Category: picoCTF 2022
-
picoCTF 2022 | Operation Orchid Write-up
Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download compressed disk image Category: Forensics Following the same steps as from the previous challenge of this type, Operation Oni, I extracted the disk image. First, I tried…
-
picoCTF 2022 | unpackme Write-up
Can you get the flag? Reverse engineer this binary. Category: Reverse Engineering First, from reading the hint, I tried to look up UPX => it’s an executable packer. Understanding what this is is not entirely needed to overcome the challenge, the important thing is I’ll have to install upx to unpack the provided executable. After…
-
picoCTF 2022 | St3g0 Write-up
Download this image and find the flag. Download image Category: Forensics I ran through my list of steganography tools, most of which can be found here. Nothing seemed to work until I got to zsteg:
-
picoCTF 2022 | SQLiLite Write-up
Can you login to this website? Category: Web Exploitation An unexpectedly fast challenge for me, which was admittedly rather anti-climatic. Regardless, we begin the challenge by launching the instance and visiting the website. We are presented with a login form. The challenge’s hint says that we want to be logged in as admin. That leaves…
-
picoCTF 2022 | Operation Oni Write-up
Note: you must launch a challenge instance in order to view your disk image download link. Download this disk image, find the key and log into the remote machine. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Category: Forensics To start, click the “Launch…
-
picoCTF 2022 | Eavesdrop Write-up
Download this packet capture and find the flag. Download packet capture Category: Forensics Another challenge requiring us to analyze captured network packets. Let’s fire up wireshark. Combing through the captured traffic, I found the first important clue Let’s keep looking. At first, I tried to copy the text, which is the transferred file’s content, but…
-
picoCTF 2022 | Bbbbloat Write-up
Can you get the flag? Reverse engineer this binary. Category: Reverse Engineering To solve this challenge, I used ghidra, a popular tool for reverse-engineering. I opened up a new project, imported the provided executable, and started looking for the main function. Of particular interest is this: The program asks you for a number, and if…
-
picoCTF 2022 | SQL Direct Write-up
Connect to this PostgreSQL server and find the flag! Category: Web Exploitation You have to first launch the challenge instance to receive further instructions. For me, the first step is finding and installing PostgreSQL on my own machine. Next, follow the provided instructions to log into the database server. This being my first time using…
-
picoCTF 2022 | Sleuthkit Apprentice Write-up
Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your home directory. Download compressed disk image Category: Forensics Having downloaded the file, I used binwalk -e to extract the disk image. Navigating to the extracted directory, I first attempted grep…
-
picoCTF 2022 | Secrets Write-up
We have several pages hidden. Can you find the one with the flag? The website is running here. Category: Web Exploitation I felt like I took way more time solving this than I should have, but perhaps I needed a refreshed mind to think efficiently. Regardless, the first step is always the same, let’s inspect…
Duy's Tinkerings 