-
picoGym | Disk, disk, sleuth! II Write-up
Challenge description All we know is the file with the flag is named down-at-the-bottom.txt … Disk image: dds2-alpine.flag.img.gz Category: Forensics Solution First, let’s examine the file presented to us by the challenge using the file command. Decompressing the archive with the command gzip -d results in the disk image file dds2-alpine.flag.img. Next, I used the…
-
picoGym – caas challenge Write-up:
Challenge description “Now presenting cowsay as a service” Category: Web Exploitation Link. Link to included file: index.js Solution After downloading the index.js file, this snippet of code stood out It seems like the webapp is executing cowsay straight from the commandline, from the path /usr/games/cowsay. My first thought is to try to pipe the result…
-
Beginner picoMini 2022 Write-up
I have always been a fan of puzzles, especially so if they are technical. I have fond memories of finding different messages encoded into image files, decoding various ciphers, and researching obscure fandoms to find clues. Imagine my delight when I found out about CTF competitions, something that perfectly married my love for computers, puzzles,…