Forensics
Glory of the Garden [50 pts]
Description
This garden contains more than it seems. Hint: What is a hex editor?
Solution
Being the most basic flag I assumed it would have the flag in the file in plain text but after the image. I used a simple command and the last line printed out the flag. strings garden.jpg
Flag: picoCTF{more_than_m33ts_the_3y3657BaB2C}
So Meta [150 pts]
Description
Find the flag in this picture.
Solution
Gave hint of the title "meta" so I used the built-in tool
exiftool pico_img.pngFlag: picoCTF{s0_m3ta_fec06741}
shark on wire 1 [150 pts] [Not Solved]
Description
We found this packet capture. Recover the flag.
Solution
a
Flag:
extensions [150 pts]
Description
This is a really weird text file TXT? Can you find the flag?
Solution
Either by trying to open, using the file flag.txt command, or hex editor flag.txt the conclusion is the same. It is a PNG file.
Flag: picoCTF{now_you_know_about_extensions}
What Lies Within [150 pts]
Description
There's something in the building. Can you retrieve the flag?
Solution
Using this online website's decoder function to find the flag.
Flag: picoCTF{h1d1ng_1n_th3_b1t5}
m00nwalk [250 pts] [Not Solved]
Description
Decode this message from the moon.
Solution
a
Flag:
WhitePages [250 pts]
Description
I stopped using YellowPages and moved onto WhitePages... but the page they gave me is all blank!
Solution
I know the file is filled with spaces but looking through hex editor it isn't spaces but more of other types of hex that are not viewable. I noticed it was a "." and " " pattern denoting 1's and 0's with hex "E2", "80", "83", and "20". Hmmm 4 but only needed 2... You can notice that the two patterns are E28083 and 20. Taking that and converting the bits in the file gets a bunch of 10 which goes to ASCII flag.
import binascii
def text_from_bits(bits, encoding='utf-8', errors='surrogatepass'):
n = int(bits, 2)
return int2bytes(n).decode(encoding, errors)
def int2bytes(i):
hex_string = '%x' % i
n = len(hex_string)
return binascii.unhexlify(hex_string.zfill(n + (n & 1)))
with open("whitepages.txt", "rb") as bin_file:
data = bytearray(bin_file.read())
data = data.replace(b'\xe2\x80\x83', b'0')
data = data.replace(b'\x20', b'1')
data = data.decode("ascii")
print(data)
print(text_from_bits(data))Output
00001010000010010000100101110000011010010110001101101111010000110101010001000110000010100000101000001001000010010101001101000101010001010010000001010000010101010100001001001100010010010100001100100000010100100100010101000011010011110101001001000100010100110010000000100110001000000100001001000001010000110100101101000111010100100100111101010101010011100100010000100000010100100100010101010000010011110101001001010100000010100000100100001001001101010011000000110000001100000010000001000110011011110111001001100010011001010111001100100000010000010111011001100101001011000010000001010000011010010111010001110100011100110110001001110101011100100110011101101000001011000010000001010000010000010010000000110001001101010011001000110001001100110000101000001001000010010111000001101001011000110110111101000011010101000100011001111011011011100110111101110100010111110110000101101100011011000101111101110011011100000110000101100011011001010111001101011111011000010111001001100101010111110110001101110010011001010110000101110100011001010110010001011111011001010111000101110101011000010110110001011111011000110011010100110100011001100011001000110111011000110110010000110000001101010110001100110010001100010011100000111001011001100011100000110001001101000011011101100011011000110011011001100110001101010110010001100101011000100011001001100101001101010011011001111101000010100000100100001001 picoCTF SEE PUBLIC RECORDS & BACKGROUND REPORT 5000 Forbes Ave, Pittsburgh, PA 15213 picoCTF{not_all_spaces_are_created_equal_c54f27cd05c2189f8147cc6f5deb2e56}
Flag: picoCTF{not_all_spaces_are_created_equal_c54f27cd05c2189f8147cc6f5deb2e56}
c0rrupt [250 pts] [Not Solved]
Description
We found this file. Recover the flag.
Solution
a
Flag:
like1000 [250 pts] [Not Solved]
Description
This .tar file got tarred a lot.
Solution
a
Flag:
m00nwalk2 [300 pts] [Not Solved]
Description
Revisit the last transmission. We think this transmission contains a hidden message. There are also some clues clue 1, clue 2, clue 3.
Solution
a
Flag:
Investigative Reversing 0 [300 pts] [Not Solved]
Description
We have recovered a binary and an image. See what you can make of it. There should be a flag somewhere.
Solution
a
Flag:
shark on wire 2 [300 pts] [Not Solved]
Description
We found this packet capture. Recover the flag that was pilfered from the network.
Solution
a
Flag:
Investigative Reversing 2 [350 pts] [Not Solved]
Description
We have recovered a binary and an image See what you can make of it. There should be a flag somewhere.
Solution
a
Flag:
Investigative Reversing 1 [350 pts] [Not Solved]
Description
We have recovered a binary and a few images: image, image2, image3. See what you can make of it. There should be a flag somewhere.
Solution
a
Flag:
WebNet0 [450 pts] [Not Solved]
Description
We found this packet capture and key. Recover the flag.
Solution
a
Flag:
Investigative Reversing 4 [400 pts] [Not Solved]
Description
We have recovered a binary and 5 images: image01, image02, image03, image04, image05. See what you can make of it. There should be a flag somewhere.
Solution
a
Flag:
Investigative Reversing 3 [400 pts] [Not Solved]
Description
We have recovered a binary and an image See what you can make of it. There should be a flag somewhere.
Solution
a
Flag:
WebNet1 [450 pts] [Not Solved]
Description
We found this packet capture and key. Recover the flag.
Solution
a
Flag:
investigation_encoded_1 [450 pts] [Not Solved]
Description
We have recovered a binary and 1 file: image01. See what you can make of it. NOTE: The flag is not in the normal picoCTF{XXX} format.
Solution
a
Flag:
investigative_encoding_2 [500 pts] [Not Solved]
Description
We have recovered a binary and 1 file: image01. See what you can make of it. NOTE: The flag is not in the normal picoCTF{XXX} format.
Solution
a
Flag:
B1g_Mac [500 pts] [Not Solved]
Description
Here's a zip file.
Solution
a
Flag:
Last updated
Was this helpful?