scavenger-hunt Points: 350 My friend told me he hid a flag for me on this server! Server: 0.cloud.chals.io SSH port: 24052 Username: jersey Password: securepassword ssh jersey@0.cloud.chals.io -P 24052 Solving Grepping through the remote filesystem did the trick 🙂 grep -ir "jctf{" /
recent-memory Points: 250 Use the memory image in the Google drive link below. An attacker left behind some evidence in the network connections. Follow the attacker’s tracks to find the flag. https://drive.google.com/drive/folders/1ubSx3pwHOSZ9oCShHBPToVdHjTev7hXL Solving Okay let’s analyze the memory file, I will use volitality3 for this. With this command we can get all net sessions stored in the memory. python vol.py
data-backup Points: 250 The backup of our data was somehow corrupted. Recover the data and be rewarded with a flag. Solving My first attempt is to restore the file from the backup with foremost or binwalk -e. So I tried it with binwalk and got some files. Also a PDF file, that contains the flag. jctf{fun_w17h_m461c_by735}
corrupted-file Points: 400 Can you find a way to fix our corrupted .jpg file? Solving First we check the corrupted file with file: $~: file flag_mod.jpg flag_mod.jpg: data Okay, then let’s look with hexedit or something similar, to look for further hints. Okay – I see the JFIF tag in there, but why could we open the image? I checked
would-you-wordle Points: 250 Someone left this secret text string and unfinished Wordle. Can you put them together to get the flag? pUpPHg3KfB15MG2KGtQQMDEECPOF8oa3VA== Solving Okay lets have a look at it. The hint tells us something about "Ron’s code". This should be RC4 according to this: RC4 (for ‚Ron’s Code 4‘) is a stream cipher developed by Ronald L. Rivest in
new-algorithm Points: 75 On the first day of the job, a new cryptography intern is insisting to upper management that he developed a new encryption algorithm for the company to use for sensitive emails and should get a raise. This seems too good to be true… are you able to prove the intern wrong by decrypting it? Here’s an example
SQLiLite Description Can you login to this website? Try to login here. Solving Connecting to the website will give us a login form. Assuming for a sql injection (title of the task) we try to login via ' or 1=1– for username and password. This works… the flag should be in plainsight… okay then the sourcecode or selecting everything again…
SQL Direct Description Connect to this PostgreSQL server and find the flag! The connectionsettings could be different on your side. psql -h saturn.picoctf.net -p 59911 -U postgres pico Password is ‚postgres‘ Solving With the given connectionstring we can log into the postgres database There we just need to ‚SELECT‘ what we want. With ‚\l‘ you can list the databases and
Secrets Description We have several pages hidden. Can you find the one with the flag? The website is running here. Solving Visiting the website does not really help… but the hint tells that there are some folders. Because gobuster or other fuzzing tools in CTF is not really nice to the infrastructure I tested the usual things: robots.txt -> nothing
Search source Description The developer of this website mistakenly left an important artifact in the website source, can you find it? The website is here. Solving Downloading whole website via ‚wget –recursive http://saturn.picoctf.net:56849/‘ Then you coud easily grep the sourcefiles for the flag. #!/bin/bash echo "Downloading website…" wget –recursive http://saturn.picoctf.net:56849/ > /dev/null 2>&1 echo "Changing DIR Name…" mv saturn.picoctf.net:56849 website