HackMD
hello guys , just wanted to share wiht you few challenges(2-3) that had few solves due to how hard were in the picoCTF 2024.
GENERAL CATEGORY
DESCRIPTION
This challenge was all about shell escape and find a flag, it seems simple but actually took me 2 1/2 days solving it up i got the flag. With shell escape actuall this one was unique coz you were supposed to use number and symbols to move and play with the terminal until you get the flag
SOLUTION
I started the instance and i was given more information about the challenge such as ssh password and how to connect via ssh
The first approach i used to search which character was usufully here was that i started clicking special character on my keyboard and i found that few were allowed.
After knowing that '.,/,?,~' are allowed now i started digging deeper and see what else can this command do because
So the first command get me something that helped me to thing of the my next move, then i tried to add more argument to my first command
Now i have reach to the flag but damn it gave me permission denied seems i cant access the flag.
After knowing the location of the flag now i decide to move on and try this '~' since because we all know that '~' always print or take us to the working directory so i decide to text my theory if was true with this.
As you can see i managed to reach the same point by just adding another argument, here i was enjoying coz i was able to move around with this restricted terminal now lets find a way to execute the flag or bypass the permission denied.
After spending more time i found myself within a '/bin' directory
Now i tried every special character i have got with the '?', I tried this because I remembered when i was learning networking how to configure routers and switches you can use '?' as your help-menu to tell you which command should be next or even what option you have with your command(that was my idea) at that time.
This command gave me this output,
Solving this challenge was really pain so let me make it short here, if you want more details about it u can ping me anywhere u know u can find me.
N/B: but after some i found that i can execute the command with the bin/base64 but base64(contains characters) and characters a disabled so i found that you can use [!_]64 as base64 to execute the flag
resource 1:resouce 1
resource 2: resource2
FORENSIC CATEGORY
DESCRIPTION
SOLUTION
The challenge was easy one but you have to spend more time with it as a forensic investigator checking every corner and every angle, when i was solving this challenge it had only 130 solves globally, But it was really easy i did't imagine why I solved it within 2 days.
Lets start solving it,Download a disk image first and unzip it and It is always recommended that you have to extract the linux disk image within a /tmp directory am not a examiner but it is recommend most.
N/B: With disk image there many tools to use am goind to start with a command line tool.
i started checking partion first with the disk image
Now i started checking one partition at a time much carefully
N/B: With the first day with this challenge i didn't get anything i tried everything look every corner but could't get anything(i even cracked the root password and tried to login with ssh but nothing i got) and Then i shifted from command tool to GUI tools know as (autospy).
There are some few details u need to set up before starting using the tool
I have already set all chunk details such as case number, image location and so on.
Now after some time moving this tool i tried to search a '.txt' pattern coz i saw it earlier with the command line tool.
Now if we take a close look at this file patern we can see that a 'pic' and we know that our flag start with 'pico'
Follow the pattern now
Now try to join and follow the pattern finally the flag was
N/B: The rest of the forensic and general category were piece of cake thats Y had many solves AND is the reason i havent bother even trying making the writeup for them, it was just basic skills on linux and forensic
