Metadata

Description: Want to play a game? As you use more of the shell, you might be interested in how they work! Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You’ll have 1000 possibilities and only 10 guesses. Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools! ...

description How well can you perfom basic binary operations? ┌──(root㉿Harsh)-[/home/jhagan/h/drop-in] └─# nc titan.picoctf.net 57549 Welcome to the Binary Challenge!" Your task is to perform the unique operations in the given order and find the final result in hexadecimal that yields the flag. Binary Number 1: 00011110 Binary Number 2: 00110010 Question 1/6: Operation 1: '>>' Perform a right shift of Binary Number 2 by 1 bits . Enter the binary result: 00011001 Correct! Question 2/6: Operation 2: '&' Perform the operation on Binary Number 1&2. Enter the binary result: 00010010 Correct! Question 3/6: Operation 3: '+' Perform the operation on Binary Number 1&2. Enter the binary result: 01010000 Correct! Question 4/6: Operation 4: '*' Perform the operation on Binary Number 1&2. Enter the binary result: 10111011100 Correct! Question 5/6: Operation 5: '<<' Perform a left shift of Binary Number 1 by 1 bits. Enter the binary result: 00111100 Correct! Question 6/6: Operation 6: '|' Perform the operation on Binary Number 1&2. Enter the binary result: 00111110 Correct! Enter the results of the last operation in hexadecimal: 0x3E Correct answer! The flag is: picoCTF{b1tw^3se_0p3eR@tI0n_su33essFuL_1367e2c6}

Description Why search for the flag when I can make a bookmarklet to print it for me? Browse here, and find the flag! 🔍 What’s a bookmarklet? A bookmarklet is like a small program you save as a bookmark in your browser. Instead of going to a normal website when you click it, it runs JavaScript code. solution copy the java script code and run the code in the java script compiler. this will give you the flag make a bookmark and edit the url and paste the Javascriptcode and save it . run the bookmark this give you flag ✅ Conclusion: The challenge teaches that sometimes the solution is just running the code you’re given instead of overthinking or searching the whole site. The flag is revealed when the bookmarklet runs. ...

#Description My team has been working very hard on new features for our flag printing program! I wonder how they’ll work together? You can download the challenge files here: challenge.zip solution wget https://artifacts.picoctf.net/c_titan/177/challenge.zip unzip challenge.zip cd drop-in/ git branch -a this will show all branch git checkout feature/part-1 cat flag.py ┌──(root㉿Harsh)-[/home/jhagan/drop-in/drop-in] └─# cat flag.py print(“Printing the flag…”) print(“picoCTF{t3@mw0rk_”, end=’') git checkout feature/part-2 cat flag ┌──(root㉿Harsh)-[/home/jhagan/drop-in/drop-in] └─# cat flag.py print(“Printing the flag…”) print(“m@k3s_th3_dr3@m_”, end=’') ...

ls -la This shows .git exists → proof it’s a Git repo. Check commit history ┌──(root㉿Harsh)-[/home/jhagan/drop-in] └─# git log commit 8dc51806c760dfdbb34b33a2008926d3d8e8ad49 (HEAD -> master) Author: picoCTF <ops@picoctf.com> Date: Tue Mar 12 00:06:17 2024 +0000 remove sensitive info commit 87b85d7dfb839b077678611280fa023d76e017b8 Author: picoCTF <ops@picoctf.com> Date: Tue Mar 12 00:06:17 2024 +0000 create flag This shows a list of commits. You notice one commit message says “create flag” — that’s when the flag was added. ...

Description Cookie Monster has hidden his top-secret cookie recipe somewhere on his website. As an aspiring cookie detective, your mission is to uncover this delectable secret. Can you outsmart Cookie Monster and find the hidden recipe? You can access the Cookie Monster here and good luck solution We should check for HTTP cookies. Check the cookies Start DevTools in the browser by pressing F12 or using Ctrl + Shift + I. Then select the Application tab and make sure http://verbal-sleep.picoctf.net:56241 is selected under Cookies in the menu to the left. ...

Description A company stored a secret message on a server which got breached due to the admin using weakly hashed passwords. Can you gain access to the secret stored within the server? Access the server using nc verbal-sleep.picoctf.net 57819 solution ┌──(root㉿Harsh)-[/home/jhagan] └─# nc verbal-sleep.picoctf.net 57819 Welcome!! Looking For the Secret? We have identified a hash: 482c811da5d5b4bc6d497ffa98491e38 Enter the password for identified hash: password123 Correct! You've cracked the MD5 hash with no secret found! Flag is yet to be revealed!! Crack this hash: b7a875fc1ea228b9061041b7cec4bd3c52ab3ce3 Enter the password for the identified hash: letmein Correct! You've cracked the SHA-1 hash with no secret found! Almost there!! Crack this hash: 916e8c4f79b25028c9e467f1eb8eee6d6bbdff965f9928310ad30a8d88697745 Enter the password for the identified hash: qwerty098 Correct! You've cracked the SHA-256 hash with a secret found. The flag is: picoCTF{UseStr0nG_h@shEs_&PaSswDs!_869e658e} crack the hashes by CrackStation 🔍 1. Length of the Hash Each hashing algorithm produces a fixed-length output, typically in hexadecimal. ...

🧩 Challenge Description Explore a web application and find an endpoint that exposes a file containing a hidden flag. The application is a blog where one of the articles discusses API documentation. The goal is to find a file generated from the server’s memory that contains the flag. A heap dump is a snapshot of a program’s memory (specifically, the heap section) at a particular point in time. It typically contains: ...

Description Try here to find the flag Solution Open BurpSuite and the proxy web browser with the link provided in the challenge description: http://titan.picoctf.net:49297/ For the first page, it doesn’t matter the data you put in. You could put all values to anything and then click “Register”. Now on the OTP page turn the “Intercept” function to on in BurpSuite. Doesn’t matter what is put for OTP. In the intercept now remove the text on line “otp=” but don’t remove any spaces/lines just the text from the otp. ...

Description Can you get the real meaning from this file. Download the file here. solution Base64-decoding ┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec] └─$ cat enc_flag YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzJhMnd6TW1zeWZRPT0nCg== The padding characters (=) at the end reveals that this is likely base64-encoded data. Let’s decode it with base64: ┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec] └─$ cat enc_flag | base64 -d b’d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg2a2wzMmsyfQ==' Still base64-endoded but in python byte-format. Another round of decoding: ┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec] └─$ echo "d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg2a2wzMmsyfQ==" | base64 -d wpjvJAM{jhlzhy_k3jy9wa3k_86kl32k2} Now this looks like a rotation cipher like Caesar or ROT13. The caesar cipher rotates 3 positions whereas ROT13 rotates 13 positions. ...