General Skill Writeup
- 2Warm - Points: 50
- Lets Warm Up - Points: 50
- Warmed Up - Points: 50
- Bases - Points: 100
- First Grep - Points: 100
- Resources - Points: 100
- strings it - Points: 100
- what's a net cat? - Points: 100
- Based - Points: 200
- First Grep: Part II - Points: 200
- plumbing - Points: 200
- whats-the-difference - Points: 200
- where-is-the-file - Points: 200
- flag_shop - Points: 300
- mus1c - Points: 300
Table of Contents
- 2Warm - Points: 50
- Can you convert the number 42 (base 10) to binary (base 2)?
Hint: Submit your answer in our competition's flag format. For example, if you answer was '11111', you would submit 'picoCTF{11111}' as the flag.
42 (base 10) = 101010 (base 2)
picoCTF{101010}
- Lets Warm Up - Points: 50
- If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?
Hint: Submit your answer in our competition's flag format. For example, if you answer was 'hello', you would submit 'picoCTF{hello}' as the flag.
0x70 hex = p in ASCII
picoCTF{p}
- Warmed Up - Points: 50
- What is 0x3D (base 16) in decimal (base 10)
Hint: Submit your answer in our competition's flag format. For example, if you answer was '22', you would submit 'picoCTF{22}' as the flag.
Simply convert the number
picoCTF{61}
- Bases - Points: 100
- What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases
Hint: Submit your answer in our competition's flag format. For example, if you answer was 'hello', you would submit 'picoCTF{hello}' as the flag.
$ echo bDNhcm5fdGgzX3IwcDM1 | base64 --decode
picoCTF{l3arn_th3_r0p35}
- First Grep - Points: 100
- Can you find the flag in file? This would be really tedious to look through manually, something tells me there is a better way. You can also find the file in /problems/first-grep_2_04dbf496b78e6c37c0097cdfef734d88 on the shell server.
Hint: grep tutorial
$ grep -oE "picoCTF{.*}" file
picoCTF{grep_is_good_to_find_things_bf6aec61}
- Resources - Points: 100
- We put together a bunch of resources to help you out on our website! If you go over there, you might even find a flag! https://picoctf.com/resources (link)
Hint:
Copy the flag from the page
picoCTF{r3source_pag3_f1ag}
- strings it - Points: 100
- Can you find the flag in file without running it? You can also find the file in /problems/strings-it_3_8386a6aa560aecfba03c0c6a550b5c51 on the shell server.
Hint: man strings
$ strings file | grep -oE "picoCTF{.*}"
picoCTF{5tRIng5_1T_c7fff9e5}
- what's a net cat? - Points: 100
- Using netcat (nc) is going to be pretty important. Can you connect to 2019shell1.picoctf.com at port 21865 to get the flag?
Hint: nc tutorial
$ nc 2019shell1.picoctf.com 21865
picoCTF{nEtCat_Mast3ry_4fefb685}
- Based - Points: 200
- To get truly 1337, you must understand different data encodings, such as hexadecimal or binary. Can you get the flag from this program to prove you are on the way to becoming 1337? Connect with nc 2019shell1.picoctf.com 20836.
Hint: I hear python can convert things.
Hint: It might help to have multiple windows open
Use different converter
- binary to text
- octal to text
- hex to text
picoCTF{learning_about_converting_values_6cdcad0d}
- First Grep: Part II - Points: 200
- Can you find the flag in /problems/first-grep--part-ii_3_b4bf3244c2886de1566a28c1b5a465ae/files on the shell server? Remember to use grep.
Hint: grep tutorial
$ ssh 2019shell1.picoctf.com
$ cd /problems/first-grep--part-ii_3_b4bf3244c2886de1566a28c1b5a465ae/files
$ grep -oE "picoCTF{.*}"
picoCTF{grep_r_to_find_this_3675d798}
- plumbing - Points: 200
- Sometimes you need to handle process data outside of a file. Can you find a way to keep the output from this program and search for the flag? Connect to 2019shell1.picoctf.com 57911.
Hint: Remember the flag format is picoCTF{XXXX}
Hint: What's a pipe? No not that kind of pipe... This kind
$ nc 2019shell1.picoctf.com 57911 | grep -oE "picoCTF{.*}"
picoCTF{digital_plumb3r_931b2271}
- whats-the-difference - Points: 200
- Can you spot the difference? kitters cattos. They are also available at /problems/whats-the-difference_0_00862749a2aeb45993f36cc9cf98a47a on the shell server
Hint: How do you find the difference between two files?
Hint: Dumping the data from a hex editor may make it easier to compare.
with open('./kitters.jpg', 'rb') as f:
kitters = f.read()
with open('./cattos.jpg', 'rb') as f:
cattos = f.read()
flag = ''
for i in range(min(len(kitters), len(cattos))):
if kitters[i] != cattos[i]:
flag += cattos[i]
print flag
picoCTF{th3yr3_a5_d1ff3r3nt_4s_bu773r_4nd_j311y_aslkjfdsalkfslkflkjdsfdszmz10548}
- where-is-the-file - Points: 200
- I've used a super secret mind trick to hide this file. Maybe something lies in /problems/where-is-the-file_2_f1aa319cafd4b55ee4a60c1ba65255e2.
Hint: What command can see/read files?
Hint: What's in the manual page of ls?
$ ssh 2019shell1.picoctf.com
$ cd /problems/where-is-the-file_2_f1aa319cafd4b55ee4a60c1ba65255e2
$ cat .cant_me_see
picoCTF{w3ll_that_d1dnt_w0RK_30444bc6}
- flag_shop - Points: 300
- There's a flag shop selling stuff, can you buy a flag? Source. Connect with nc 2019shell1.picoctf.com 3967.
#include < stdio.h>
#include < stdlib.h>
int main()
{
setbuf(stdout, NULL);
int con;
con = 0;
int account_balance = 1100;
while(con == 0) {
printf("Welcome to the flag exchange\n");
printf("We sell flags\n");
printf("\n1. Check Account Balance\n");
printf("\n2. Buy Flags\n");
printf("\n3. Exit\n");
int menu;
printf("\n Enter a menu selection\n");
fflush(stdin);
scanf("%d", &menu);
if(menu == 1) {
printf("\n\n\n Balance: %d \n\n\n", account_balance);
}
else if(menu == 2) {
printf("Currently for sale\n");
printf("1. Defintely not the flag Flag\n");
printf("2. 1337 Flag\n");
int auction_choice;
fflush(stdin);
scanf("%d", &auction_choice);
if(auction_choice == 1) {
printf("These knockoff Flags cost 900 each, enter desired quantity\n");
int number_flags = 0;
fflush(stdin);
scanf("%d", &number_flags);
if(number_flags > 0) {
int total_cost = 0;
total_cost = 900*number_flags;
printf("\nThe final cost is: %d\n", total_cost);
if(total_cost <= account_balance) {
account_balance = account_balance - total_cost;
printf("\nYour current balance after transaction: %d\n\n", account_balance);
}
else{
printf("Not enough funds to complete purchase\n");
}
}
}
else if(auction_choice == 2) {
printf("1337 flags cost 100000 dollars, and we only have 1 in stock\n");
printf("Enter 1 to buy one");
int bid = 0;
fflush(stdin);
scanf("%d", &bid);
if(bid == 1) {
if(account_balance > 100000) {
FILE *f = fopen("flag.txt", "r");
if(f == NULL) {
printf("flag not found: please run this on the server\n");
exit(0);
}
char buf[64];
fgets(buf, 63, f);
printf("YOUR FLAG IS: %s\n", buf);
}
else{
printf("\nNot enough funds for transaction\n\n\n");
}
}
}
}
else{
con = 1;
}
}
return 0;
}
Hint: Two's compliment can do some weird things when numbers get really big!
- In order to solve this challenge, as the hint suggest us, an overflow is needed. So the only possibility here is to overflow the total_cost variable by inserting an high number of desidered flags (please notice, the value shouldn't be to high otherwise the program could crash).
$ nc 2019shell1.picoctf.com 3967
# Enter a menu selection
$ 2
# ...
# Currently for sale
# 1. Defintely not the flag Flag
# 2. 1337 Flag
$ 1
# ...
# These knockoff Flags cost 900 each, enter desired quantity
$ 12232121
# ...
# Enter a menu selection
$ 2
# ...
# Currently for sale
# 1. Defintely not the flag Flag
# 2. 1337 Flag
$ 2
# ...
# 1337 flags cost 100000 dollars, and we only have 1 in stock
# Enter 1 to buy one:
$ 1
picoCTF{m0n3y_bag5_cd0ead78}
- mus1c - Points: 300
- I wrote you a song. Put it in the picoCTF{} flag format
Pico's a CTFFFFFFF
my mind is waitin
It's waitin
Put my mind of Pico into This
my flag is not found
put This into my flag
put my flag into Pico
shout Pico
shout Pico
shout Pico
My song's something
put Pico into This
Knock This down, down, down
put This into CTF
shout CTF
my lyric is nothing
Put This without my song into my lyric
Knock my lyric down, down, down
shout my lyric
Put my lyric into This
Put my song with This into my lyric
Knock my lyric down
shout my lyric
Build my lyric up, up ,up
shout my lyric
shout Pico
shout It
Pico CTF is fun
security is important
Fun is fun
Put security with fun into Pico CTF
Build Fun up
shout fun times Pico CTF
put fun times Pico CTF into my song
build it up
shout it
shout it
build it up, up
shout it
shout Pico
Hint: Do you think you can master rockstar?
- This challenge is based on the Rockstar programming language which is a dynamically typed Turing-complete programming language designed for creating computer programs that are also song lyrics. To decode the message an online interpreter has been used (link). Since the output is in ascii, python help us to decode it
ascii_str = "114 114 114 111 99 107 110 114 110 48 49 49 51 114 "
print("picoCTF{", end='')
for c in ascii_str.split():
print(chr(int(c)), end='')
print('}\n', end='')
picoCTF{rrrocknrn0113r}