Working on Picoctf 2014. So far it hasn't been extremely difficult. Here's how I solved some of the problems.
Tyrannosaurus Hex
I used the Google convert hexadecimal to decimal feature to convert 0xa1e16da4 to 2715905444.
No Comment
Rights-Clicked the page, View Source, Saw a comment, "In case you forget, the password for this site is: flag_f84c7d87a500072cd51855ae96adc629f2f024a0"
Common Vulnerabilty Exercise
Googled CVE Mozilla Firefox 2014 buffer overflows; Answer CVE 2014-1542
Caesar
It was a Caesar Cipher, as the name of the problem indicated. Google-Caesar Decrypter. The number of shifts of the letters was 25. My key: thesecretpassphraseislneinzjahhqufgtahruidvbjxtvkhd
The Valley Of Fear
(1,9,4) (4,2,8) (4,8,3) (7,1,5) (8,10,1)
The first number is the paragraph, the second number is the line number in that paragraph, and the third number is the word in that line.
The flag is ceremonial plates
Internet Inspection
This is in Internet Explorer: Right-Click on the rectangle with checkers on the web site, select "Inspect Element", make sure that you're looking at the "Dom Explorer". It should say "Dom Explorer" on the bottom left-hand side, and the top of the "Inspect Element" Window. Where it is exactly depends on how you have your windows for the "Developer's Tools" set. (Mine was the default setting.). You click on "Styles" on the right hand side, then "Inline Style", then "Backgroud Image", then you uncheck the "background-image" check box to remove the "checkers.png" background image. flag_dc67d9ac26f8dca00f74399d55819ddbd2afc4ac
Pickle Jar
I knew that a jar file was a java file that could be opened, utilizing a program like 7-zip. So, I opened my SIFT VM and opened it using the Archive Manager. It had a couple of folders and a pickle.p file. I checked the folders because I didn't know what a .p extension file was. The com folder had another folder called picoctf. In the picoctf folder, there was one class file that was a clue. A class file is a compiled java file. I just opened it up in the Eclipse IDE. It was a clue. It contained one method that stated, "Who took the pickles from the pickle jar." The META-INF folder had a MANIFEST.MF. I wasn't sure if those were needed for solving the problem, so I Googled pickle and p, and found out that a .p file is the extension for Python Pickle files. I knew that some versions of Linux have Python installed, so I opened up a terminal and typed in the command, "file -i pickle.p". The command told me that it was a text file, so I typed, "cat pickle.p" I was amazed that it was that simple. It printed out, "S'YOUSTOLETHEPICKLES' p0 ." YOUSTOLETHEPICKLES was the key.
RoboPhoto
Google has an interesting feature where you can search for images similar to one in a url. I just copied the url of the into the search bar, clicked on images, and clicked on the "search by image" feature. The flag was, "The Positronic Man".
This Is The Endian
On this one, the "Notes On Endianness" page gave a hint about how to solve it. The "Data Preview" box had both ASCii and Hex answers. So, I knew that I needed to convert ASCii letters into hex to solve this problem. The Endianess was given. It was Little Endian, meaning that the least significant byte is stored in the smallest address. It's like a stack of plates. The last plate stacked on top is the first one taken. So, I'd have to put the data in backwards to get the flag.
Answer(1) = 0x30646521
Answer(0) = 0x52657663
Answer(1) to ASCii
0de!
Answer(0) to ASCii
Revc
The flag was: cveR!ed0c
Intercepted Post
I opened up the file given in Wireshark. I typed in a filter for http.request.method eq "POST"
Frame 152 had a URL encoded password. password=flag%7Bpl%24_%24%24l_y0ur_l0g1n_form%24%7D
I used a URL decoder and got the flag. It was flag{pl$_$$l_y0ur_l0g1n_form$}
Supercow
This one was slightly annoying. You have to watch the prompt very carefully. I had to exploit the root privileges of a vulnerable program that prints out cow files to print out a flag file, which one has to have root privileges on a machine to access. I logged onto the picoctf shell machine and entered my username and password. Then I had to switch directories into the directory where the problem was. So, this is what I did.
cd /home/daedalus
ls
flag.txt hint.cow secret1.cow secret2.cow supercow supercow.c
./supercow hint.cow
cd
$
ln -s /home/daedalus/flag.txt
ln -s /home/daedalus/supercow
mv flag.txt flag.cow
./supercow flag.cow
The flag was: cows_drive_mooooving_vans
Grep Is Still Your Friend
grep-Hrn "daedaluscorp.txt.enc" /problems/grepfriend/keys
The key was: b2bee8664b754d0c85c4c0303134bca6
No comments:
Post a Comment