The strings command shows the human-readable content within a file. What I decide to do is use strings to copy the information to another file that I can use grep. I use the strings command and the > operator to move all human-readable characters to a text document. This allows me to use grep to read anything that starts with pico from the text file.

Flag = picoCTF{5tRIng5_1T_d5b86184}

Vault Door Training
This challenge gives us a java program that is hiding the password. The java file is supposed to be used to determine if the user has input the correct password. If they have not, they are denied access. The password is hardcoded into the program, and the program is attempting to determine if the user input matches the hardcoded password. For this file, it is simple, read the source code and find the hardcoded password.

Flag = picoCTF{w4rm1ng_Up_w1tH_jAv4_3b50073Bc12}

This challenge is very similar to the vault door Training challenge; however, the programmer thinks they have hidden the password much better in the program. They have used the java charAt() command to hid the password. The charAt() command specifies the location of the character. If I wanted to construct the word pizza and I were to use the function charAt() with a parameter of 0, charAt(0) == ‘p’ && charAt(1) = ‘I’ and so forth I could spell out pizza. The developer has tried to use these out of order. The first thing I did was I used grep to find all of the lines that start with password.charAt. Then moved that to a file called vault.txt.

Next, I want to cut the file so that I can sort it. I use the bash command cut to cut out anything before the opening parenthesis.

Next. I use the bash command sort to sort the contents by number, and I have to write out the flag

Flag = picoCTF{d35cr4mbl3_tH3_cH4r4cT3r5_03f841}

picoCTF 2019 part 1


In the 2warm challenge, we are given a base 10 number, 42, and we have to change it to a binary base 2 number. I decided to use a python script to complete this challenge. Created an input that saves the number, converted the number to binary, and took out the leading two characters. Then I printed that to the command line, and it gave us the solutions.

Flag = picoCTF{101010}


This next challenge gives the flag encoded using ROT13 encryption. I decided to use python again for this operation. I created an input for the flag that stored the encrypted flag in a variable called rottenCode. Then decoded rottenCode using the codecs library in python and stored that in a variable called ripecode. I added a new step here where I added pyperclip to copy the code straight to the clipboard so that I could paste it much easier.

Flag = picoCTF{not too bad of a problem}

Glory of the Garden

At first, I tried to use hexedit to view the file. However, the file was too large to look through and view the flag. Even when I moved it to a text document it was not easy to grep. Instead I used Strings, and I pasted placed the output into a text file so that I could grep the output. I then grepped the output looking for the line that started with pico, which gave me the flag.

Flag = picoCTF{more_than)m33ts_the_3y31e0af5C7}

Lets Warm Up

This challenge requirement is that a hexadecimal value is converted to ASCII. This is another challenge that is great to solve with python. I imported codecs, saved the hex value into a variable called hexInput. Then decoded the hexInput using codecs. The string needs to be converted from bytes to UTF-8. Then printed the flag.

Flag = picoCTF{p}


This challenge offers a picture that has a bunch of numbers that needs to be converted to letters to find the flag. First look I noticed that it had the curly braces that are typical of the picoCTF flag, so I noted that it was likely the entire flag. Since each of the numbers was under 23 I figured it must be the location of the letter in an alphabet array. I used python to convert this one, as well. Using python I started by placing the alphabet into the variable alphabet. I set up two arrays, one to start the first half of the flag before the curly braces and the second array for the second half of the array. I iterated through the alphabet variable to find the letter that was at each spot in the alphabet variable. I realized that the variable would start at the location of zero, so I had to subtract one from each number in the arrays. Then I concatenated the values of the flag with the curly braces and printed the value of the variable picoFlag.



This was an easy flag that I was able to do in the terminal. First, I used wget to download the zipped file into my folder. I Unzipped the folder, then noticed there was a png file inside the zipped folder. Sometimes the file may be a png file, but upon further inspection you can notice that the file is something different. So I checked the file to ensure it was a png file, which was then used Eye of Gnut to open the image, which gave me the flag.

Flag = picoCTF{unz1pp1ng-1s3a5y}

Warmed up

In this challenge, the flag is a base 16 converted to a base 10. In other words a hexadecimal value needs to be converted into a decimal. I used python to find this flag, as well. I stored the value in a hexstring variable. Converted the hexstring to an integer, then printed the concatenated the flag wrappers with the value of the hexString variable and printed that to the command line, and copied it using pyperclip.

Flag = picoCTF{61}


This flag gives a website that you need to inspect to find the flag. The first thing I noticed was that the website mentioned HTML, CSS, and JS. This made me automatically think that the flags were going to be hidden in all three of the files in the source code.

I first checked the HTML source code and found the first 1/3 of the flag.

Next I viewed the CSS file and found the middle section of the flag.

Lastly, I found the last portion of the flag in the JavaScript file.

Flag = picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?1638abde7}