Last active
April 27, 2018 22:20
-
-
Save MarkIsNotTaken/158aff4f6971626a91ead364149637c2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Level 1: | |
April 23, 2018 - Internet Kitties: | |
man nc to find out what nc does. | |
The syntax is nc {hostname} {port} | |
Typed nc shell2017.picoctf.com 12275 | |
Got flag | |
April 23, 2018 - Piazza: | |
Sign up for Piazza. | |
Once process is done, go look at pinned questions for the flag | |
April 23, 2018 - Leaf of the Tree: | |
Have to find file with flag inside, but it is nested into a ton of folders. | |
cd / to go to root directory | |
cd problems | |
Tab complete the long folder with a long number | |
After that, continuosly type in tr and tab complete the trunk inside the folder | |
Do this until it doesn't auto complete anymore and the flag file should be in your current directory | |
April 25, 2018 - Looooong: | |
First, nc to the server they specify. | |
It will give you a random challenge to type x amount of a character follow by a number within 30 seconds. | |
So, I went online to find a text repeater and activated the challenge. | |
I then repeated the designated character however many times it wanted, copy pasting it into the cli with the number. | |
Boom, got the flag. | |
April 25, 2018 - Leaf of the Forest: | |
Same as Leaf of the Tree, but with more folders. | |
So, cd / | |
cd problems/{long number}/forest | |
find . | grep flag | |
This command checks every single repository inside of Forest. | |
I can then pipe the output, which is every folder inside, to grep the flag. | |
April 25, 2018 - World Chat: | |
After using nc to connect to the correct host and port, the cli starts outputting random text. | |
I noticed that the text with the actual parts of the flag start with the words "this is part" | |
So I piped the output of nc shell2017.picoctf.com 14747 to grep those specific words. | |
nc shell2017.picoctf.com 14747 | grep "this is part" | |
Using this command only displayed the text with the parts of the flag. | |
I copy pasted each part to the input and won the challenge. | |
April 27, 2018 - Bash Loop: | |
There is a bash file in the /problems/995871fcb203d3e223e9e4aaa65e4053 directory | |
When it is run, it states: What number am I thinking of? It is between 0 and 4096 | |
To give the answer, you jsut have to put the after it is run. EX. ./bashloop 49 | |
Researching bash loops has give me this command | |
for i in {0..4096}; do ; done | |
The {0..4096} makes sure that variable i will go through 0 to 4096 | |
After that was confirmed, i ran the command with i as the input | |
for i in {0..4096}; do ./bashloop $i; done | |
As the screen was filled to the brim with lines of text, I decided to grep flag to see if it would give me the flag | |
for i in {0..4096}; do ./bashloop $i; done | grep flag | |
The response was positve, this command gave me the flag | |
Just No: | |
April 25, 2018 - What is Web: | |
The challenge sends me to a website to find the pieces of a flag. | |
These pieces are in the files that make a website. | |
So, I inspected the website and found each part of the flag in the HTML, CSS, and Javascript files. | |
I took each part and put them together. | |
Which I submitted to finish the problem. | |
April 25, 2018 -Hex2Raw: | |
python.decode | |
April 25, 2018 -ComputerAES: | |
https://cryptii.com/base64-to-hex | |
http://aes.online-domain-tools.com/ | |
April 25, 2018 -ComputerRSA: | |
https://www.cs.drexel.edu/~introcs/Fa11/notes/10.1_Cryptography/RSA_Express_EncryptDecrypt.html | |
plug in variables | |
April 25, 2018 - Substitution: | |
https://www.guballa.de/substitution-solver | |
break substitution cipher text | |
April 23, 2018 - Master Challenge: | |
The challenge sends you to a website that requires you to give a password | |
The admin has not implemented login yet | |
No matter what you enter, the response is always: Nah, that's not it | |
Inspecting the page, I look for the javascript to see what hasn't been done | |
Checking the password validation function, it's only function is to return false | |
I change it to true and save | |
Pressing the submit button after this gives me the flag | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment