05t3/PicoCtf-2022.md

## PicoCtf-2022.md

      
    Raw
  

              PicoCtf-2022.md
            
          
    runme.py


Run the runme.py script to get the flag. Download the script with your browser or with wget in the webshell. Download runme.py Python script

oste-picoctf@webshell:~$ wget https://artifacts.picoctf.net/c/92/runme.py
--2022-01-12 20:51:52--  https://artifacts.picoctf.net/c/92/runme.py
Resolving artifacts.picoctf.net (artifacts.picoctf.net)... 99.84.248.96, 99.84.248.26, 99.84.248.60, ...
Connecting to artifacts.picoctf.net (artifacts.picoctf.net)|99.84.248.96|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 270 [application/octet-stream]
Saving to: 'runme.py'

runme.py                                      100%[================================================================================================>]     270  --.-KB/s    in 0s      

2022-01-12 20:51:52 (57.2 MB/s) - 'runme.py' saved [270/270]

oste-picoctf@webshell:~$ ls -la
total 24
drwxr-xr-x 2 oste-picoctf oste-picoctf   91 Jan 12 20:51 .
drwxr-xr-x 3 root         root           26 Jan 10 22:39 ..
-rw-r--r-- 1 oste-picoctf oste-picoctf  220 Jan 10 22:39 .bash_logout
-rw-r--r-- 1 oste-picoctf oste-picoctf 3771 Jan 10 22:39 .bashrc
-rw-r--r-- 1 oste-picoctf oste-picoctf  807 Jan 10 22:39 .profile
-rw-r--r-- 1 root         root         5144 Jan 12 20:51 README.txt
-rw-rw-r-- 1 oste-picoctf oste-picoctf  270 Jan  4 23:47 runme.py
oste-picoctf@webshell:~$ python3 runme.py 
picoCTF{run_s4n1ty_run}
ANS: picoCTF{run_s4n1ty_run}
ncme


Connect to a remote computer using nc and get the flag.
$ nc saturn.picoctf.net 57688_

SOLUTION
oste-picoctf@webshell:~$ nc saturn.picoctf.net 57688
picoCTF{s4n1ty_c4t}
ANS: picoCTF{s4n1ty_c4t}
convertme.py


Run the Python script and convert the given number from decimal to binary to get the flag.
Download Python script

SOLUTION
oste-picoctf@webshell:~$ cat convertme.py 

import random


def str_xor(secret, key):
    #extend key to secret length
    new_key = key
    i = 0
    while len(new_key) < len(secret):
        new_key = new_key + key[i]
        i = (i + 1) % len(key)        
    return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])


flag_enc = chr(0x15) + chr(0x07) + chr(0x08) + chr(0x06) + chr(0x27) + chr(0x21) + chr(0x23) + chr(0x15) + chr(0x5f) + chr(0x05) + chr(0x08) + chr(0x2a) + chr(0x1c) + chr(0x5e) + chr(0x1e) + chr(0x1b) + chr(0x3b) + chr(0x17) + chr(0x51) + chr(0x5b) + chr(0x58) + chr(0x5c) + chr(0x3b) + chr(0x10) + chr(0x57) + chr(0x0f) + chr(0x5e) + chr(0x51) + chr(0x5c) + chr(0x46) + chr(0x53) + chr(0x13)


num = random.choice(range(10,101))

print('If ' + str(num) + ' is in decimal base, what is it in binary base?')

ans = input('Answer: ')

try:
  ans_num = int(ans, base=2)
  
  if ans_num == num:
    flag = str_xor(flag_enc, 'enkidu')
    print('That is correct! Here\'s your flag: ' + flag)
  else:
    print(str(ans_num) + ' and ' + str(num) + ' are not equal.')
  
except ValueError:
  print('That isn\'t a binary number. Binary numbers contain only 1\'s and 0\'s')
If you run the script, you'll be given a random number to convert. In this case, i used CyberChef as shown in the screenshot below. After supplying the binary base, we get the flag
oste-picoctf@webshell:~$ python3 convertme.py 
If 96 is in decimal base, what is it in binary base?
Answer: 01100000
That is correct! Here's your flag: picoCTF{4ll_y0ur_b4535_e2a58836}

ANS: picoCTF{4ll_y0ur_b4535_e2a58836}
Codebook


Run the Python script code.py in the same directory as codebook.txt.


Download code.py
Download codebook.txt

oste-picoctf@webshell:~$ mkdir codebook && cd codebook
oste-picoctf@webshell:~/codebook$ wget https://artifacts.picoctf.net/c/103/code.py
--2022-01-12 21:50:32--  https://artifacts.picoctf.net/c/103/code.py
Resolving artifacts.picoctf.net (artifacts.picoctf.net)... 99.84.248.38, 99.84.248.96, 99.84.248.26, ...
Connecting to artifacts.picoctf.net (artifacts.picoctf.net)|99.84.248.38|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1278 (1.2K) [application/octet-stream]
Saving to: 'code.py'

code.py                                       100%[================================================================================================>]   1.25K  --.-KB/s    in 0s      

2022-01-12 21:50:32 (238 MB/s) - 'code.py' saved [1278/1278]

oste-picoctf@webshell:~/codebook$ wget https://artifacts.picoctf.net/c/103/codebook.txt
--2022-01-12 21:50:47--  https://artifacts.picoctf.net/c/103/codebook.txt
Resolving artifacts.picoctf.net (artifacts.picoctf.net)... 99.84.248.26, 99.84.248.60, 99.84.248.38, ...
Connecting to artifacts.picoctf.net (artifacts.picoctf.net)|99.84.248.26|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 27 [application/octet-stream]
Saving to: 'codebook.txt'

codebook.txt                                  100%[================================================================================================>]      27  --.-KB/s    in 0s      

2022-01-12 21:50:48 (5.17 MB/s) - 'codebook.txt' saved [27/27]

oste-picoctf@webshell:~/codebook$ ls -la
total 8
drwxrwxr-x 2 oste-picoctf oste-picoctf   41 Jan 12 21:50 .
drwxr-xr-x 3 oste-picoctf oste-picoctf  132 Jan 12 21:50 ..
-rw-rw-r-- 1 oste-picoctf oste-picoctf 1278 Jan  4 23:48 code.py
-rw-rw-r-- 1 oste-picoctf oste-picoctf   27 Jan  4 23:48 codebook.txt
oste-picoctf@webshell:~/codebook$ python3 code.py 
picoCTF{c0d3b00k_455157_8100c7c1}
oste-picoctf@webshell:~/codebook$ 
ANS: picoCTF{c0d3b00k_455157_8100c7c1}
PW Crack 1


Can you crack the password to get the flag? Download the password checker here and you'll need the encrypted flag in the same directory too.

HashingJobApp


If you want to hash with the best, beat this test!
nc saturn.picoctf.net 65352

oste-picoctf@webshell:~$ nc saturn.picoctf.net 65352
Please md5 hash the text between quotes, excluding the quotes: 'cold pizza'
Answer: 
da910b97223f1dc73b65038d744b5e3c
da910b97223f1dc73b65038d744b5e3c
Correct.
Please md5 hash the text between quotes, excluding the quotes: 'gym teachers'
Answer: 
6a8404f911c6543cada93a75dd30a57d
6a8404f911c6543cada93a75dd30a57d
Correct.
Please md5 hash the text between quotes, excluding the quotes: 'a honeymoon'
Answer: 
6552e3784f898159d5c06d7c7fedd918
6552e3784f898159d5c06d7c7fedd918
Correct.
picoCTF{4ppl1c4710n_r3c31v3d_674c1de2}
ANS: picoCTF{4ppl1c4710n_r3c31v3d_674c1de2}
Serpentine


Find the flag in the Python script!
Download Python script

oste-picoctf@webshell:~/serpentine$ python3 serpentine.py 

    Y
  .-^-.
 /     \      .- ~ ~ -.
()     ()    /   _ _   `.                     _ _ _
 \_   _/    /  /     \   \                . ~  _ _  ~ .
   | |     /  /       \   \             .' .~       ~-. `.
   | |    /  /         )   )           /  /             `.`.
   \ \_ _/  /         /   /           /  /                `'
    \_ _ _.'         /   /           (  (
                    /   /             \  \
                   /   /               \  \
                  /   /                 )  )
                 (   (                 /  /
                  `.  `.             .'  /
                    `.   ~ - - - - ~   .'
                       ~ . _ _ _ _ . ~

Welcome to the serpentine encourager!


a) Print encouragement
b) Print flag
c) Quit

What would you like to do? (a/b/c) a

-----------------------------------------------------
Look how far you've come!
-----------------------------------------------------


a) Print encouragement
b) Print flag
c) Quit

What would you like to do? (a/b/c) b

Oops! I must have misplaced the print_flag function! Check my source code!


a) Print encouragement
b) Print flag
c) Quit

What would you like to do? (a/b/c) c
oste-picoctf@webshell:~/serpentine$ nano serpentine.py 


a) Print encouragement
b) Print flag
c) Quit

What would you like to do? (a/b/c) b
picoCTF{7h3_r04d_l355_7r4v3l3d_8e47d128}
ANS: picoCTF{7h3_r04d_l355_7r4v3l3d_8e47d128}
fixme1.py

Fix the syntax error in this Python script to print the flag.

Download Python script


picoCTF{1nd3nt1ty_cr1515_09ee727a}