# PICOCTF AFRICA 2022 WRITEUPS This is an annual cyber security challenge (CTF) based on Afica that we were invited to play under our University of Dodoma consist five categories as seen below ---  ## WEB EXPLOITATION ### includes | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Can you get the flag? Go to this website and see what you can discover. url : http://saturn.picoctf.net:52895/ **solution** you solutions goes here --- ### Inspect HTML | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Can you get the flag? Go to this website and see what you can discover. url : http://saturn.picoctf.net:59430/ **solution** you solutions goes here --- ## CRYPTOGRAPHY ### basic-mod1 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description**  **solution**  --- ### basic-mod2 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description**  **solution**  --- ### transposition-trial | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description**  **solution**  --- ### substitution0 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description**  **solution**  --- ### substitution1 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description**  **solution** [Here](https://www.guballa.de/substitution-solver) is where I got clear solution  --- ### substitution2 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description**  **solution** Same as substitution1 [Here](https://www.guballa.de/substitution-solver) is where I got clear solution  --- ## REVERSE ENGINEERING ### file-run1 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** A program has been provided to you, what happens if you try to run it on the command line? Download the program here. url : https://artifacts.picoctf.net/c/312/run **solution** you solutions goes here --- ### file-run2 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Another program, but this time, it seems to want some input. What happens if you try to run it on the command line with input "Hello!"? url : https://artifacts.picoctf.net/c/355/run **solution** you solutions goes here --- ## FORENSICS ### Redaction gone wrong | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Now you DON’T see me. This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you find an important key that was not redacted properly? url : https://artifacts.picoctf.net/c/264/Financial_Report_for_ABC_Labs.pdf **solution** i downloaded a pdf file and i can see a som word with black shade ,  from here, to solve this i highlighted the whole document then paste to text file then boom i got solution  flag : picoCTF{C4n_Y0u_S33_m3_fully} --- ### Enhance! | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Download this image file and find the flag. url : https://artifacts.picoctf.net/c/140/drawing.flag.svg **solution** you solutions goes here --- ### File types | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** This file was found among some files marked confidential but my pdf reader cannot read it, maybe yours can. url : https://artifacts.picoctf.net/c/327/Flag.pdf **solution** you solutions goes here --- ## BINARY EXPLOITATION ### basic-file-exploit | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Can you get the flag? Go to this website and see what you can discover. url : http://saturn.picoctf.net:59430/ **solution** you solutions goes here --- ### buffer overflow 0 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Smash the stack Let's start off simple, can you overflow the correct buffer? The program is available [here](https://artifacts.picoctf.net/c/524/vuln). You can view source [here](https://artifacts.picoctf.net/c/524/vuln.c). And connect with it using: nc saturn.picoctf.net 55986 url : http://saturn.picoctf.net:59430/ **solution** you solutions goes here --- ### buffer overflow 1 | Name | Points | solved By | | -------- | -------- | -------- | | Text | Text | Text | --- **Description** Control the return address Now we're cooking! You can overflow the buffer and return to the flag function in the program. url : https://artifacts.picoctf.net/c/254/vuln **solution** source code ``` #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include "asm.h" #define BUFSIZE 32 #define FLAGSIZE 64 void win() { char buf[FLAGSIZE]; FILE *f = fopen("flag.txt","r"); if (f == NULL) { printf("%s %s", "Please create 'flag.txt' in this directory with your", "own debugging flag.\n"); exit(0); } fgets(buf,FLAGSIZE,f); printf(buf); } void vuln(){ char buf[BUFSIZE]; gets(buf); printf("Okay, time to return... Fingers Crossed... Jumping to 0x%x\n", get_return_address()); } int main(int argc, char **argv){ setvbuf(stdout, NULL, _IONBF, 0); gid_t gid = getegid(); setresgid(gid, gid, gid); puts("Please enter your string: "); vuln(); return 0; } ``` above source code shows that this code is vulnerable for buffer overflow for such challenge , what do i need is * finding offset * finding jumping adress that gave us flag and done here the thing!! running a program  the output come with addresss, we can use that adress to find offset, creating randomly 150 alphabets  ---