Today’s blog post we will solving the “Special Agent User” challenge in the PicoCTF.

Let’s get started.

Clicking on the challenge we see:

We have another pcap (packet capture file) and we need to find the User Agent. OK. Sounds plausible. Let’s look at the hints.

There’s a link that discuss more about user-agents. Let’s go to that link.

Opening that link we see the following:

The web page explains the different components of the User-String. This will be useful.

Opening the packet capture file we notice the usual stuff UDP, and ICMP packets. And like with the first “Digital Camouflage” challenge we can ignore this.

User-Agent strings are found in HTTP requests. We need to look at packet captures for just HTTP requests.

Doing this we see a packet that’s piqued our interest…

On packet 80 (GET / HTTP/1.1) we’ll do a right click, Follow, HTTP stream.

Doing this we have the following:

Looking at the last entry in the user agent, we can see that the packet is using Firefox 25. Entering that as the flag, we’ve acquired 50 points!

Today’s blog post is solving the, “Meta Find Me” challenge within PicoCTF.

Let’s get started.

Clicking on the challenge we see:

OK, we need to find meta data inside of an image. Let’s see what the hints give us.

We need to answer the question of how location is stored in imaged. Look like Google will once again be our friend 🙂

After downloading the image, and doing a Google search of, “GPS info on photos” we’re presented with the following link.

Reading the link (which is from How-To-Geek) we learn that if we look at the properties of a image it will give the GPS coordinates.

OK, that’s a start.

While continuing reading the article we notice that with these type of images there’s an embedded EXIF data in the image.

Let’s try a Google search of “EXIF GPS decrypter” and see if we can view the embedded EXIF data for our image.

Doing that Google search we’re presented with the following link.

Going to that link, and uploading our image and click the “view EXIF” button we’re presented with the following:

Looking at the comment we see that part of the flag is present, we need to find the latitude and longitude. Luckily that’s presented above the comment.

Today’s blog post will be solving the “Hash101” challenge from the PicoCTF.

Let’s get started.

Clicking on the challenge we see…

OK we need to hashes to claim our flag. Let’s see what the hints say.

Looking at the hints Google will be our friend 🙂

Connecting to the server we see:

We need to convert the binary to ASCII text.

Doing a Google search of, “binary to ASCII text converter” search we get the following website.

Going there, we see:

Changing the binary to the binary in the challenge we get:

The text we’re looking for is “peace” entering this in we are now in the second level of the challenge.

We need to find the hex value of our word, peace. Going back to the link referenced above, we see that the hex is referenced.

Entering that we now need to enter the decimal equivalent. For this, going back to Google and entering “hex to decimal converter” we get the following link.

Clicking the link we see:

Entering the hex value we get the following decimal value.

Entering that into the challenge we get the following:

Going to the third level we see:

Reading the description one might ask, what are we looking for?

Remember from the first level of the challenge where we need to find the ASCII text?

Doing a Google search of, “ASCII table” we find the following link.

Opening the link we see the ASCII equivalent of the letters.

We need to find a string that when doing the modulo of base 16 we get a number of 10.

One might wonder… what is modulo?

The modulo is the remainder of a division equation.

We know that we are dividing by 16 and the modulo (remainder) needs to be 10.

One way to achieve this is to find any multiple of 16 and add 10.

Why multiple of 16? Doing a multiple of 16 if we did a modulo of that the modulo would be 0 (as there is no remainder).

Doing this I was able to do the following:

Entering 4, we had a module of 4 and not 10.

Entering the string of “:” we were able to complete the level. Why? “:” in ASCII is 58. How did we get 58? 16 * 3 = 48 + 10 = 58. We’re adding 10 because we know we need a remainder of 10.

Moving to level 4 we see:

Doing another Google search of, “MD5 decrypter” we get the following link.

Clicking the link and entering the md5 hash, we get the following:

Entering this the level we see:

Entering this flag into the input box we’ve acquired 50 points!

In today’s blog post we will be solving the “Mystery Box” challenge from the PicoCTF.

Let’s get started.

Clicking on the challenge we see:

OK, we have a mystery machine, with a stick note, and a picture.

Clicking on the sticky note link we see:

OK… we have a note. This is going to be useful later.

Clicking on the picture link we see:

Going back to the challenge and click on the hints we see:

OK. The hints tell us that this box uses gear and it was used from the naval services. Also we have the name of Turing… let’s see what Google would provide us.

Doing a Google search of “Turing machine naval” we get the following link.

This link is the enigma machine emulator.

The enigma machine was used in WW2 (World War 2) to help crack secret messages from Nazi Germany.

The person who was responsible for this machine was Alan Turing. Alan Turing was the father of computer science. He was a computer scientist, mathematician, logician, etc. If you want to read more about his life, click here.

Going back to the enigma machine emulator we see:

Hmm… we see that the words are similar to are listed in the note.

Let’s use that to figure out what the enigma machine will return us.

After entering the information we get:

Hmm… The enigma machine returned – “quite puzzling indeed”.

Putting this in as the flag, we acquired 60 points!!

Today’s challenge we will be solving the Hex2Raw challenge in the PicoCTF.

Let’s start.

Clicking on the challenge we see the following:

OK. With this challenge we see that we need to print unprintable characters from the following location.

Let’s see what the hints give us.

Clicking on the hints we see:

OK. We can see that Google has easy techniques to do this.

Let’s go to the command line and see what we can do.

After logging in and going to the directory we see the following:

Running the hex2raw application we see:

I pressed Ctrl + C to end the program.

OK. We are given raw input and we need to convert it to hexadecimal character.

Doing a Google search we noticed that we can use Python to get our desired output.

How would we do this?

With the decode function!

Explaining the screenshot below we’re invoking the python interpreter the -c designated that we’re using a command. We’re printing the raw form, and using the decode function designated that we wanted to decode with the hexadecimal system. We’re going to pipe the output to the hex2raw program.

Doing this we see the flag, and acquired 20 points!