# picoCTF Writeup ## Forensics ### verify > We can use `sha256sum` and `grep` to find if SHA-256(any of the files) equals to the provided checksum ```bash= sha256sum files/ | grep checksum # You should get a single file ./decrypt.sh theFoundFile ``` ### Can You See? > We can use exiftool to check the metadata of any files ```bash= exiftool ukn_reality.jpg echo cGljb0NURntNRTc0RDQ3QV9ISUREM05fYTZkZjhkYjh9Cg== | base64 --decode ``` ### [Secret of the Polyglot](https://play.picoctf.org/practice/challenge/423) > If we check the file type by entering `file`，we will find that the file can be also opened in png format. ```ba! $ file flag2of2-final.pdf # then open the file by image viewer $ pdftotext flag2of2-final.pdf tmp.txt ``` ## General skills ### Blame game ```bash= git log message.py ``` ## Binary Exploitation ### [heap 0](https://play.picoctf.org/practice/challenge/438?originalEvent=73&page=1) memory layout 的介紹可參考: https://www.csie.ntu.edu.tw/~sprout/algo2019/homework/week3.pdf > overflow is also a concern for heap 輸入很大的 buffer 就可以破壞題目程式的安全性了。 ## Web ### Resources + [How to intercepting http traffic](https://portswigger.net/burp/documentation/desktop/getting-started/intercepting-http-traffic) ## useful commands 1. The `tr` command translates text from one set of characters to another, using a mapping. (caesar cipher) ``` cat .leftShift3 | tr "d-za-cD-ZA-C" "a-zA-Z" ``` 2. `sha256sum`: One of the commands that calculate hash value of a file ```bash! sha256sum filename.txt cmp hash1 hash2 ```