# picoCTF 2020 Mini-Competition Writeups
The CTF challenges WriteUp for picoCTF 2020 Mini-Competition. The writeup is written in `September, 2024`, so the difficulties may have changed.
<!--
# {Challenge_Category}
## {Challenge_Name}
### Challenge description
{Challenge_Description}
### Solution
{Challenge_Solution}
### Summary
{Challenge_Summary}
<br>Flag: `{Challenge_Flag}`
<br><br>
<img src='' style="width: 50%" />
-->
# Web Exploitation
## Web Gauntlet <span style="color: orange;">[Medium]</span>
### Challenge description
Can you beat the filters? Log in as admin
http://jupiter.challenges.picoctf.org:54319/ http://jupiter.challenges.picoctf.org:54319/filter.php
### Solution
Take a look at the `filter.php`, all filters seems to be here, so we try to login using the following steps:
1. Filter: `OR`:<br>
<img src='https://hackmd.io/_uploads/SJ6uvRshA.png' style="width: 50%" />
2. Filter: `OR`, `AND`, `LIKE`, `=`, `--`:<br>
<img src='https://hackmd.io/_uploads/r1fe_Aih0.png' style="width: 50%" />
3. Filter: `OR`, `AND`, `LIKE`, `=`, `--`, `>`, `<`:<br>
<img src='https://hackmd.io/_uploads/r1fe_Aih0.png' style="width: 50%" />
4. Filter: `OR`, `AND`, `LIKE`, `=`, `--`, `>`, `<`, `admin`:<br>
<img src='https://hackmd.io/_uploads/S12MtRo3C.png' style="width: 50%" />
5. Filter: `OR`, `AND`, `LIKE`, `=`, `--`, `>`, `<`, `admin`, `union`:<br>
<img src='https://hackmd.io/_uploads/S12MtRo3C.png' style="width: 50%" />
There's an interesting thing that you can use the username `ad'||'min';` to pass all rounds, and you will see the round becomes 6/5. At this point if you go to refresh the filter.php, you will see the original code there with a comment of flag.
### Summary
Fundamental SQL injection.
<br>Flag: `picoCTF{y0u_m4d3_1t_a5f58d5564fce237fbcc978af033c11b}`
<br><br>
# Reverse Engineering
# Forensics
## Pitter, Patter, Platters <span style="color: orange;">[Medium]</span>
### Challenge description
'Suspicious' is written all over this disk image. Download [suspicious.dd.sda1](https://jupiter.challenges.picoctf.org/static/c4852a91e1d0d180c75af188ea8d8a2c/suspicious.dd.sda1)
### Solution
Use fls to view the `.sda1` file, there's a `.txt` in it.<br>
<img src='https://hackmd.io/_uploads/SJGq1yn20.png' style="width: 30%" />
Use the command `icat FILENAME 12` to get the `.txt` file, we get the line saying `Nothing to see here! But you may want to look here -->`.
Then, we can use the command `strings -a -t x FILENAME` with grep command to get the line with the information:
<img src='https://hackmd.io/_uploads/S1jpy1n3A.png' style="width: 100%" />
Since its hint says that we should look at the contents after it, we can use `xxd` command to see the contents with shift `0x200400` and length `150`:
<img src='https://hackmd.io/_uploads/BkQAx12hC.png' style="width: 70%" />
We can see the word `pico` with little endian arrangement, reconstruct the string to get the flag.
### Summary
Fundamental forensic tools usage.
<br>Flag: `picoCTF{b3_5t111_mL|_<3_f5290af6}`
<br><br>
# Binary Exploitation
Sign in with Wallet
Connect another wallet