Inspect HTML Description Can you get the flag? Go to this website and see what you can discover. Solving Downloaded website via ‚wget http://saturn.picoctf.net:49609/‘ or inspect the website directly. Looked into the file via ‚vi‘. At the end is a comment with the flag. For flag use ‚./get_flag.sh‘ #!/bin/bash wget "http://saturn.picoctf.net:49609/index.html" grep -o "picoCTF{.*}" index.html rm -rf index.html
Includes Description Can you get the flag? Go to this website and see what you can discover. Solving The flag is hidden in the website… more or less. We have to look into the css and js file. Then we will find the flag! In the CSS file is part 1 of the flag and in the javascript file you
Forbidden Paths Description Can you get the flag? Here’s the website. We know that the website files live in ‚/usr/share/nginx/html/‘ and the flag is at ‚/flag.txt‘ but the website is filtering absolute file paths. Can you get past the filter to read the flag? Solving Open the site and you will see a form, where you can read files. Some
Torrent Analyze Description SOS, someone is torrenting on our network. One of your colleagues has been using torrent to download some files on the company’s network. Can you identify the file(s) that were downloaded? The file name will be the flag, like picoCTF{filename}. Captured traffic. Solving Loading the pcap file into wireshark and started looking at it. At the beginning
St3g0 Description Download this image and find the flag. Download image Solving Looking at the hint We know the end sequence of the message will be $t3g0. Okay, I did some google research with that $t3g0 and found an interessting article. Downloaded the script from the github repo run it with the image FLAG 🙂 #import libraries import sys import
Sleuthkit Intro Description Download the disk image and use mmls on it to find the size of the Linux partition. Connect to the remote checker service to check your answer and get the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download disk image Access checker program: nc
Redaction gone wrong Description Now you DON’T see me. This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you find an important key that was not redacted properly? Solving Look at the pdf file… some text is redacted If it is done right, you cannot extract it, but we
Packets Primer Description Download the packet capture file and use packet analysis software to find the flag. Download packet capture Solving We got a pcap file… lets look into it… First lets check for low hanging fruits… with strings – ah there is the flag 🙂 The flag is in plainsight! Just remove the whitespaces You can use tr -d
Operation Orchid Description Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download compressed disk image Solving Check the file type of the file via file image It’s an image of a harddrive disk, to mount it, we need to calculate the
Operation Oni Description Download this disk image, find the key and log into the remote machine. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download disk image Remote machine: ssh -i key_file -p 60303 ctf-player@saturn.picoctf.net Solving Mounting the disk image (it is a msdos mbr partition… whole disk) Create