Category Archive

picoCTF-2019

shark on wire 2

Problem: We found this packet capture. Recover the flag that was pilfered from the network. You can also find the file in /problems/shark-on-wire-2_0_3e92bfbdb2f6d0e25b8d019453fdbf07.

practice-run-1

Problem: You’re going to need to know how to run programs if you’re going to get out of here. Navigate to /problems/practice-run-1_0_62b61488e896645ebff9b6c97d0e775e on the shell server and run this program to receive a flag.

like1000

Problem: This .tar file got tarred alot. Also available at /problems/like1000_0_369bbdba2af17750ddf10cc415672f1c.

JaWT Scratchpad

Problem: Check the admin scratchpad! https://2019shell1.picoctf.com/problem/21893/ or http://2019shell1.picoctf.com:21893

WhitePages

Problem: I stopped using YellowPages and moved onto WhitePages… but the page they gave me is all blank!

c0rrupt

Problem: We found this file. Recover the flag. You can also find the file in /problems/c0rrupt_0_1fcad1344c25a122a00721e4af86de13.

where are the robots

Problem: Can you find the robots? https://2019shell1.picoctf.com/problem/45102/ (link) or http://2019shell1.picoctf.com:45102

What Lies Within

Problem: Theres something in the building. Can you retrieve the flag?

unzip

Problem: Can you unzip this file and get the flag?

So Meta

Problem: Find the flag in this picture. You can also find the file in /problems/so-meta_1_ab9d99603935344b81d7f07973e70155.

shark on wire 1

Problem: We found this packet capture. Recover the flag. You can also find the file in /problems/shark-on-wire-1_0_13d709ec13952807e477ba1b5404e620.

picobrowser

Problem: This website can be rendered only by picobrowser, go and catch the flag! https://2019shell1.picoctf.com/problem/21851/ (link) or http://2019shell1.picoctf.com:21851

Open-to-admins

Problem: This secure website allows users to access the flag only if they are admin and if the time is exactly 1400. https://2019shell1.picoctf.com/problem/47265/ (link) or http://2019shell1.picoctf.com:47265

logon

Problem: The factory is hiding things from all of its users. Can you login as logon and find what they’ve been looking at? https://2019shell1.picoctf.com/problem/47307/ (link) or http://2019shell1.picoctf.com:47307

extensions

Problem: This is a really weird text file TXT? Can you find the flag?

dont-use-client-side

Problem: Can you break into this super secure portal? https://2019shell1.picoctf.com/problem/45147/ (link) or http://2019shell1.picoctf.com:45147

Client-side-again

Problem: Can you break into this super secure portal? https://2019shell1.picoctf.com/problem/21886/ (link) or http://2019shell1.picoctf.com:21886

waves over lambda

Problem: We made alot of substitutions to encrypt this. Can you decrypt it? Connect with nc 2019shell1.picoctf.com 45185.

vault-door-training

Problem: Your mission is to enter Dr. Evil’s laboratory and retrieve the blueprints for his Doomsday Project. The laboratory is protected by a series of locked vault doors. Each door is controlled by a computer and requires a password to open. Unfortunately, our undercover agents have not been able to obtain the secret passwords for the vault doors, but one of our junior agents obtained the source code for each vault’s computer! You will need to read the source code for each level to figure out what the password is for that vault door. As a warmup, we have created a replica vault in our training facility. The source code for the training vault is here: VaultDoorTraining.java

vault-door-8

Problem: Apparently Dr. Evil’s minions knew that our agency was making copies of their source code, because they intentionally sabotaged this source code in order to make it harder for our agents to analyze and crack into! The result is a quite mess, but I trust that my best special agent will find a way to solve it. The source code for this vault is here: VaultDoor8.java

vault-door-7

Problem: This vault uses bit shifts to convert a password string into an array of integers. Hurry, agent, we are running out of time to stop Dr. Evil’s nefarious plans! The source code for this vault is here: VaultDoor7.java

vault-door-6

Problem: This vault uses an XOR encryption scheme. The source code for this vault is here: VaultDoor6.java

vault-door-5

Problem: In the last challenge, you mastered octal (base 8), decimal (base 10), and hexadecimal (base 16) numbers, but this vault door uses a different change of base as well as URL encoding! The source code for this vault is here: VaultDoor5.java

vault-door-4

Problem: This vault uses ASCII encoding for the password. The source code for this vault is here: VaultDoor4.java

vault-door-3

Problem: This vault uses for-loops and byte arrays. The source code for this vault is here: VaultDoor3.java

vault-door-1

Problem: This vault uses some complicated arrays! I hope you can make sense of it, special agent. The source code for this vault is here: VaultDoor1.java

Tapping

Problem: Theres tapping coming in from the wires. What’s it saying nc 2019shell1.picoctf.com 12285.

rsa-pop-quiz

Problem: Class, take your seats! It’s PRIME-time for a quiz… nc 2019shell1.picoctf.com 48028

Mr-Worldwide

Problem: A musician left us a message. What’s it mean?

miniRSA

Problem: Lets decrypt this: ciphertext? Something seems a bit small

la cifra de

Problem: I found this cipher in an old book. Can you figure out what it says? Connect with nc 2019shell1.picoctf.com 32203.

Flags

Problem: What do the flags mean?

Easy1

Problem: The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We’ve given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPTO. Can you use this table to solve it?.

caesar

Problem: Decrypt this message. You can find the ciphertext in /problems/caesar_1_4c9d445f770c71bd84ab0d822197a005 on the shell server.

b00tl3gRSA2

Problem: In RSA d is alot bigger than e, why dont we use d to encrypt instead of e? Connect with nc 2019shell1.picoctf.com 25894.

asm1

Problem: What does asm1(0x610) return? Submit the flag as a hexadecimal value (starting with ‘0x’). NOTE: Your submission for this question will NOT be in the normal flag format. Source located in the directory at /problems/asm1_1_95494d904d73b330976420bc1cd763ec.

13

Problem: Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg_gbb_onq_bs_n_ceboyrz}

where-is-the-file

Problem: I’ve used a super secret mind trick to hide this file. Maybe something lies in /problems/where-is-the-file_6_8eae99761e71a8a21d3b82ac6cf2a7d0.

whats-the-difference

Problem: Can you spot the difference? kitters cattos. They are also available at /problems/whats-the-difference_0_00862749a2aeb45993f36cc9cf98a47a on the shell server

what’s a net cat?

Problem: Using netcat (nc) is going to be pretty important. Can you connect to 2019shell1.picoctf.com at port 47229 to get the flag?

Warmed Up

Problem: What is 0x3D (base 16) in decimal (base 10).

The Numbers

Problem: The numbers… what do they mean?

strings it

Problem: Can you find the flag in file without running it? You can also find the file in /problems/strings-it_3_8386a6aa560aecfba03c0c6a550b5c51 on the shell server.

Resources

Problem: We put together a bunch of resources to help you out on our website! If you go over there, you might even find a flag! https://picoctf.com/resources (link)

plumbing

Problem: Sometimes you need to handle process data outside of a file. Can you find a way to keep the output from this program and search for the flag? Connect to 2019shell1.picoctf.com 13203.

mus1c

Problem: I wrote you a song. Put it in the picoCTF{} flag format

Lets Warm Up

Problem: If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?

Insp3ct0r

Problem: Kishor Balan tipped us off that the following code may need inspection: https://2019shell1.picoctf.com/problem/28717/ (link) or http://2019shell1.picoctf.com:28717

Glory of the Garden

Problem: This garden contains more than it seems. You can also find the file in /problems/glory-of-the-garden_0_25ece79ae00914856938a4b19d0e31af on the shell server.

flag_shop

Problem: There’s a flag shop selling stuff, can you buy a flag? Source. Connect with nc 2019shell1.picoctf.com 3967.

First Grep

Problem: Can you find the flag in file? This would be really tedious to look through manually, something tells me there is a better way. You can also find the file in /problems/first-grep_5_452e1c1630eb14b6753e9a155c3ae588 on the shell server.

First Grep: Part II

Problem: Can you find the flag in /problems/first-grep–part-ii_6_84224d7d745e41d24bde7e7bc7062bbe/files on the shell server? Remember to use grep.

Bases

Problem: What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases.

Based

Problem: To get truly 1337, you must understand different data encodings, such as hexadecimal or binary. Can you get the flag from this program to prove you are on the way to becoming 1337? Connect with nc 2019shell1.picoctf.com 44303.

2Warm

Problem: Can you convert the number 42 (base 10) to binary (base 2)?

1_wanna_b3_a_r0ck5tar

Problem: I wrote you another song. Put the flag in the picoCTF{} flag format

Back to Top ↑

CTFlearn

Wikipedia

Not much to go off here, but it’s all you need: Wikipedia and 128.125.52.138.

Tux!

The flag is hidden inside the Penguin! Solve this challenge before solving my 100 point Scope challenge which uses similar techniques as this one.

Time Traveller

Let’s take a trip to nasa.gov on December 31, 1996. If you can tell me what email NASA listed on their website, I’ll provide you with 10 points. Format: CTFlearn{email}

Snowboard

Find the flag in the jpeg file. Good Luck!

Simple Steganography

Think the flag is somewhere in there. Would you help me find it? hint-“ Steghide Might be Helpfull”

Rubber Duck

Find the flag! Simple forensics challenge to get started with.

QR Code

Do you remember something known as QR Code? Simple. Here for you : https://mega.nz/#!eGYlFa5Z!8mbiqg3kosk93qJCP-DBxIilHH2rf7iIVY-kpwyrx-0

Practice Flag

This is what a challenge on CTFlearn looks like. Each challenge has a flag, which is the key to solving it.

PikesPeak

Pay attention to those strings!

Pho Is Tasty!

The flag is hidden in the jpeg file. Good Luck! Have some Pho! Solve this challenge before solving my Scope challenge for 100 points.

File: THE_FILE

Solution:

Tried exiftool, strings, binwalk

bless Pho.jpg

43 04 15 54 02 06 46 14 0D 6C 16 0E 65 06 19 61 17 1F 72 1B 18 6E 01 0C 7B 04 07 49 0F 03 5F 02 0E 4C 16 18 6F 1F 04 76 19 0C 65 1F 06 5F 18 01 50 11 10 68 13 14 6F 1A 02 21 04 02 21 13 14 21 0B 14 7D

or

CTF learn {I_Lov e_Pho!!! }

Remove everything but the letters.

Flag: CTFlearn{I_Love_Pho!!!}

PDF by fdpumyp

Hi, just as we talked during a break, you have this file here and check if something is wrong with it. That’s the only thing we found strange with this suspect, I hope there will be a password for his external drive

Minions

Hey! Minions have stolen my flag, encoded it few times in one cipher, and then hidden it somewhere there: https://mega.nz/file/1UBViYgD#kjKISs9pUB4E-1d79166FeX3TiY5VQcHJ_GrcMbaLhg Can you help me? TIP: Decode the flag until you got a sentence.

I’m a dump

The keyword is hexadecimal, and removing an useless H.E.H.U.H.E. from the flag. The flag is in the format CTFlearn{*}

Git Is Good

The flag used to be there. But then I redacted it. Good Luck. https://mega.nz/#!3CwDFZpJ!Jjr55hfJQJ5-jspnyrnVtqBkMHGJrd6Nn_QqM7iXEuc

GandalfTheWise

Extract the flag from the Gandalf.jpg file. You may need to write a quick script to solve this.

Exif

If only the password were in the image?

Chalkboard

Solve the equations embedded in the jpeg to find the flag. Solve this problem before solving my Scope challenge which is worth 100 points.

Blank Page

I’ve just graduated the Super Agent School. This is my first day as a spy. The Master-Mind sent me the secret message, but I don’t remember how to read this. Help!

abandoned place

the flag is outside of the pic, try to find it. another hint: dimensions, dimensions, everything is in dimensions.

Vigenere Cipher

The vignere cipher is a method of encrypting alphabetic text by using a series of interwoven Caesar ciphers based on the letters of a keyword.

Suspecious message

Hello! My friend Fari send me this suspecious message: ‘MQDzqdor{Ix4Oa41W_1F_B00h_m1YlqPpPP}’ and photo.png. Help me decrypt this!

Reverse Polarity

I got a new hard drive just to hold my flag, but I’m afraid that it rotted. What do I do? The only thing I could get off of it was this: 01000011010101000100011001111011010000100110100101110100010111110100011001101100011010010111000001110000011010010110111001111101

Morse Code

..-. .-.. .- –. … .- – ..- . .-.. – — .-. … . .. … -.-. — — .-.. -… -.– - …. . .– .- -.– .. .-.. .. -.- . -.-. …. . . …

Modern Gaius Julius Caesar

One of the easiest and earliest known ciphers but with XXI century twist! Nobody uses Alphabet nowadays right? Why should you when you have your keyboard?

HyperStream Test #2

I love the smell of bacon in the morning! ABAAAABABAABBABBAABBAABAAAAAABAAAAAAAABAABBABABBAAAAABBABBABABBAABAABABABBAABBABBAABB

Hextroadinary

Meet ROXy, a coder obsessed with being exclusively the worlds best hacker. She specializes in short cryptic hard to decipher secret codes. The below hex values for example, she did something with them to generate a secret code, can you figure out what? Your answer should start with 0x.

Character Encoding

In the computing industry, standards are established to facilitate information interchanges among American coders. Unfortunately, I’ve made communication a little bit more difficult. Can you figure this one out? 41 42 43 54 46 7B 34 35 43 31 31 5F 31 35 5F 55 35 33 46 55 4C 7D

BruXOR

There is a technique called bruteforce. Message: q{vpln’bH_varHuebcrqxetrHOXEj No key! Just brute .. brute .. brute … :D

Base 2 2 the 6

There are so many different ways of encoding and decoding information nowadays… One of them will work! Q1RGe0ZsYWdneVdhZ2d5UmFnZ3l9

WOW…. So Meta

This photo was taken by our target. See what you can find out about him from it. https://mega.nz/#!ifA2QAwQ!WF-S-MtWHugj8lx1QanGG7V91R-S1ng7dDRSV25iFbk

Taking LS

Just take the Ls. Check out this zip file and I be the flag will remain hidden. https://mega.nz/#!mCgBjZgB!_FtmAm8s_mpsHr7KWv8GYUzhbThNn0I8cHMBi4fJQp8

Forensics 101

Think the flag is somewhere in there. Would you help me find it? https://mega.nz/#!OHohCbTa!wbg60PARf4u6E6juuvK9-aDRe_bgEL937VO01EImM7c

Binwalk

Here is a file with another file hidden inside it. Can you extract it? https://mega.nz/#!qbpUTYiK!-deNdQJxsQS8bTSMxeUOtpEclCI-zpK7tbJiKV0tXYY

POST Practice

This website requires authentication, via POST. However, it seems as if someone has defaced our site. Maybe there is still some way to authenticate? http://165.227.106.113/post.php

My Blog

Hi, I’m Noxtal! I have hidden a flag somewhere in my Cyberworld (AKA blog)… you may find a good application for your memory. ;)

Gobustme 👻

Some ghosts made this site 👻, it’s a little spooky but theres a bunch of stuff hidden around.

Basic Injection

See if you can leak the whole database using what you know about SQL Injections. link

Back to Top ↑

picoCTF-2018

Reversing Warmup 1

Problem: Throughout your journey you will have to run many programs. Can you navigate to /problems/reversing-warmup-1_0_f99f89de33522c93964bdec49fb2b838 on the shell server and run this program to retreive the flag?

assembly-0

Problem: What does asm0(0xaa,0xf2) return? Submit the flag as a hexadecimal value (starting with ‘0x’). NOTE: Your submission for this question will NOT be in the normal flag format. Source located in the directory at /problems/assembly-0_2_485b2d48345b19addbeb06a36aabdc74.

you can’t see me

Problem: ‘…reading transmission… Y.O.U. .C.A.N.’.T. .S.E.E. .M.E. …transmission ended…’ Maybe something lies in /problems/you-can-t-see-me_4_8bd1412e56df49a3c3757ebeb7ead77f.

Aca-Shell-A

Problem: It’s never a bad idea to brush up on those linux skills or even learn some new ones before you set off on this adventure! Connect with nc 2018shell.picoctf.com 58422.

what base is this?

Problem: To be successful on your mission, you must be able read data represented in different ways, such as hexadecimal or binary. Can you get the flag from this program to prove you are ready? Connect with nc 2018shell.picoctf.com 1225.

strings

Problem: Can you find the flag in this file without actually running it? You can also find the file in /problems/strings_2_b7404a3aee308619cb2ba79677989960 on the shell server.

Reversing Warmup 2

Problem: Can you decode the following string dGg0dF93NHNfczFtcEwz from base64 format to ASCII?

pipe

Problem: During your adventure, you will likely encounter a situation where you need to process data that you receive over the network rather than through a file. Can you find a way to save the output from this program and search for the flag? Connect with 2018shell.picoctf.com 2015.

net cat

Problem: Using netcat (nc) will be a necessity throughout your adventure. Can you connect to 2018shell.picoctf.com at port 49387 to get the flag?

hertz

Problem: Here’s another simple cipher for you where we made a bunch of substitutions. Can you decrypt it? Connect with nc 2018shell.picoctf.com 43324.

grep 2

Problem: This one is a little bit harder. Can you find the flag in /problems/grep-2_3_826f886f547acb8a9c3fccb030e8168d/files on the shell server? Remember, grep is your friend.

grep 1

Problem: Can you find the flag in file? This would be really obnoxious to look through by hand, see if you can find a faster way. You can also find the file in /problems/grep-1_4_0431431e36a950543a85426d0299343e on the shell server.

caesar cipher 1

Problem: This is one of the older ciphers in the books, can you decrypt the message? You can find the ciphertext in /problems/caesar-cipher-1_2_73ab1c3e92ea50396ad143ca48039b86 on the shell server.

General Warmup 3

Problem: What is 0x3D (base 16) in decimal (base 10).

General Warmup 2

Problem: Can you convert the number 27 (base 10) to binary (base 2)?

General Warmup 1

Problem: If I told you your grade was 0x41 in hexadecimal, what would it be in ASCII?

Forensics Warmup 2

Problem: Hmm for some reason I can’t open this PNG? Any ideas?

Crypto Warmup 2

Problem: Cryptography doesn’t have to be complicated, have you ever heard of something called rot13? cvpbPGS{guvf_vf_pelcgb!}

Crypto Warmup 1

Problem: Crpyto can often be done by hand, here’s a message you got from a friend, llkjmlmpadkkc with the key of thisisalilkey. Can you use this table to solve it?.

Forensics Warmup 1

Problem: Can you unzip this file for me and retreive the flag?

Back to Top ↑

picoCTF-2021

It is my Birthday

Problem: I sent out 2 invitations to all of my friends for my birthday! I’ll know if they get stolen because the two invites look similar, and they even have the same md5 hash, but they are slightly different! You wouldn’t believe how long it took me to find a collision. Anyway, see if you’re invited by submitting 2 PDFs to my website. http://mercury.picoctf.net:63578/

GET aHEAD

Problem: Find the flag being held on this server to get ahead of the competition http://mercury.picoctf.net:45028/

Milkslap

Problem: 🥛 (http://mercury.picoctf.net:48380/)

Who are you?

Problem: Let me in. Let me iiiiiiinnnnnnnnnnnnnnnnnnnn http://mercury.picoctf.net:36622/

Scavenger Hunt

Problem: There is some interesting information hidden around this site http://mercury.picoctf.net:5080/. Can you find it?

Matryoshka doll

Problem: Matryoshka dolls are a set of wooden dolls of decreasing size placed one inside another. What’s the final one? Image: this

information

Problem: Files can always be changed in a secret way. Can you find the flag? cat.jpg

Cookies

Problem: Who doesn’t love cookies? Try to figure out the best one. http://mercury.picoctf.net:54219/

Wave a flag

Problem: Can you invoke help flags for a tool or binary? This program has extraordinarily helpful information…

Tab, Tab, Attack

Problem: Using tabcomplete in the Terminal will add years to your life, esp. when dealing with long rambling directory structures and filenames: Addadshashanammu.zip

Python Wrangling

Problem: Python scripts are invoked kind of like programs in the Terminal… Can you run this Python script using this password to get the flag?

Obedient Cat

Problem: This file has a flag in plain sight (aka “in-the-clear”). Download flag.

Nice netcat…

Problem: There is a nice program that you can talk to by using this command in a shell: $ nc mercury.picoctf.net 7449, but it doesn’t speak English…

Mod 26

Problem: Cryptography can be easy, do you know what ROT13 is? cvpbPGS{arkg_gvzr_V'yy_gel_2_ebhaqf_bs_ebg13_jdJBFOXJ}

Magikarp Ground Mission

Problem: Do you know how to move between directories and read files in the shell? Start the container, ssh to it, and then ls once connected to begin. Login via ssh as ctf-player with the password, ee388b88

Easy Peasy

Problem: A one-time pad is unbreakable, but can you manage to recover the flag? (Wrap with picoCTF{}) nc mercury.picoctf.net 41934 otp.py

Back to Top ↑

CRYPTOHACK

XOR Starter

XOR is a bitwise operator which returns 0 if the bits are the same, and 1 otherwise. In textbooks the XOR operator is denoted by ⊕, but in most challenges and programming languages you will see the caret ^ used instead.

XOR Properties

In the last challenge, you saw how XOR worked at the level of bits. In this one, we’re going to cover the properties of the XOR operation and then use them to undo a chain of operations that have encrypted a flag. Gaining an intuition for how this works will help greatly when you come to attacking real cryptosystems later, especially in the block ciphers category.

Network Attacks

Several of the challenges are dynamic and require you to talk to our challenge servers over the network. This allows you to perform man-in-the-middle attacks on people trying to communicate, or directly attack a vulnerable service. To keep things consistent, our interactive servers always send and receive JSON objects.

Hex

When we encrypt something the resulting ciphertext commonly has bytes which are not printable ASCII characters. If we want to share our encrypted data, it’s common to encode it into something more user-friendly and portable across different systems.

Great Snakes

Modern cryptography involves code, and code involves coding. CryptoHack provides a good opportunity to sharpen your skills.

Finding Flags

Each challenge is designed to help introduce you to a new piece of cryptography. Solving a challenge will require you to find a “flag”.

Encoding Challenge

Now you’ve got the hang of the various encodings you’ll be encountering, let’s have a look at automating it.

Bytes and Big Integers

Cryptosystems like RSA works on numbers, but messages are made up of characters. How should we convert our messages into numbers so that mathematical operations can be applied?

Base64

Another common encoding scheme is Base64, which allows us to represent binary data as an ASCII string using 64 characters. One character of a Base64 string encodes 6 bits, and so 4 characters of Base64 encodes three 8-bit bytes.

ASCII

ASCII is a 7-bit encoding standard which allows the representation of text using the integers 0-127.

Back to Top ↑

Root Me

HTML - disabled buttons

Statement: This form is disabled and can not be used. It’s up to you to find a way to use it.

Back to Top ↑

CyberForce

CyberForce 2021 - Securely Provision

Securely Provision

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021

CyberForce 2021 - Protect and Defend

Protect and Defend

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021

CyberForce 2021 - Oversee and Govern

Oversee and Govern

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021

CyberForce 2021 - Operate and Maintain

Operate and Maintain

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021. I was busy and didn’t have the time to focus on this category.

CyberForce 2021 - Investigate

Investigate

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021

CyberForce 2021 - Collect and Operate

Collect and Operate

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021

CyberForce 2021 - Analyze

Analyze

One of the categories in the Department of Energy’s CyberForce Program - Conquer the Hill: Adventurer Edition 2021

Back to Top ↑

RingZer0-CTF

Back to Top ↑

picoMini by redpwn

login

Problem: My dog-sitter’s brother made this website but I can’t get in; can you help?

Back to Top ↑