picoCTF2019 writeup
Points: 50
This garden contains more than it seems. You can also find the file in You can also find the file in /problems/glory-of-the-garden_6_0d6d3ea97757b84c7a51a38daa7dca8d on the shell server.
What is a hex editor?
Solution here
Flag
Points: 50
Can you unzip this file and get the flag?
put the flag in the format picoCTF{XXXXX}
Solution here
Flag
Points: 150
Find the flag in this picture. You can also find the file in /problems/so-meta_1_c8994cc94991979b60e80828d19f75bf.
What does meta mean in the context of files? Ever hear of metadata?
Solution here
Flag
Points: 150
Theres something in the building. Can you retrieve the flag?
There is data encoded somewhere, there might be an online decoder
Solution here
Flag
Points: 150
This is a really weird text file TXT? Can you find the flag?
How do operating systems know what kind of file it is? (It’s not just the ending! Make sure to submit the flag as picoCTF{XXXXX}
Solution here
Flag
Points: 150
We found this packet capture. Recover the flag. You can also find the file in /problems/shark-on-wire-1_0_606ee6b0b78f6987c7b12f43253b2d9b.
Try using a tool like Wireshark What are streams?
Use this wireshark filter udp.stream eq 6
picoCTF{StaT31355_636f6e6e}
Points: 200
I stopped using YellowPages and moved onto WhitePages… but the page they gave me is all blank!
picoCTF{not_all_spaces_are_created_equal_3bf40b869ee984866e67f3057f006a92}
Points: 250
We found this file. Recover the flag. You can also find the file in /problems/c0rrupt_0_1fcad1344c25a122a00721e4af86de13.
Try fixing the file header
After examining a PNG image file from the picoCTF website E.g :
The file header can be seen using a hex viewer :
Using the file header as an example, arrange the original file header from this :
to this format :
After editing the file header, save in hex editor and a new image will be obtain :
picoCTF{c0rrupt10n_1847995}
Points: 250
This .tar file got tarred alot. Also available at /problems/like1000_0_369bbdba2af17750ddf10cc415672f1c.
Try and script this, it’ll save you alot of time
Use a simple python script to untar the file from 1000 to 0
The script done on python 3.6
import tarfile
for i in range(1000, 0, -1):
tf = tarfile.open(str(i)+".tar")
tf.extractall()
Inside there are
picoCTF{l0t5_0f_TAR5}
Points: 250
Decode this message from the moon. You can also find the file in /problems/m00nwalk_1_727ca48dac5da21d2c11635238649314.
How did pictures from the moon landing get sent back to Earth? What is the CMU mascot?, that might help select a RX option
Flag
Points: 300
We found this packet capture. Recover the flag that was pilfered from the network. You can also find the file in /problems/shark-on-wire-2_0_3e92bfbdb2f6d0e25b8d019453fdbf07.
udp.port == 22
. Notice it forms a unique valuepicoCTF{p1LLf3r3d_data_v1a_st3g0}
Points: 350
We found this packet capture and key. Recover the flag. You can also find the file in /problems/webnet0_0_363c0e92cf19b68e5b5c14efb37ed786.
Try using a tool like Wireshark
How can you decrypt the TLS stream?
picoCTF{nongshim.shrimp.crackers}
Points: 450
We found this packet capture and key. Recover the flag. You can also find the file in /problems/webnet1_0_d63b267c607b8fedbae100068e010422.
Try using a tool like Wireshark
How can you decrypt the TLS stream?
HTTP
protocolshttp
protocol(type http
in the filter)Line based text data: text/html
> Export packet bytes > second.htmlhttp
and look for the GET vulture.jpg
trailer packet(91).JPEG File Interchange Format
> Export packet bytes… > vulture.jpg . You will see the same image as seen in second.htmlvulture.jpg
on your pc > Properties > detailsauthors
meta data has the flag.Alternatively, you can Show packet bytes and view by Hex Dump
or ASCII
. Metadata of an image is always stored in the file header and that is where information can be hidden.
picoCTF{honey.roasted.peanuts}