picoCTF - HackMD

picoCTF === # Web ### [Secrets](https://play.picoctf.org/practice/challenge/296?category=1&page=3) #### 題目 We have several pages hidden. Can you find the one with the flag? #### 題解 - 從原始碼點到`/secret/assets/DX1KYM.jpg`發現發現只有一張圖片，往路徑前看，看到`/secret/`跳出**Finally. You almost found me. you are doing well**一樣看原始碼點`/hidden/file.css`沒東西，往前一層`/hidden/`跳出登入頁面，從原始碼點`/superhidden/login.css`往前一看，跳**Finally. You found me. But can you see me**在看原始碼就有flag了 ### [SQLiLite](https://play.picoctf.org/practice/challenge/304?category=1&page=4) #### 題目 Additional details will be available after launching your challenge instance. #### 題解 - 先隨便打一段登入看看，發現`SQL query: SELECT * FROM users WHERE name='xxx' AND password='xxx'`可以做SQL injection - 用`admin' or 1=1 --`登入後看原始碼裡有flag # Forensics ### [information](https://play.picoctf.org/practice/challenge/186?category=4&page=1) #### 題目 Files can always be changed in a secret way. Can you find the flag? #### 題解 - 找工具分析題目 [用](https://fotoforensics.com/analysis.php?id=18ae1bee97d1f6c33e050468fd47022391d07075.878136) - 從strings找到最怪的一段，試試看編碼，是到base64解出flag - ### [Disk, disk, sleuth!](https://play.picoctf.org/practice/challenge/113?category=4&page=2) #### 題目 Use `srch_strings` from the sleuthkit and some terminal-fu to find a flag in this disk image #### 題解 - `srch_strings dds1-alpine.flag.img | grep pico`在可辨識字串中找關鍵字pico - ### [hideme](https://play.picoctf.org/practice/challenge/350?category=4&originalEvent=72&page=1&tag=32) #### 題目 Every file gets a flag. The SOC analyst saw one image been sent back and forth between two people. They decided to investigate and found out that there was more than what meets the eye here. #### 題解 - `strings flag.png`看圖片中可輸出的字 - 看到下面有`secret/glag.pngUT` - 用`binwalk -eM flag.png`把片裡的檔案提出來 ![image](https://hackmd.io/_uploads/BkLdXvxwp.png) - 再到檔案裡看圖片就有flag了 ### [PcapPoisoning](https://play.picoctf.org/practice/challenge/362?category=4&originalEvent=72&page=1) #### 題目 How about some hide and seek heh? Download this file and find the flag. #### 題解 - 檔案是`.pcap`,把檔案丟到Wireshark裡分析 - 用`tcp contains "pico"`找符合的封包 - 找到封包後裡面有`flag` ![image](https://hackmd.io/_uploads/Skks3PxPa.png) ### [who is it](https://play.picoctf.org/practice/challenge/388?category=4&originalEvent=72&page=1) #### 題目 Someone just sent you an email claiming to be Google's co-founder Larry Page but you suspect a scam. Can you help us identify whose mail server the email actually originated from? Download the email file here. Flag: picoCTF{FirstnameLastname} #### 題解 - `cat`檔案後找到郵件伺服器的ip到whois查詢，再把擁有人的名子貼到`picoCTF{}`裡 ### [So Meta](https://play.picoctf.org/practice/challenge/19?category=4&originalEvent=1&page=1) #### 題目 Find the flag in this picture. #### 題解 - 用`strings`看圖片裡的可讀訊息，看到最後有flag