Try   HackMD

picoCTF2018

General Skills

General Warmup 1

題敘:

If I told you your grade was 0x41 in hexadecimal, what would it be in ASCII?

解法:

print(chr(0x41))

輸出:

A

flag:

picoCTF{A}

General Warmup 2

題敘:

Can you convert the number 27 (base 10) to binary (base 2)?

解法:

print(format(27,'b'))

輸出:

11011

flag:

picoCTF{11011}

General Warmup 3

題敘:

What is 0x3D (base 16) in decimal (base 10).

解法:

print(0x3D)

輸出:

61

flag:

picoCTF{61}

pipe

題敘:

During your adventure, you will likely encounter a situation where you need to process data that you receive over the network rather than through a file. Can you find a way to save the output from this program and search for the flag? Connect with 2018shell.picoctf.com 44310.

解法:
nc上後會噴一堆字串,可以使用pipe(|)來過濾

nc 2018shell.picoctf.com 44310 |grep picoCTF

flag:

picoCTF{almost_like_mario_a13e5b27}

Resources

題敘:

We put together a bunch of resources to help you out on our website! If you go over there, you might even find a flag! https://picoctf.com/resources (link)

解法:
網站裡面直接有flag了
flag:

picoCTF{xiexie_ni_lai_zheli}

grep 1

題敘:

Can you find the flag in file? This would be really obnoxious to look through by hand, see if you can find a faster way. You can also find the file in /problems/grep-1_2_ee2b29d2f2b29c65db957609a3543418 on the shell server.

解法:

grep "picoCTF" file

輸出:

picoCTF{grep_and_you_will_find_42783683}

flag:

picoCTF{grep_and_you_will_find_42783683}

net cat

題敘:

Using netcat (nc) will be a necessity throughout your adventure. Can you connect to 2018shell.picoctf.com at port 49387 to get the flag?

解法:
nc連上之後就會得到flag
flag:

picoCTF{NEtcat_iS_a_NEcESSiTy_8b6a1fbc}

strings

題敘:

Can you find the flag in this file without actually running it? You can also find the file in /problems/strings_0_bf57524acf558aca2081eb97ece8e2ee on the shell server.

解法:

strings strings | grep "picoCTF"

輸出:

picoCTF{sTrIngS_sAVeS_Time_c09b1444}

flag:

picoCTF{sTrIngS_sAVeS_Time_c09b1444}

grep2

題敘:

This one is a little bit harder. Can you find the flag in /problems/grep-2_1_ef31faa711ad74321a7467978cb0ef3a/files on the shell server? Remember, grep is your friend.

解法:
這題需要到網站上提供的shell
cd到/problems/grep-2_1_ef31faa711ad74321a7467978cb0ef3a/files
你會看到很多資料夾

grep "picoCTF" * -r

使用*選取所有可選檔案
使用-r讓它遞迴至所有資料夾
輸出:

picoCTF{grep_r_and_you_will_find_4baaece4}

flag:

picoCTF{grep_r_and_you_will_find_4baaece4}

Reversing

Reversing Warmup 1

題敘:

Throughout your journey you will have to run many programs. Can you navigate to /problems/reversing-warmup-1_0_f99f89de33522c93964bdec49fb2b838 on the shell server and run this program to retreive the flag?

解法:

strings run | grep "picoCTF"

輸出:

picoCTF{welc0m3_t0_r3VeRs1nG}

flag:

picoCTF{welc0m3_t0_r3VeRs1nG}

Reversing Warmup 2

題敘:

Can you decode the following string dGg0dF93NHNfczFtcEwz from base64 format to ASCII?

解法:

print(base64.b64decode('dGg0dF93NHNfczFtcEwz'))

輸出:

b'th4t_w4s_s1mpL3'

flag

picoCTF{th4t_w4s_s1mpL3}

Crypto

Crypto Warmup 1

題敘:

Crpyto can often be done by hand, here's a message you got from a friend, llkjmlmpadkkc with the key of thisisalilkey. Can you use this table to solve it?.

解法:

現在可知密文是`llkjmlmpadkkc`且金鑰是`thisisalilkey`
可從Table上從金鑰那欄找密文且看是哪個欄位對應
給個範例,第一個字是從`t`欄找`l`可知對應的字是`s`

flag:

picoCTF{SECRETMESSAGE}

Crypto Warmup 2

題敘:

Cryptography doesn't have to be complicated, have you ever heard of something called rot13? cvpbPGS{guvf_vf_pelcgb!}

解法:

import codecs rot13 = lambda s : codecs.getencoder("rot-13")(s)[0] rot13("cvpbPGS{guvf_vf_pelcgb!}")

輸出:

picoCTF{this_is_crypto!}

HEEEEEEERE'S Johnny!

題敘:

Okay, so we found some important looking files on a linux computer. Maybe they can be used to get a password to the process. Connect with nc 2018shell.picoctf.com 42165. Files can be found here: passwd shadow

解法:
使用工具John the Ripper來暴力破解

unshadow passwd shadow > crack
john crack

得到password後再nc上去輸入root和剛剛得到的密碼即可獲得flag

flag

picoCTF{J0hn_1$_R1pp3d_5f9a67aa}

John the Ripper

caesar cipher 1

題敘:

This is one of the older ciphers in the books, can you decrypt the message? You can find the ciphertext in /problems/caesar-cipher-1_3_160978e2a142244574bd048623dba1ed on the shell server.

解法:

將檔案打開發現 picoCTF{grpqxdllaliazxbpxozfmebotlvlicmr}
將grpqxdllaliazxbpxozfmebotlvlicmr取出並解密
利用工具解出justagoodoldcaesarcipherwoyolfpu

Caesar cipher tool
flag:

picoCTF{justagoodoldcaesarcipherwoyolfpu}

Forensics

Forensics Warmup 1

題敘:

Can you unzip this file for me and retreive the flag?

解法:

解壓縮後開啟圖片即可看到Flag

flag:

picoCTF{welcome_to_forensics}

Forensics Warmup 1

題敘:

Hmm for some reason I can't open this [PNG](Hmm for some reason I can't open this PNG? Any ideas?

解法:

透過file flag.png指令檢查檔案,可得知其為jpg檔
將副檔名改成.jpg即可

flag:

picoCTF{extensions_are_a_lie}

Desrouleaux

題敘:

Our network administrator is having some trouble handling the tickets for all of of our incidents. Can you help him out by answering all the questions? Connect with
nc 2018shell.picoctf.com 63299. incidents.json
備註:抓檔案可以用wget no-cheak-certificate 網址

解法:

連上去後回答三個問題
第一題:哪個src_ip出現最多次?
第二題:回答題目指定的src_ip連上過幾組不同的dst_ip?
第三題:輸出有幾組dst_ip(可重複)除以有幾組不同的file_hash(不可重複)的結果至小數點後第二位

flag:

picoCTF{J4y_s0n_d3rUUUULo_23fa6fa6}

Reading Between the Eyes

題敘:

Stego-Saurus hid a message for you in this image, can you retreive it?

解法:

使用zsteg掃過圖片即可看到flag

flag:

picoCTF{r34d1ng_b37w33n_7h3_by73s}

備註:
zsteg介紹&安裝

Recovering From the Snap

題敘:

There used to be a bunch of animals here, what did Dr. Xernon do to them?

解法:

binwalk掃過一次後可發現此檔案是由多個jpeg圖片檔所組成
接著下binwalk -D 'jpeg image:jpeg' animals.dd 即可拆出多張圖片,某圖片即為flag

flag:

picoCTF{th3_5n4p_happ3n3d}

admin panel

題敘:

We captured some traffic logging into the admin panel, can you find the password?

解法:

利用 wireshark 打開發現這目前在執行登入的動作
開始登入的時候發現系統噴需要用 admin 登入才會噴 flag 
所以他登出又重新登入並輸入 admin
在這裡就能找到 flag 了

flag:

picoCTF{n0ts3cur3_9feedfbc}

hex editor

題敘:

This cat has a secret to teach you.

解法:

strings掃過去即可得到flag

flag:

picoCTF{and_thats_how_u_edit_hex_kittos_22C1d865}

Truly an Artist

題敘:

Can you help us find the flag in this Meta-Material?

解法:

strings掃過去即可得到flag
(也可搭配grep)

flag:

picoCTF{look_in_image_7e31505f}

Web

Client Side is Still Bad

題敘:

I forgot my password again, but this time there doesn't seem to be a reset, can you help me? link

解法:

看F12,把flag拚起來即可

flag:

picoCTF{client_is_bad_d0ebbd}

Inspect Me

題敘:

解法:

分別到.html、.css取得flag

flag:

picoCTF{ur_4_real_1nspect0r_g4dget_e96dd105}

Irish Name Repo

題敘:

There is a website running at (link). Do you think you can log us in? Try to see if you can login!

解法:
進到Admin login後使用SQL injection來繞過密碼
→在Username中輸入' or 1=1 --
Login後即可得到flag
flag:

picoCTF{con4n_r3411y_1snt_1r1sh_f58843c5}

Logon

題敘:

I made a website so now you can log on to! I don't seem to have the admin password. See if you can't get to the flag. link

解法:
隨便輸入帳號密碼即可登入,登入後開啟F12查看Cookies
可看到admin的值為False,將False改為True後重新整理即可得到flag
flag:

picoCTF{l0g1ns_ar3nt_r34l_2a968c11}

No Login

題敘:

Looks like someone started making a website but never got around to making a login, but I heard there was a flag if you were the admin. link

解法:

添加一個cookie,名稱設為admin,值設為true
點Flag按鈕即可得到flag

flag:

picoCTF{n0l0g0n_n0_pr0bl3m_50e16a5c}

Secret Agent

題敘:

Here's a little website that hasn't fully been finished. But I heard google gets all your info anyway. link

解法:

將User-Agent的內容改為googlebot(如下)
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
傳送後即可看到flag

flag:

picoCTF{s3cr3t_ag3nt_m4n_dc320c11}

備註:
googlebot

Buttons

題敘:

There is a website running at link. Try to see if you can push their buttons.

解法:

觀察兩個button後,可發現第二個button在等待一個POST請求
→將button的請求方法由GET改為POST後傳送即可看到flag

flag:

picoCTF{button_button_whose_got_the_button_91f6f39a}

Mr. Robots

題敘:

Do you see the same things I see? The glimpses of the flag hidden away? http://2018shell.picoctf.com:15298 (link)

解法:
因為要找 robots
所以直接連上 http://2018shell.picoctf.com:15298/robots.txt
會發現

User-agent: *
Disallow: /c4075.html

接著直接連上 http://2018shell.picoctf.com:15298/c4075.html

flag:

picoCTF{th3_w0rld_1s_4_danger0us_pl4c3_3lli0t_c4075}
tags: picoCTF InformationSecurity