General Skills

Lets Warm Up [50 pts]

Description

If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?

Solution

Searched 0x70 to ASCII in search engine

Flag: picoCTF{p}

Warmed Up [50 pts]

Description

What is 0x3D (base 16) in decimal (base 10)?

Solution

Doing this by math we have 3 * 16^1 + D (13) * 16^0 = 61

Flag: picoCTF{61}

2Warm [50 pts]

Description

Can you convert the number 42 (base 10) to binary (base 2)?

Solution

2 ^ 6 = 64 and 2 ^ 5 = 32 which 42 is in that so their are 6 bits for 42. XXXXXX 42 / 2 = 21 remainder 0 21 / 2 = 10 remainder 1 10 / 2 = 5 remainder 0 5 / 2 = 2 remainder 1 2 / 2 = 1 remainder 0 1 / 2 = 0 remainder 1 So 42 = the remainders above

Flag: picoCTF{101010}

what's a net cat? [100 pts]

Description

Using netcat (nc) is going to be pretty important. Can you connect to jupiter.challenges.picoctf.org at port 64287 to get the flag?

Solution

I could do the conventional nc jupiter.challenges.picoctf.org 64287 into the terminal and get the response, but I wanted to do it in some code since not all problems can be solved through terminal.

import sys
import socket

hostname = "jupiter.challenges.picoctf.org"
port = 64287

def netcat(hn , p):
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.connect((hn, p))
	while True:
		data = sock.recv(1024)
		if (not data):
			break
		print(data)
	
netcat(hostname, port)

Flag: picoCTF{nEtCat_Mast3ry_284be8f7}

strings it [100 pts]

Description

Can you find the flag in file without running it?

Solution

It gives the hint to not run the file so you can get the flag with 1 command

$ strings strings | grep "picoCTF"

Flag: picoCTF{5tRIng5_1T_827aee91}

Bases [100 pts]

Description

What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases.

Solution

Just going to go out on a limb and say it is the most common one of base64

import base64
print(base64.b64decode("bDNhcm5fdGgzX3IwcDM1"))

Flag: picoCTF{l3arn_th3_r0p35}

First Grep [100 pts]

Description

Can you find the flag in file? This would be really tedious to look through manually, something tells me there is a better way.

Solution

cat file | grep "picoCTF"

Flag: picoCTF{grep_is_good_to_find_things_dba08a45}

Based [200 pts]

Description

To get truly 1337, you must understand different data encodings, such as hexadecimal or binary. Can you get the flag from this program to prove you are on the way to becoming 1337? Connect with nc jupiter.challenges.picoctf.org 29221.

Solution

I connected and the second line was the answer to the first question (Binary). I was then given more numbers which made me choose to write some code for this solution. It was trial and error for most of it but in the end got the solution that it would be decoding in base 2, 8, 16 in that order.

import sys
import socket
import time

hostname = "jupiter.challenges.picoctf.org"
port = 29221

def known_base(a, base):
	res =""
	for unit in a.split(" "):
		try:
			c = chr(int(unit, base))
			if not c.isalpha():
				raise Exception("Non-ascii")
			res += c
		except:
			pass
	return res

def readData(sock, keyWord):
	data = ""
	while True:
		data += sock.recv(2)
		if keyWord in data:
			break
	return data

def cleanData(data):
	start = data.index("the ") + 4
	end = data.index("as a word")
	return data[start:end].strip()	

def netcat(hn , p):
	sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	sock.connect((hn, p))

	data = readData(sock, "Input:")
	sock.recv(1)
	enc_data = cleanData(data)
	myAnswer = known_base(enc_data, 2)
	print("Data given", enc_data)
	print("My Answer" , myAnswer)
	sock.sendall(myAnswer + "\n")
	time.sleep(.1)
	data = readData(sock, "Input:")
	enc_data = cleanData(data)
	myAnswer = known_base(enc_data, 8)
	sock.sendall(myAnswer + "\n")
	print("Data given", enc_data)
	print("My answer", myAnswer)
	time.sleep(.1)
	data = readData(sock, "Input:")
	enc_data = cleanData(data)
	print("Data given", enc_data)
	myAnswer = enc_data.decode('hex')
	print("My answer", myAnswer)
	sock.sendall(myAnswer + "\n")
	print(readData(sock, "}"))
	
netcat(hostname, port)

Flag: picoCTF{learning_about_converting_values_00a975ff}

plumbing [200 pts]

Description

Sometimes you need to handle process data outside of a file. Can you find a way to keep the output from this program and search for the flag? Connect to jupiter.challenges.picoctf.org 7480.

Solution

It says to keep the output so my mind goes to using '>' onto a file and then using grep to search the file

$ nc jupiter.challenges.picoctf.org 7480 > output.txt
$ cat output.txt | grep "picoCTF"

or can combine that all into 1 line

nc jupiter.challenges.picoctf.org 7480 | grep "picoCTF"

Flag: picoCTF{digital_plumb3r_06e9d954}

mus1c [300 pts]

Description

I wrote you a song. Put it in the picoCTF{} flag format.

Solution

I will admit this one would not have been possible without the hint. I looked at the title and was thinking it was an audacity problem but boy was I wrong. Hint: Do you think you can master rockstar? I searched that on google and of course a lot of writeups came up, but a result after that was a website to look into. Taking out input

Pico's a CTFFFFFFF my mind is waitin It's waitin Put my mind of Pico into This my flag is not found put This into my flag put my flag into Pico shout Pico shout Pico shout Pico My song's something put Pico into This Knock This down, down, down put This into CTF shout CTF my lyric is nothing Put This without my song into my lyric Knock my lyric down, down, down shout my lyric Put my lyric into This Put my song with This into my lyric Knock my lyric down shout my lyric Build my lyric up, up ,up shout my lyric shout Pico shout It Pico CTF is fun security is important Fun is fun Put security with fun into Pico CTF Build Fun up shout fun times Pico CTF put fun times Pico CTF into my song build it up shout it shout it build it up, up shout it shout Pico

When put in both boxes Rock outputs

114 114 114 111 99 107 110 114 110 48 49 49 51 114

Which can be solved by the website to get the flag.

Flag: picoCTF{rrrocknrn0113r}

flag_shop [300 pts] [Not Solved]

Description

There's a flag shop selling stuff, can you buy a flag? Source. Connect with nc jupiter.challenges.picoctf.org 4906.

Solution

a

Flag:

1_wanna_b3_a_r0ck5tar [350 pts]

Description

I wrote you another song. Put the flag in the picoCTF{} flag format

Solution - Not Accepting Flag

This time I know it will be dealing with rockstar so I was like let's get it and actually downloaded the code trying to understand it more. I did all the installs and ran the file lyrics

Rocknroll is right
Silence is wrong
A guitar is a six-string
Tommy's been down
Music is a billboard-burning razzmatazz!
Listen to the music
If the music is a guitar
Say "Keep on rocking!"
Listen to the rhythm
If the rhythm without Music is nothing
Tommy is rockin guitar
Shout Tommy
Music is amazing sensation
Jamming is awesome presence
Scream Music
Scream Jamming!
Tommy is playing rock
Scream Tommy!
They are dazzled audiences
Shout it!
Rock is electric heaven
Scream it!
Tommy is jukebox god
Say it!
Break it down
Shout "Bring on the rock!"
Else Whisper "That ain't it, Chief"
Break it down

Turned into code of this

Rocknroll = True
Silence = False
a_guitar = 10
Tommy = 44
Music = 170
the_music = input()
if the_music == a_guitar:
    print("Keep on rocking!")
    the_rhythm = input()
    if the_rhythm - Music == False:
        Tommy = 66
        print(Tommy!)
        Music = 79
        Jamming = 78
        print(Music!)
        print(Jamming!)
        Tommy = 74
        print(Tommy!)
        They are dazzled audiences
        print(it!)
        Rock = 86
        print(it!)
        Tommy = 73
        print(it!)
        break
        print("Bring on the rock!")
        Else print("That ain't it, Chief")
        break

I noticed it didn't look right at all. At this point, I could have just said let me take the numbers and convert myself 66 79 78 74 86 73 == BONJVI, but why was it not working. 1. I removed the ! from print statements 2. Removed line 19 as it didn't mean anything and 20 as it wasn't assigned 3. Matched types on lines 7 and 10 (Had to do manually in code) 4. Removed 25 - 28 as they aren't useful in our evaluation 5. Replaced 22 with Rock and 24 with Tommy

Final Results: Lyrics

Rocknroll is right Silence is wrong A guitar is a six-string Tommy's been down Music is a billboard-burning razzmatazz! Listen to the music If the music is a guitar Say "Keep on rocking!" Listen to the rhythm If the rhythm without Music is nothing Tommy is rockin guitar Shout Tommy Music is amazing sensation Jamming is awesome presence Scream Music Scream Jamming Tommy is playing rock Scream Tommy Rock is electric heaven Scream Rock Tommy is jukebox god Say Tommy

Final Code

Rocknroll = True
Silence = False
a_guitar = 10
Tommy = 44
Music = 170
the_music = input()
if int(the_music) == a_guitar:
    print("Keep on rocking!")
    the_rhythm = input()
    if int(the_rhythm) - Music == 0:
        Tommy = 66
        print(Tommy)
        Music = 79
        Jamming = 78
        print(Music)
        print(Jamming)
        Tommy = 74
        print(Tommy)
        Rock = 86
        print(Rock)
        Tommy = 73
        print(Tommy)

Output with input being 10 and 170

10
Keep on rocking!
170
66
79
78
74
86
73

Flag: picoCTF{BONJVI}

PreviousPicoCTF 2019NextBinary Exploitations

Last updated