Forensics

Glory of the Garden [50 pts]

Description
This garden contains more than it seems. Hint: What is a hex editor?

Solution

Being the most basic flag I assumed it would have the flag in the file in plain text but after the image. I used a simple command and the last line printed out the flag. strings garden.jpg

Flag: picoCTF{more_than_m33ts_the_3y3657BaB2C}

So Meta [150 pts]

Description
Find the flag in this picture.

Solution

Gave hint of the title "meta" so I used the built-in tool

exiftool pico_img.png

Flag: picoCTF{s0_m3ta_fec06741}

shark on wire 1 [150 pts] [Not Solved]

Description
We found this packet capture. Recover the flag.

Solution

Flag:

extensions [150 pts]

Description
This is a really weird text file TXT? Can you find the flag?

Solution

Either by trying to open, using the file flag.txt command, or hex editor flag.txt the conclusion is the same. It is a PNG file.

Flag: picoCTF{now_you_know_about_extensions}

What Lies Within [150 pts]

Description
There's something in the building. Can you retrieve the flag?

Solution

Using this online website's decoder function to find the flag.

Flag: picoCTF{h1d1ng_1n_th3_b1t5}

m00nwalk [250 pts] [Not Solved]

Description
Decode this message from the moon.

Solution

Flag:

WhitePages [250 pts]

Description
I stopped using YellowPages and moved onto WhitePages... but the page they gave me is all blank!

Solution

I know the file is filled with spaces but looking through hex editor it isn't spaces but more of other types of hex that are not viewable. I noticed it was a "." and " " pattern denoting 1's and 0's with hex "E2", "80", "83", and "20". Hmmm 4 but only needed 2... You can notice that the two patterns are E28083 and 20. Taking that and converting the bits in the file gets a bunch of 10 which goes to ASCII flag.

import binascii

def text_from_bits(bits, encoding='utf-8', errors='surrogatepass'):
    n = int(bits, 2)
    return int2bytes(n).decode(encoding, errors)

def int2bytes(i):
    hex_string = '%x' % i
    n = len(hex_string)
    return binascii.unhexlify(hex_string.zfill(n + (n & 1)))
    
with open("whitepages.txt", "rb") as bin_file:
	data = bytearray(bin_file.read()) 
	data = data.replace(b'\xe2\x80\x83', b'0')
	data = data.replace(b'\x20', b'1')
	data = data.decode("ascii")
	print(data)
	print(text_from_bits(data))

Output

00001010000010010000100101110000011010010110001101101111010000110101010001000110000010100000101000001001000010010101001101000101010001010010000001010000010101010100001001001100010010010100001100100000010100100100010101000011010011110101001001000100010100110010000000100110001000000100001001000001010000110100101101000111010100100100111101010101010011100100010000100000010100100100010101010000010011110101001001010100000010100000100100001001001101010011000000110000001100000010000001000110011011110111001001100010011001010111001100100000010000010111011001100101001011000010000001010000011010010111010001110100011100110110001001110101011100100110011101101000001011000010000001010000010000010010000000110001001101010011001000110001001100110000101000001001000010010111000001101001011000110110111101000011010101000100011001111011011011100110111101110100010111110110000101101100011011000101111101110011011100000110000101100011011001010111001101011111011000010111001001100101010111110110001101110010011001010110000101110100011001010110010001011111011001010111000101110101011000010110110001011111011000110011010100110100011001100011001000110111011000110110010000110000001101010110001100110010001100010011100000111001011001100011100000110001001101000011011101100011011000110011011001100110001101010110010001100101011000100011001001100101001101010011011001111101000010100000100100001001 picoCTF SEE PUBLIC RECORDS & BACKGROUND REPORT 5000 Forbes Ave, Pittsburgh, PA 15213 picoCTF{not_all_spaces_are_created_equal_c54f27cd05c2189f8147cc6f5deb2e56}

Flag: picoCTF{not_all_spaces_are_created_equal_c54f27cd05c2189f8147cc6f5deb2e56}

c0rrupt [250 pts] [Not Solved]

Description
We found this file. Recover the flag.

Solution

Flag:

like1000 [250 pts] [Not Solved]

Description
This .tar file got tarred a lot.

Solution

Flag:

m00nwalk2 [300 pts] [Not Solved]

Description
Revisit the last transmission. We think this transmission contains a hidden message. There are also some clues clue 1, clue 2, clue 3.

Solution

Flag:

Investigative Reversing 0 [300 pts] [Not Solved]

Description
We have recovered a binary and an image. See what you can make of it. There should be a flag somewhere.

Solution

Flag:

shark on wire 2 [300 pts] [Not Solved]

Description
We found this packet capture. Recover the flag that was pilfered from the network.

Solution

Flag:

Investigative Reversing 2 [350 pts] [Not Solved]

Description
We have recovered a binary and an image See what you can make of it. There should be a flag somewhere.

Solution

Flag:

Investigative Reversing 1 [350 pts] [Not Solved]

Description
We have recovered a binary and a few images: image, image2, image3. See what you can make of it. There should be a flag somewhere.

Solution

Flag:

WebNet0 [450 pts] [Not Solved]

Description
We found this packet capture and key. Recover the flag.

Solution

Flag:

Investigative Reversing 4 [400 pts] [Not Solved]

Description
We have recovered a binary and 5 images: image01, image02, image03, image04, image05. See what you can make of it. There should be a flag somewhere.

Solution

Flag:

Investigative Reversing 3 [400 pts] [Not Solved]

Description
We have recovered a binary and an image See what you can make of it. There should be a flag somewhere.

Solution

Flag:

WebNet1 [450 pts] [Not Solved]

Description
We found this packet capture and key. Recover the flag.

Solution

Flag:

investigation_encoded_1 [450 pts] [Not Solved]

Description
We have recovered a binary and 1 file: image01. See what you can make of it. NOTE: The flag is not in the normal picoCTF{XXX} format.

Solution

Flag:

investigative_encoding_2 [500 pts] [Not Solved]

Description
We have recovered a binary and 1 file: image01. See what you can make of it. NOTE: The flag is not in the normal picoCTF{XXX} format.

Solution

Flag:

B1g_Mac [500 pts] [Not Solved]

Description
Here's a zip file.

Solution

Flag:

PreviousBinary Exploitations NextReverse Engineering

Last updated 4 years ago

hashtagGlory of the Garden [50 pts]

hashtagSo Meta [150 pts]

hashtagshark on wire 1 [150 pts] [Not Solved]

hashtagextensions [150 pts]

hashtagWhat Lies Within [150 pts]

hashtagm00nwalk [250 pts] [Not Solved]

hashtagWhitePages [250 pts]

hashtagc0rrupt [250 pts] [Not Solved]

hashtaglike1000 [250 pts] [Not Solved]

hashtagm00nwalk2 [300 pts] [Not Solved]

hashtagInvestigative Reversing 0 [300 pts] [Not Solved]

hashtagshark on wire 2 [300 pts] [Not Solved]

hashtagInvestigative Reversing 2 [350 pts] [Not Solved]

hashtagInvestigative Reversing 1 [350 pts] [Not Solved]

hashtagWebNet0 [450 pts] [Not Solved]

hashtagInvestigative Reversing 4 [400 pts] [Not Solved]

hashtagInvestigative Reversing 3 [400 pts] [Not Solved]

hashtagWebNet1 [450 pts] [Not Solved]

hashtaginvestigation_encoded_1 [450 pts] [Not Solved]

hashtaginvestigative_encoding_2 [500 pts] [Not Solved]

hashtagB1g_Mac [500 pts] [Not Solved]

hashtag

Glory of the Garden [50 pts]

So Meta [150 pts]

shark on wire 1 [150 pts] [Not Solved]

extensions [150 pts]

What Lies Within [150 pts]

m00nwalk [250 pts] [Not Solved]

WhitePages [250 pts]

c0rrupt [250 pts] [Not Solved]

like1000 [250 pts] [Not Solved]

m00nwalk2 [300 pts] [Not Solved]

Investigative Reversing 0 [300 pts] [Not Solved]

shark on wire 2 [300 pts] [Not Solved]

Investigative Reversing 2 [350 pts] [Not Solved]

Investigative Reversing 1 [350 pts] [Not Solved]

WebNet0 [450 pts] [Not Solved]

Investigative Reversing 4 [400 pts] [Not Solved]

Investigative Reversing 3 [400 pts] [Not Solved]

WebNet1 [450 pts] [Not Solved]

investigation_encoded_1 [450 pts] [Not Solved]

investigative_encoding_2 [500 pts] [Not Solved]

B1g_Mac [500 pts] [Not Solved]