## PicoCTF 2017 – computeAES #infosec #appsec #crypto #ctf

Another day, another challenge.

Today’s blog post will explore solving the “computeAES” challenge in PicoCTF.

Let’s get started.

Clicking on the challenge we see the following:

Clicking on the clue link we see the following:

Going back to the challenge and clicking the hints we see:

Let’s use the hint of using online tools to solve this challenge.

Doing a Google search for “convert base64 to hex” we get the following link.

Going to this link we put in our base64 input to get the hex equivalent.

Doing this for the key and the input we get the following:

Key = 4f9b95cd8b6e04dbfabf08e886c955e3

Doing another Google search for “AES calc hex” we get the following link.

Entering the hex value of the key and input we get the following:

We found the flag! Copying the flag and removing the extra space we’ve acquired 50 points!

## PicoCTF 2017 – Yarn #appsec #infosec #ctf

Another day, another challenge…

Today’s blog post we will solve the, “Yarn” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge we see:

OK, we need to find a flag inside of a file, but we do not know what the file is.

Let’s look at the hints and see if that provides any clues.

Looking at the hints we’re provided with two questions. Possibly answering these questions will leads us to the flag.

Answer question #1 – “what does the string command use to determine if something is a string?” We decide to do a Google search to answer just that.

Reading the article we determine that the strings command prints the printable characters from a file.

Doing that we’re provided with the following screenshot:

Question #2 – is there a way to change the length that the strings command look for?

Going back to the link we see that there is a way we can specify that there is a way to determine the length of strings we want to print.

How do we use this?

By adding the “-n <length you want to use>”

Doing this we get the following:

Scrolling down we see:

Hmm… I think we found the flag! “Submit_me_for_I_am_the_flag”

Putting this string as the flag we have acquired 55 points!

## PicoCTF 2017 – Hash101

Another day, another challenge.

Today’s blog post will be solving the “Hash101” challenge from the PicoCTF.

Let’s get started.

Clicking on the challenge we see…

OK we need to hashes to claim our flag. Let’s see what the hints say.

Looking at the hints Google will be our friend đŸ™‚

Connecting to the server we see:

We need to convert the binary to ASCII text.

Doing a Google search of, “binary to ASCII text converter” search we get the following website.

Going there, we see:

Changing the binary to the binary in the challenge we get:

The text we’re looking for is “peace” entering this in we are now in the second level of the challenge.

We need to find the hex value of our word, peace. Going back to the link referenced above, we see that the hex is referenced.

Entering that we now need to enter the decimal equivalent. For this, going back to Google and entering “hex to decimal converter” we get the following link.

Entering the hex value we get the following decimal value.

Entering that into the challenge we get the following:

Going to the third level we see:

Remember from the first level of the challenge where we need to find the ASCII text?

Doing a Google search of, “ASCII table” we find the following link.

Opening the link we see the ASCII equivalent of the letters.

We need to find a string that when doing the modulo of base 16 we get a number of 10.

One might wonder… what is modulo?

The modulo is the remainder of a division equation.

We know that we are dividing by 16 and the modulo (remainder) needs to be 10.

One way to achieve this is to find any multiple of 16 and add 10.

Why multiple of 16? Doing a multiple of 16 if we did a modulo of that the modulo would be 0 (as there is no remainder).

Doing this I was able to do the following:

Entering 4, we had a module of 4 and not 10.

Entering the string of “:” we were able to complete the level. Why? “:” in ASCII is 58. How did we get 58? 16 * 3  = 48 + 10 = 58. We’re adding 10 because we know we need a remainder of 10.

Moving to level 4 we see:

Doing another Google search of, “MD5 decrypter” we get the following link.

Clicking the link and entering the md5 hash, we get the following:

Entering this the level we see:

Entering this flag into the input box we’ve acquired 50 points!

## PicoCTF 2017 – LeakedHashes

Another day, another challenge…

Today’s blog post we’re going to solve the “LeakedHashes” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge we see:

Clicking the hashdump.txt file we see:

Let’s see what the hints say.

OK. Let’s see if we can find a way to crack these passwords!

Doing a Google search for “online cracked hashes” we get the following link.

Trying the first hash of root we were not able to crack the password.

Using the second hash of christene, we get:

We were able to crack the password.

Let’s try to login in with christene.

Going back to the commnd line and using the nc command we get:

Scrolling down we see:

We found the flag, and acquired 90 points!!!

## PicoCTF 2017 – Mystery Box

Another day, another challenge.

In today’s blog post we will be solving the “Mystery Box” challenge from the PicoCTF.

Let’s get started.

Clicking on the challenge we see:

OK, we have a mystery machine, with a stick note, and a picture.

Clicking on the sticky note link we see:

OK… we have a note. This is going to be useful later.

Clicking on the picture link we see:

Going back to the challenge and click on the hints we see:

OK. The hints tell us that this box uses gear and it was used from the naval services. Also we have the name of Turing… let’s see what Google would provide us.

Doing a Google search of “Turing machine naval” we get the following link.

This link is the enigma machine emulator.

The enigma machine was used in WW2 (World War 2) to help crack secret messages from Nazi Germany.

The person who was responsible for this machine was Alan Turing. Alan Turing was the father of computer science. He was a computer scientist, mathematician, logician, etc. If you want to read more about his life, click here.

Going back to the enigma machine emulator we see:

Hmm… we see that the words are similar to are listed in the note.

Let’s use that to figure out what the enigma machine will return us.

After entering the information we get:

Hmm… The enigma machine returned – “quite puzzling indeed”.

Putting this in as the flag, we acquired 60 points!!

## PicoCTF 2017 â€“ Hex2Raw

Another day, another challenge…

Today’s challenge we will be solving the Hex2Raw challenge in the PicoCTF.

Let’s start.

Clicking on the challenge we see the following:

OK. With this challenge we see that we need to print unprintable characters from the following location.

Let’s see what the hints give us.

Clicking on the hints we see:

OK. We can see that Google has easy techniques to do this.

Let’s go to the command line and see what we can do.

After logging in and going to the directory we see the following:

Running the hex2raw application we see:

I pressed Ctrl + C to end the program.

OK. We are given raw input and we need to convert it to hexadecimal character.

Doing a Google search we noticed that we can use Python to get our desired output.

How would we do this?

With the decode function!

Explaining the screenshot below we’re invoking the python interpreter the -c designated that we’re using a command. We’re printing the raw form, and using the decode function designated that we wanted to decode with the hexadecimal system. We’re going to pipe the output to the hex2raw program.

Doing this we see the flag, and acquired 20 points!

## PicoCTF 2017 â€“ Just No

Another day, another challenge…

Today’s blog post we’re going to solve the “Just No” challenge in the PicoCTF challenge.

Let’s start.

OK… we have a program that has access to the flag, but refuse to give it to us.

Let’s look at the hints and see what we can do.

OK.. we need to look at the absolute and relative paths, and spoof the file that the program is looking for.

Let’s go to the program.

After clicking logging into the command line and navigating to the folder we see the following:

Opening the auth file with the cat command we see:

OK. The file only as no. Let’s see how this is being used.

Opening the justno.c file with the cat command we see:

Reading the file we see we’re opening the auth file and determining if the the auth file does not have the word “no”. If that’s true then we’re presented with the flag. If the auth file does contain the word “no” then we go inside the else block which print, “auth file says no. So no. Just… no.”

As we can see when we opened the auth file it currently has the word “no”. Which means if we executed the justno program right now we would go to the else block, and receive the no message.

Now is the time to utilize the hints. We need to spoof the auth file to be ANY word except for no. How are we going to do this?

Well the challenge told us to read the difference between absolute and relative paths. Once we figured that out, then we can create a new auth file and point it to the new location.

Let’s give it a shot.

Going back to the justno.c we see that the file open is using relative paths.

We can spoof the location by creating the file structure and then calling the justno.c program and printing the flag.

Let’s do it.

Looking at the screenshot you can see we created the same directory structure and created a new auth file that was listed in the justno.c program. Once we did that and called the justno program again we were able to get the flag and acquired 40 points!

## PicoCTF 2017 â€“ Bash Loop

Another day, another challenge…

Today’s blog post we will solve the “Bash Loop” challenge in the PicoCTF challenge.

Let’s start!

Clicking on the challenge we see:

OK… There’s a program we need to execute to find the hidden number. Let’s look at the hints to see what they give us.

OK… the hint tells us that we need to use Google to search for “bash loops”.

First let’s navigate to the folder of the program

Copying the location of the program, right clicking on the command line, selecting paste from browser, and pressing enter we have the following:

We see the bashloop program and the flag.

Executing the bashloop program we see the following:

Let’s do a quick Google search and look for bash loops

Going to the following link, and scrolling down to the for loop we see the following:

Let’s use this for our challenge.

Going back to the command line we enter the following:

Let’s break down the loop…

In the first line we are using a for loop and we’re looping over the range from 0 to 4096 as that is the range of numbers we need to guess over.

The next line we are invoking (calling) the program with the current number in the range (between 0 to 4096). From that we’re grepping (finding) the keyword of flag. The reason we’re doing that is to find the flag. Next line is specifying that we’re ending the loop.

Pressing enter we see that the flag is displayed to us.

Entering this into the input box we acquired 40 points!

## PicoCTF 2017 – WorldChat

Another day, another challenge…

In today’s blog post we will be solving the “WorldChat” challenge from the PicoCTF.

Let’s get started!

Going to the challenge we see:

OK so we need to find the flag inside of the WorldChat app. According to the description when connecting to this app there will be many people on the app besides us.

Let’s look at the hints to see if it will help us.

We need to us the nc command (we’ve used this in another challenge) and use the grep command to filter output.

Let’s try it.

Connecting to the server we see a bunch of chats from different people. I pressed Ctrl + C to stop it.

Let’s use the hints and use the grep command with the “|” (pipe) command.

Press Ctrl + C to end the chat.

I have only captured screenshots of output that has the flag. Entering the flag into the input box we acquired 30 points.

## PicoCTF 2017 – Leaf of the Tree

Another day, another challenge…

Today’s topic will show how to solve the Leaf of the Tree challenge from the PicoCTF.

Clicking on the challenge we see the following:

We need to find the flag, but it’s located in an annoying named directory. The challenge tells us that we should use the cat and ls commands.

Clicking the hints we see the following:

Nothing much here except that tab completion is our friend.

Going to the command line and navigating to the folder in the challenge we see:

Hmm… a trunk directory, let’s change our current directory (cd) to the trunk directory and list the contents.

Doing that we get:

Two more folders… let’s go to the trunkef96 directory and see what’s in that directory.

Another folder… trunk99e1, let’s see what’s in that directory.

Three more folders. Let’s look what’s inside of the trunk54f4 directory.

Going to trunk61be and looking at the contents in that folder we see:

Going to the trunk61be and looking at the contents in that folder we see:

Going to the trunk61be and looking at the contents in that folder we see:

Going to the trunk89be and looking at the contents in that folder we see:

Going to the trunk87bf and looking at the contents in that folder we see:

Going to the trunkb252 and looking at the contents in that folder we see:

OK – there’s the flag. Let’s use the cat command to open the file and see if the flag is there.

We found the flag, and acquired 30 points in the process!