What is picoCTF? (from official website)
picoCTF is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts at Carnegie Mellon University.
The following are my writeups on the first few “General Skills” challenges.
Obedient Cat
A simple challenge worth 5 points, the user downloads a flag
file which contains the flag in cleartext,
all just a cat flag
away.
Python Wrangling
The user is given the following list of files:
ende.py
pw.txt
flag.txt.en
Cold-calling the python file reveals the use to be -d | -e [file]
, attempting to (assumedly) decrypt the
flag file displays Enter the password:
. This suggests the user to try cat pw.txt | python3 ende.py -d flag.txt.en
which reveals the flag.
Wave a flag
The user is given a file titled warm
and told to invoke help flags. A first execution with no flags returns
Hello user! Pass me a -h to learn what I can do!
. Obeying the program and retrying with -h
returns
Oh, help? I actually don't do much, but I do have this flag here: {flag}
.
Nice netcat…
User is told to nc mercury.picoctf.net 43239
, but is warned that “it doesn’t speak English…”.
Upon executing the netcat command, the user is returned a series of numbers, whether they untuit it or pick up from the
hints (like I did) that it’s a series of ASCII values, running the values through awk '{ printf("%c", $0); }'
will return
the excercise flag.