PicoCTF 2017 – Digital Camouflage

Another day, another challenge.

Today’s blog post we will be solving the “Digital Camouflage” challenge in the PicoCTF.

Let’s start.

Clicking on the challenge we see the following:

PicoCTF_Digital_Camouflage_1

We need to find the password in a packet capture.

Let’s look at the hints to see what we can find.

PicoCTF_Digital_Camouflage_2

Downloading the file and going to Wireshark we see the following:

PicoCTF_Digital_Camouflage_6

We see network traffic. The first half is UDP packets which is not important for this challenge.

Scrolling down we see the following:

PicoCTF_Digital_Camouflage_5

Looking at this packet we see a username, and password. Could this be what we’re looking for?

Doing a right click, follow, HTTP Stream we see:

PicoCTF_Digital_Camouflage_4

Entering the password into the input box we retrieved the flag and acquired 50 points.

PicoCTF 2017 – Just No

Another day, another challenge…

Today’s blog post we’re going to solve the “Just No” challenge in the PicoCTF challenge.

Let’s start.

PicoCTF_Just_No_1

OK… we have a program that has access to the flag, but refuse to give it to us.

Let’s look at the hints and see what we can do.

PicoCTF_Just_No_2

OK.. we need to look at the absolute and relative paths, and spoof the file that the program is looking for.

Let’s go to the program.

After clicking logging into the command line and navigating to the folder we see the following:

PicoCTF_Just_No_3

Opening the auth file with the cat command we see:

PicoCTF_Just_No_4

OK. The file only as no. Let’s see how this is being used.

Opening the justno.c file with the cat command we see:

PicoCTF_Just_No_5

Reading the file we see we’re opening the auth file and determining if the the auth file does not have the word “no”. If that’s true then we’re presented with the flag. If the auth file does contain the word “no” then we go inside the else block which print, “auth file says no. So no. Just… no.”

As we can see when we opened the auth file it currently has the word “no”. Which means if we executed the justno program right now we would go to the else block, and receive the no message.

Now is the time to utilize the hints. We need to spoof the auth file to be ANY word except for no. How are we going to do this?

Well the challenge told us to read the difference between absolute and relative paths. Once we figured that out, then we can create a new auth file and point it to the new location.

Let’s give it a shot.

Going back to the justno.c we see that the file open is using relative paths.

We can spoof the location by creating the file structure and then calling the justno.c program and printing the flag.

Let’s do it.

PicoCTF_Just_No_6

Looking at the screenshot you can see we created the same directory structure and created a new auth file that was listed in the justno.c program. Once we did that and called the justno program again we were able to get the flag and acquired 40 points!

PicoCTF 2017 – Bash Loop

Another day, another challenge…

Today’s blog post we will solve the “Bash Loop” challenge in the PicoCTF challenge.

Let’s start!

Clicking on the challenge we see:

PicoCTF_Bash_Loop_1

OK… There’s a program we need to execute to find the hidden number. Let’s look at the hints to see what they give us.

PicoCTF_Bash_Loop_2

OK… the hint tells us that we need to use Google to search for “bash loops”.

First let’s navigate to the folder of the program

Copying the location of the program, right clicking on the command line, selecting paste from browser, and pressing enter we have the following:

PicoCTF_Bash_Loop_3

PicoCTF_Bash_Loop_4

We see the bashloop program and the flag.

Executing the bashloop program we see the following:

PicoCTF_Bash_Loop_6

Let’s do a quick Google search and look for bash loops

Going to the following link, and scrolling down to the for loop we see the following:

PicoCTF_Bash_Loop_5

Let’s use this for our challenge.

Going back to the command line we enter the following:

PicoCTF_Bash_Loop_7

Let’s break down the loop…

In the first line we are using a for loop and we’re looping over the range from 0 to 4096 as that is the range of numbers we need to guess over.

The next line we are invoking (calling) the program with the current number in the range (between 0 to 4096). From that we’re grepping (finding) the keyword of flag. The reason we’re doing that is to find the flag. Next line is specifying that we’re ending the loop.

Pressing enter we see that the flag is displayed to us.

Entering this into the input box we acquired 40 points!

PicoCTF 2017 – WorldChat

Another day, another challenge…

In today’s blog post we will be solving the “WorldChat” challenge from the PicoCTF.

Let’s get started!

Going to the challenge we see:
PicoCTF_WorldChat_1

OK so we need to find the flag inside of the WorldChat app. According to the description when connecting to this app there will be many people on the app besides us.

Let’s look at the hints to see if it will help us.

PicoCTF_WorldChat_2

We need to us the nc command (we’ve used this in another challenge) and use the grep command to filter output.

Let’s try it.

PicoCTF_WorldChat_3

Connecting to the server we see a bunch of chats from different people. I pressed Ctrl + C to stop it.

Let’s use the hints and use the grep command with the “|” (pipe) command.

PicoCTF_WorldChat_4

PicoCTF_WorldChat_5

PicoCTF_WorldChat_6

PicoCTF_WorldChat_7

PicoCTF_WorldChat_8

PicoCTF_WorldChat_9

PicoCTF_WorldChat_10

Press Ctrl + C to end the chat.

I have only captured screenshots of output that has the flag. Entering the flag into the input box we acquired 30 points.

PicoCTF 2017 – What Is Web

Another day, another challenge.

In today’s blog post we are solving the challenge, “What Is Web” from the PicoCTF challenge.

Let’s start!

Clicking on the challenge we see:

PicoCTF_What_Is_Web_7

OK, so we need to find out how to use HTML.

Looking at the hints we see:
PicoCTF_What_Is_Web_2

Clicking on the website we see:

PicoCTF_What_Is_Web_3Doing a right click, view source we see:

PicoCTF_What_Is_Web_4

At the bottom of the screen in the green letters (which are comments that are not displayed in the browser) show that we have the first part of the flag.

Now we need to find the second and third part of the flag.

Looking back at the page source we see two different files that are referenced: hacker.css and script.js

Let’s look at hacker.css first and see what’s there.

Going to that file we see the second part of the flag at the top of the browser:

PicoCTF_What_Is_Web_5

Now let’s look at the script.js file and see if we can find the final part of the flag…

Going to the script.js file we see:

PicoCTF_What_Is_Web_6

We now have the three parts of the flag!

Combining the parts together and submitting the flag, we’ve acquired 20 points!

PicoCTF 2017 – looooong

Another day, another challenge…

Today’s blog post is to solve the looooong challenge from PicoCTF.

After login and opening the challenge we see the following:

PicoCTF_looooong_1

We need to see how fast our typing speed.

Clicking on the hints we see the following:

PicoCTF_looooong_2

Going to the command line and connecting to the server we get the following:

PicoCTF_looooong_3

We see that we have thirty seconds to enter the following 533 r’s an a single 3.

The hint stated we should try using python.

I can’t say enough about Python. It’s a GREAT first language for beginners to learn. TheNewBoston on YouTube has a good tutorial on Python.

Anyway, back to the challenge – going to Google and typing “Python interpreter online” we’re presented with the following here.

Python has a great way of printing characters multiple times with the following:

print ‘a’ * 399

This will print a 399 times.

I have to admit I had to do this challenge a couple of times as I was slow.

I’m going to add the screenshots of the challenge I was able to solve.

PicoCTF_looooong_4

Going to the link I provided I typed – print ‘v’ * 538 – I was presented with:

PicoCTF_looooong_5

Copying the v’s and going back to our challenge, if we right click in the command line and select paste from browser we get the following:

PicoCTF_looooong_6

Entering the v’s and adding the single 1 at the end and pressing OK I received the following:

PicoCTF_looooong_7

We received the flag and acquired 20 points!

Word of advice – have AT LEAST two window open. 1 window with the challenge, the second window of the python interpreter.

 

PicoCTF 2017 – Leaf of the Tree

Another day, another challenge…

Today’s topic will show how to solve the Leaf of the Tree challenge from the PicoCTF.

Clicking on the challenge we see the following:

PicoCTF_Leaf_Of_The_Tree_1

We need to find the flag, but it’s located in an annoying named directory. The challenge tells us that we should use the cat and ls commands.

Clicking the hints we see the following:

PicoCTF_Leaf_Of_The_Tree_2

Nothing much here except that tab completion is our friend.

Going to the command line and navigating to the folder in the challenge we see:

PicoCTF_Leaf_Of_The_Tree_3

Hmm… a trunk directory, let’s change our current directory (cd) to the trunk directory and list the contents.

Doing that we get:

PicoCTF_Leaf_Of_The_Tree_4

Two more folders… let’s go to the trunkef96 directory and see what’s in that directory.

PicoCTF_Leaf_Of_The_Tree_5

Another folder… trunk99e1, let’s see what’s in that directory.

PicoCTF_Leaf_Of_The_Tree_6

Three more folders. Let’s look what’s inside of the trunk54f4 directory.

PicoCTF_Leaf_Of_The_Tree_7

Going to trunk61be and looking at the contents in that folder we see:

PicoCTF_Leaf_Of_The_Tree_8

Going to the trunk61be and looking at the contents in that folder we see:

PicoCTF_Leaf_Of_The_Tree_9

Going to the trunk61be and looking at the contents in that folder we see:
PicoCTF_Leaf_Of_The_Tree_10

Going to the trunk89be and looking at the contents in that folder we see:

PicoCTF_Leaf_Of_The_Tree_11

Going to the trunk87bf and looking at the contents in that folder we see:

PicoCTF_Leaf_Of_The_Tree_12

Going to the trunkb252 and looking at the contents in that folder we see:

PicoCTF_Leaf_Of_The_Tree_13

OK – there’s the flag. Let’s use the cat command to open the file and see if the flag is there.

PicoCTF_Leaf_Of_The_Tree_14

We found the flag, and acquired 30 points in the process!