MasterWard Profile
  • Introduction
  • Media Links
  • Resume
  • HackThebox Notes
    • RedPanda
    • Metatwo
  • CTF Contest Writeups
    • 2017
      • Takoma Park CTF
      • TUCTF 2017
      • HITCON CTF 2017 Quals
      • CSAW CTF Qualification Round 2017
      • SEC-T CTF
      • Backdoor CTF 2017
      • Hack Dat Kiwi 2017
      • Kaspersky 2017
      • Hack.lu 2017
      • HackCon 2017
      • Defcamp 2017
      • Square CTF 2017
      • Mitre 2017
      • EKOPARTY CTF 2017
    • 2018
      • SEC-T CTF
      • Hackcon 2018
      • EasyCTF IV 2018
      • DefCamp CTF Qualifiers
      • PACTF 2018
      • CSAW CTF Qualifiers 2018
      • PicoCTF 2018
    • 2019
      • Newark Academy CTF 2019
      • Crypto CTF 2019
      • PicoCTF 2019
        • General Skills
        • Binary Exploitations
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • TAMUctf 19
    • 2021
      • picoCTF 2021
        • General Skills
        • Binary Exploitation
        • Forensics
        • Reverse Engineering
        • Cryptography
        • Web Exploitation
      • HackiHoli
      • S.H.E.L.L CTF
      • DawgCTF 2021
      • TCTF 2021
      • RedPwnCTF 2021
      • IJCTF 2021
      • UIUCTF 2021
      • Really Awesome CTF 2021
      • TMUCTF 2021
      • CSAW Qualifiers 2021
      • Pbjar CTF 2021
      • Deadface CTF 2021
    • 2022
      • NahamCon CTF 2022
      • BYUCTF 2022
      • DEF CON Qualifiers 2022
    • Useful Code
  • Software
    • Video Standardization and Compression
    • TOBIAS
    • Tracking Phone
    • Image Compression
    • Do Not Call Database
    • Color Blind Simulator
    • Gmail Unsubscriber
    • MP4 to GIF Converter
    • Optical Character Reading
    • Soft Jobs
    • OBD Project
    • Online Movie Finder
    • Work In Progress
      • Incremental Backup
      • Web Scraper - Wallpaper Edition
      • Web Blocker
      • File Manipulator
      • AppFiller
      • Cyber Security Projects
      • Bsaber AI
    • Ideas
      • CAN Programming
      • Malicious Programs
      • Remove Yourself from the Internet
      • DNA Classic
      • Auto Clicker
      • Adding Depth to a Video
      • Collage Mosaic Generator
      • Game Destroyer
      • Hearing aid Technology
      • Sign Language Recognition
      • Text Summarizer
      • Video to audio to text
      • Video Object Detection
      • VR demonstration
      • More Ideas to Elaborate on
    • Failure
      • Police Camera Radar
      • Already Created
      • Google Maps Game
      • Car price prediction
      • Bullshit Detector
      • Automated Code writter
      • Career Prediction
      • Samsung Remote Control Hack
      • Invalid Finder
      • PiHole Regex Filter
      • Group Archiver
  • Additional Articles
    • Cleaning Up a Computer Tricks
    • Getting started in Cyber Security
    • Speeding Up Your Internet
    • College Experience
    • Currently Writting
      • Reverse Engineering Notes
      • Bug Bounty Guide and Examples
      • OSCP help
      • Job Experience
      • Professional Job-Hunting Experience
Powered by GitBook
On this page
  • Obedient Cat [5 pts]
  • Python Wrangling [10 pts] [Not Solved]
  • Wave a Flag [10 pts]
  • Nice netcat... [15 pts]
  • Static ain't always noise [20 pts] [Not Solved]
  • Tab, Tab, Attack [20 pts] [Not Solved]
  • Magikarp Ground Mission [30 pts] [Not Solved]

Was this helpful?

  1. CTF Contest Writeups
  2. 2021
  3. picoCTF 2021

General Skills

PreviouspicoCTF 2021NextBinary Exploitation

Last updated 3 years ago

Was this helpful?

Obedient Cat [5 pts]

Description

This file has a flag in plain sight (aka "in-the-clear").

Solution

Open File

Flag: picoCTF{s4n1ty_v3r1f13d_2aa22101}

Python Wrangling [10 pts] [Not Solved]

Description

Python scripts are invoked kind of like programs in the Terminal... Can you run using to get ?

Solution

a

Flag:

Wave a Flag [10 pts]

Description

Can you invoke help flags for a tool or binary? has extraordinarily helpful information...

Solution

So many ways to do this problem but due to the low value I will go with the easiest one. So if you start and just run ./warm It will print a zsh: permission denied: ./warm The command I use is chmod +x warm or you could use chmod 777 warm Either one works as it gives the file executable rights Now when we run ./warm we get a message back asking us to pass -h To get the flag I ran the command ./warm -h

Flag: picoCTF{b1scu1ts_4nd_gr4vy_30e77291}

Nice netcat... [15 pts]

Description

There is a nice program that you can talk to by using this command in a shell: $ nc mercury.picoctf.net 35652, but it doesn't speak English...

Solution

Running the given command in the terminal will return a lot of numbers. We can determine that it will start with pico so the correlation is 112 105 99 111 = pico and knowing from my programming it was ASCII. Wanting to put some to the test I created code to do the task for me instead of using an online converter.

First I create and open a socket

import socket

hostname = "mercury.picoctf.net"
port = 35652

sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) # Creates Socket
sock.connect((hostname, port)) # Connects

Receiving and translating the code

def readall():
    global sock
    return sock.recv(100000) # Big number

def dumpall(s):
    flag = ''
    for line in s.split('\n'):
        flag += chr(int(line))
    return flag
    
res = readall().decode().strip()
print(dumpall(res))

sock.shutdown(socket.SHUT_WR) # Closing the connection

Flag: picoCTF{g00d_k1tty!_n1c3_k1tty!_9b3b7392}

Static ain't always noise [20 pts] [Not Solved]

Description

Solution

a

Flag:

Tab, Tab, Attack [20 pts] [Not Solved]

Description

Solution

a

Flag:

Magikarp Ground Mission [30 pts] [Not Solved]

Description

Do you know how to move between directories and read files in the shell? Start the container, ssh to it, and then ls once connected to begin. Login via ssh as ctf-player with the password, b60940ca

Solution

a

Flag:

Can you look at the data in this binary: ? This might help!

Using tabcomplete in the Terminal will add years to your life, esp. when dealing with long rambling directory structures and filenames:

Download flag
this Python script
this password
the flag
This program
static
BASH script
Addadshashanammu.zip