Diving into picoCTF: part 2

In which I continue through the General Skills section of picoCTF

Static isn’t always noise

The challenge begins with the text “Can you look at the data in this binary: static? This BASH script might help!” and a link to the two files: a binary file titled static and a bash script titled ltdis.sh.

Rushing into it

Straight up executing the static binary we get the output Oh hai! Wait what? A flag? Yes, it's around here somewhere!, given it seems to be a pre-made response, maybe there’s some other string inside the file? Running the binary through the strings program as strings static reveals the flag, right under the output string!

Leftovers

This, of course, was slightly underwhelming given we didn’t get to use the provided bash script, so maybe let’s give that a go…

Executing the bash file returns

Attempting disassembly of  ...
objdump: 'a.out': No such file
objdump: section '.text' mentioned in a -j option, but not found in any input file
Disassembly failed!
Usage: ltdis.sh <program-file>
Bye!

revealing the script will attempt a disassembly of the target binary. Executing as ./ltdis.sh static gives us

Attempting disassembly of static ...
Disassembly successful! Available at: static.ltdis.x86_64.txt
Ripping strings from binary with file offsets...
Any strings found in static have been written to static.ltdis.strings.txt with file offset

so we get a diassembly of the program on static.ltdis.x86_64.txt and the output of putting the program through strings as we did earlier on static.ltdis.strings.txt. Case closed!

Magikarp Ground Mission

Another simple challenge, consisting of booting up an instance and sshing into it, then looking around the filesystem for pieces of the flag.

The heat trilogy: Let’s warm up, Warmed up and 2Warm

These challenges consisted of shifting values from hex to decimal, binary and ASCII, decent for getting the hang of what each looks like (plus you can do the binary with your fingers).

Strings it

Another binary file, calling strings on it returns a ridiculous number of lines, which gets trumped by piping the output to grep like strings strings | grep picoCTF.

I can fix them: fixme1.py and fixme2.py

These two consisted of downloading python files and fixing the syntax error within, first one had extra whitespace (which invokes a syntax error in python) and the second used = for a comparison instead of ==.

Glitched Cat

We are instructed to nc into an address, but are warned that the flag-printing service is glitched, returning 'picoCTF{gl17ch_m3_n07_' + chr(0x61) + chr(0x34) + chr(0x33) + chr(0x39) + chr(0x32) + chr(0x64) + chr(0x32) + chr(0x65) + '}'.

Recognizing the chr() function, we print the output through python by python3 -c "print('picoCTF{gl17ch_m3_n07_' + chr(0x61) + chr(0x34) + chr(0x33) + chr(0x39) + chr(0x32) + chr(0x64) + chr(0x32) + chr(0x65) + '}')" and obtain our flag.