capture the flag, hacking

PicoCTF 2017 – Hash101

Another day, another challenge.

Today’s blog post will be solving the “Hash101” challenge from the PicoCTF.

Let’s get started.

Clicking on the challenge we see…


OK we need to hashes to claim our flag. Let’s see what the hints say.


Looking at the hints Google will be our friend 🙂

Connecting to the server we see:


We need to convert the binary to ASCII text.

Doing a Google search of, “binary to ASCII text converter” search we get the following website.

Going there, we see:


Changing the binary to the binary in the challenge we get:


The text we’re looking for is “peace” entering this in we are now in the second level of the challenge.


We need to find the hex value of our word, peace. Going back to the link referenced above, we see that the hex is referenced.


Entering that we now need to enter the decimal equivalent. For this, going back to Google and entering “hex to decimal converter” we get the following link.

Clicking the link we see:


Entering the hex value we get the following decimal value.


Entering that into the challenge we get the following:


Going to the third level we see:


Reading the description one might ask, what are we looking for?

Remember from the first level of the challenge where we need to find the ASCII text?

Doing a Google search of, “ASCII table” we find the following link.

Opening the link we see the ASCII equivalent of the letters.

We need to find a string that when doing the modulo of base 16 we get a number of 10.

One might wonder… what is modulo?

The modulo is the remainder of a division equation.

We know that we are dividing by 16 and the modulo (remainder) needs to be 10.

One way to achieve this is to find any multiple of 16 and add 10.

Why multiple of 16? Doing a multiple of 16 if we did a modulo of that the modulo would be 0 (as there is no remainder).

Doing this I was able to do the following:


Entering 4, we had a module of 4 and not 10.

Entering the string of “:” we were able to complete the level. Why? “:” in ASCII is 58. How did we get 58? 16 * 3  = 48 + 10 = 58. We’re adding 10 because we know we need a remainder of 10.

Moving to level 4 we see:


Doing another Google search of, “MD5 decrypter” we get the following link.

Clicking the link and entering the md5 hash, we get the following:


Entering this the level we see:


Entering this flag into the input box we’ve acquired 50 points!

capture the flag, hacking

PicoCTF 2017 – LeakedHashes

Another day, another challenge…

Today’s blog post we’re going to solve the “LeakedHashes” challenge from PicoCTF.

Let’s get started.

Clicking on the challenge we see:


OK – we need to log into a service, but we do not know the password. We do have leaked hash passwords.

Clicking the hashdump.txt file we see:


Let’s see what the hints say.


OK. Let’s see if we can find a way to crack these passwords!

Doing a Google search for “online cracked hashes” we get the following link.

Trying the first hash of root we were not able to crack the password.

Using the second hash of christene, we get:


We were able to crack the password.

Let’s try to login in with christene.

Going back to the commnd line and using the nc command we get:


Scrolling down we see:

We found the flag, and acquired 90 points!!!

capture the flag, hacking, web application security

PicoCTF 2017 – Internet Kitties

Another day, another challenge…

Today’s blog post we will solve a problem in the PicoCTF challenge.

Let’s start!

After logging into the CTF, and clicking on the “Internet Kitties” challenge we’re presented with the following:


Reading the description, really doesn’t give a lot of clues. Clicking on the hints tab we see:


OK, so we need to use the netcat command. On the right side of the panel we’re presented with a command prompt. After logging in we have the following:


Executing the help command (nc -h) in the command prompt we see:

The first line we see is how to connect to a server. Maybe we can use this to solve the challenge?

Looking at the challenge again we have the host name and port.

Let’s try it and see what we get:


We found the flag! Entering the flag we scored 10 points!