picoCTF 2024
This year I only managed to play a few hours in picoCTF. Seeing how many days it runs, I should’ve been able to get more time in, but at least I put new flooring into my apartment.
Here’s a writeup for the tasks in the General category. I have removed some of the output and redacted the flags.
Super SSH
Description
Using a Secure Shell (SSH) is going to be pretty important. Can you ssh as ctf-player to titan.picoctf.net at port 55352 to get the flag? You’ll also need the password 83dcefb7. If asked, accept the fingerprint with yes.
All you need to do to get the flag is to connect using the provided username and password.
1
2
$ ssh ctf-player@titan.picoctf.net -p 55352
Welcome ctf-player, here's your flag: picoCTF{redacted}
Commitment Issues
Description
Description I accidentally wrote the flag down. Good thing I deleted it!
After downloading and unpacking the repo we can check out previous commits and reverse back to get the flag.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
$ git log
commit ef0b7cc6b98367fa168573c931e0f7098ef59182 (HEAD -> master)
Author: picoCTF <ops@picoctf.com>
Date: Tue Mar 12 00:06:20 2024 +0000
remove sensitive info
commit ea859bf3b5d94ee74ce5ee1afa3edd7d4d6b35f0
Author: picoCTF <ops@picoctf.com>
Date: Tue Mar 12 00:06:20 2024 +0000
create flag
$ git checkout ea859
$ cat message.txt
picoCTF{redacted}
Time Machine
Description
What was I last working on? I remember writing a note to help me remember…
This challenge is even easier than the previous, as the flag can be found in the commit message.
1
2
3
4
5
6
$ git log
commit 10228f3d6437701ef5aaac04213757031f30ebec (HEAD -> master)
Author: picoCTF <ops@picoctf.com>
Date: Tue Mar 12 00:07:24 2024 +0000
picoCTF{redacted}
Blame Game
Description
Someone’s commits seems to be preventing the program from working. Who is it?
Here the description hints that we need to find the user responsible, and if we check which users have made commits to the project we actually get the flag as a username. Note that the user picoCTF has made 501 commits, so we would have to do a lot of scrolling if we searched manually using git log.
1
2
3
$ git shortlog -sne
501 picoCTF <ops@picoctf.com>
1 picoCTF{redacted} <ops@picoctf.com>
Collaborative Development
Description
My team has been working very hard on new features for our flag printing program! I wonder how they’ll work together?
binhexa
Description
How well can you perfom basic binary operations? Start searching for the flag here nc titan.picoctf.net 49152
This challenge has six parts, where you need to do basic operations on two binary numbers. The numbers and the order of the operations will be random for each time you do the challenge.
The operation to be performed are & (AND), | (OR), << (shift left), >> (shift right), + (addition) and * (multiplication).
Binary Number 1: 11101110 Binary Number 2: 00001000
Task one is |, which is bitwise OR. This means that a bit in eather number is 1, the corresponding bit in the result will be 1. Thus, the answer to the first question is 11101110.
Binary Search
Description
Want to play a game? As you use more of the shell, you might be interested in how they work! Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You’ll have 1000 possibilities and only 10 guesses. Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools!
Binary search basically just means dividing into two parts. So to find a random number between 1 and 1000 you start by guessing 500, and if that’s too low then you go half way between 500 and 1000, which would be 750, and so forth. You could do a script to solve this, but it’s quicker to just do it manually. Here’s an example of solving the challenge.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Welcome to the Binary Search Game!
I'm thinking of a number between 1 and 1000.
Enter your guess: 500
Higher! Try again.
Enter your guess: 750
Higher! Try again.
Enter your guess: 825
Higher! Try again.
Enter your guess: 900
Higher! Try again.
Enter your guess: 950
Lower! Try again.
Enter your guess: 925
Lower! Try again.
Enter your guess: 912
Higher! Try again.
Enter your guess: 918
Higher! Try again.
Enter your guess: 921
Lower! Try again.
Enter your guess: 919
Congratulations! You guessed the correct number: 919
Here's your flag: picoCTF{redacted}
endianess
Description
Know of little and big endian? Additional details will be available after launching your challenge instance.
dont-you-love-banners
Description
Can you abuse the banner? Additional details will be available after launching your challenge instance.
SansAlpha
Description
The Multiverse is within your grasp! Unfortunately, the server that contains the secrets of the multiverse is in a universe where keyboards only have numbers and (most) symbols. Additional details will be available after launching your challenge instance.
Comments powered by Disqus.