Torrent Analyze Description SOS, someone is torrenting on our network. One of your colleagues has been using torrent to download some files on the company’s network. Can you identify the file(s) that were downloaded? The file name will be the flag, like picoCTF{filename}. Captured traffic. Solving Loading the pcap file into wireshark and started looking at it. At the beginning
St3g0 Description Download this image and find the flag. Download image Solving Looking at the hint We know the end sequence of the message will be $t3g0. Okay, I did some google research with that $t3g0 and found an interessting article. Downloaded the script from the github repo run it with the image FLAG 🙂 #import libraries import sys import
Redaction gone wrong Description Now you DON’T see me. This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you find an important key that was not redacted properly? Solving Look at the pdf file… some text is redacted If it is done right, you cannot extract it, but we
Packets Primer Description Download the packet capture file and use packet analysis software to find the flag. Download packet capture Solving We got a pcap file… lets look into it… First lets check for low hanging fruits… with strings – ah there is the flag 🙂 The flag is in plainsight! Just remove the whitespaces You can use tr -d
Operation Orchid Description Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download compressed disk image Solving Check the file type of the file via file image It’s an image of a harddrive disk, to mount it, we need to calculate the
Operation Oni Description Download this disk image, find the key and log into the remote machine. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download disk image Remote machine: ssh -i key_file -p 60303 ctf-player@saturn.picoctf.net Solving Mounting the disk image (it is a msdos mbr partition… whole disk) Create
Lookey here Description Attackers have hidden information in a very large mass of data in the past, maybe they are still doing it. Download the data here. Solving Download File Cat File | grep picoCTF* You also can grep directly with grep -o "picoCTF{.*}" Feel free to use the getflag script. #!/bin/bash echo "Getting flag for you…" grep -o "picoCTF{.*}"
File types Description This file was found among some files marked confidential but my pdf reader cannot read it, maybe yours can. You can download the file from here. Solving The file Flag.pdf isn’t a pdf file If you check it with file Flag.pdf, you’ll see, that it is a shell archive Flag.pdf: shell archive text If you execute this
morse-code Description Morse code is well known. Can you decrypt this? Download the file here. Wrap your answer with picoCTF{}, put underscores in place of pauses, and use all lowercase. Solving The soundfile is a morse code You could either translate it by your self with the morse alphabet or use this link Change all characters to lowercase and replace
AAAAA AAAAA. That’s all Download AAAAA Okay – first of all, like always I run file on this AAAAA file. This will tell us, that this is a data file. After that, I tried binwalk. BĂ„M There is an image included. My colleague uses CyberChef for this. There you can import the file and run Extract files on. I just