Blog section
CTF

picoCTF 2024 General Skills

picoCTF 2024 General Skills writeups covering git, shell commands, and foundational CTF techniques.

picoCTFCTFGeneral Skills

picoCTF 2024 - General Skills

challenge screenshot

General Skills Challenges

Solved: 10/10 challenges


Binary Search

Tags: `General Skills` `browser_webshell_solvable` `ls` `shell`

Description

Want to play a game? As you use more of the shell, you might be interested in how they work! Binary search is a classic algorithm used to quickly find an item in a sorted list. Can you find the flag? You'll have 1000 possibilities and only 10 guesses. Cyber security often has a huge amount of data to look through - from logs, vulnerability reports, and forensics. Practicing the fundamentals manually might help you in the future when you have to write your own tools!

Flag

challenge screenshot


binhexa

Tags: `General Skills` `browser_webshell_solvable`

Description

How well can you perform basic binary operations? Start searching for the flag here nc titan.picoctf.net 50971

challenge screenshot

Solution Strategy

import socket
import re

def perform_operation(num1, num2, operation):
    match operation:
        case '>>':
            return num1 >> 1  
        case '<<':
            return num1 << 1  
        case '|':
            return num1 | num2
        case '&':
            return num1 & num2
        case '+':
            return num1 + num2
        case '-':
            return num1 - num2
        case '*':
            return num1 * num2
        case '/':
            return num1 // num2  
        case _:
            raise ValueError(f"Unsupported operation: {operation}")

def connect_and_solve(host, port):
    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
        sock.connect((host, port))
        num1, num2 = None, None
        last_binary_result = ""

        while True:
            message = ''
            while True:
                part = sock.recv(4096).decode()
                message += part
                if "Enter the binary result:" in part or "The flag is:" in part or "Incorrect" in part or "Enter the results of the last operation in hexadecimal:" in part:
                    break
                print(part)

            new_nums = re.findall(r"Binary Number \d+: ([01]+)", message)
            if new_nums:
                num1, num2 = (int(n, 2) for n in new_nums)

            operation_search = re.search(r"Operation \d+: '([^']+)'", message)
            if operation_search:
                operation = operation_search.group(1)
                if '>>' in operation or '<<' in operation:
                    if "Binary Number 1" in message:
                        result = perform_operation(num1, 1, operation)
                    elif "Binary Number 2" in message:
                        result = perform_operation(num2, 1, operation)
                else:
                    result = perform_operation(num1, num2, operation)

                last_binary_result = bin(result)[2:]
                print("Sending:", last_binary_result)
                sock.send((last_binary_result + "\n").encode())

            if "Enter the results of the last operation in hexadecimal:" in message:
                hex_result = hex(int(last_binary_result, 2))[2:].upper()
                print("Sending in hex:", hex_result)
                sock.send((hex_result + "\n").encode())

            if "Incorrect" in message:
                print("Incorrect answer. Exiting.")
                break
            if "The flag is:" in message:
                print(message)
                break
                
if __name__ == "__main__":
    HOST = 'titan.picoctf.net'
    PORT = 64026
    connect_and_solve(HOST, PORT)
  • This Python script connects to a server specified by the HOST and PORT constants using a TCP socket.
  • It defines a function perform_operation to perform various bitwise and arithmetic operations on two numbers (num1 and num2).
  • Supported operations include shifting (>> and <<), bitwise OR (|), bitwise AND (&), addition (+), subtraction (-), multiplication (*), integer division (/), and raising a ValueError for unsupported operations.
  • Inside connect_and_solve function, it establishes a connection with the server, receives messages, and parses them to extract binary numbers, operations, and expected responses.
  • It continuously receives messages from the server until it receives a message indicating either to enter the binary result, enter the result of the last operation in hexadecimal, or the flag.
  • It performs operations based on the received message, sends the result back to the server, and handles incorrect responses.
  • When it receives the message to enter the result of the last operation in hexadecimal, it converts the last binary result to hexadecimal and sends it back.
  • The main function initiates the connection and solving process when the script is executed directly.

Flag

challenge screenshot


Blame Game

Tags: `General Skills` `git` `browser_webshell_solvable`

Description

Someone's commits seem to be preventing the program from working. Who is it?

Flag

git show 23e9d4ce78b3cea725992a0ce6f5eea0bf0bcdd4

challenge screenshot


Collaborative Development

Tags: `General Skills` `git` `browser_webshell_solvable`

Description

My team has been working very hard on new features for our flag printing program! I wonder how they'll work together?

Flag

git show 300cff1bf1f64637dd9ff603d90176e8e8bdeb01 | grep "picoCTF{"
+print("picoCTF{t3@mw0rk_", end='')

git show 74989a4f650d024929388b6788d2b4c214a07e49 | grep "_"       
+print("m@k3s_th3_dr3@m_", end='')

git show 12c2ae89d8035b7a5aa7cd169dc9e93cc68201be | grep "}"
+print("w0rk_798f9981}")

challenge screenshot


Commitment Issues

Tags: `General Skills` `git` `browser_webshell_solvable`

Description

I accidentally wrote the flag down. Good thing I deleted it!

Flag

git show 144fdc44b09058d7ea7f224121dfa5babadddbb9 | grep 'picoCTF{'

challenge screenshot


dont-you-love-banners

Tags: `General Skills` `browser_webshell_solvable` `shell`

Description

Can you abuse the banner?

challenge screenshot

challenge screenshot

Source Code

challenge screenshot

Flag

challenge screenshot

challenge screenshot


endianness

Tags: `General Skills` `browser_webshell_solvable`

Description

Do you know about little-endian and big-endian formats?

challenge screenshot

Solution Strategy

from pwn import *

def to_little_endian(word):
    return ''.join(format(ord(c), '02x') for c in reversed(word))

def to_big_endian(word):
    return ''.join(format(ord(c), '02x') for c in word)

conn = remote('titan.picoctf.net', 51008)

conn.recvuntil(b'Word: ')
word = conn.recvline().decode().strip()
print(f"Word: {word}")

little_endian = to_little_endian(word).upper()
big_endian = to_big_endian(word).upper()

conn.sendline(little_endian.encode())
print(f"Sent Little Endian: {little_endian}")

conn.recvuntil(b'Enter the Big Endian representation: ')
conn.sendline(big_endian.encode())
print(f"Sent Big Endian: {big_endian}")

response = conn.recvall().decode()
print(response)

conn.close()
  • This Python script uses the pwntools library, commonly used for exploit development and CTF challenges.
  • It connects to a remote server (titan.picoctf.net) on port 51008.
  • The to_little_endian function takes a word as input, converts it to little-endian hexadecimal representation, and returns the result as a string.
  • The to_big_endian function takes a word as input, converts it to big-endian hexadecimal representation, and returns the result as a string.
  • It receives a word from the server, converts it to both little-endian and big-endian representations, and sends them back to the server.
  • After sending both representations, it receives the response from the server and prints it.
  • Finally, it closes the connection.
  • This script is likely part of a challenge where the server expects the client to convert a word into little-endian and big-endian representations and send them back.

Flag

challenge screenshot


SansAlpha

Tags: `General Skills` `bash` `browser_webshell_solvable` `ssh` `shell_escape`

Description

The Multiverse is within your grasp! Unfortunately, the server that contains the secrets of the multiverse is in a universe where keyboards only have numbers and (most) symbols.

challenge screenshot

Solution Strategy

_1=(../../*/)
_3=("${_1[0]}"*)
_11=(*/*)
${_3[42]} ./${_11[0]}
  • _1=(../../*/): Stores paths of all directories two levels up from the current directory into array _1. Specifically targets the bin directory at this level.
  • _3=("${_1[0]}"*): Populates array _3 with everything (files and directories) inside the first directory listed in _1, effectively capturing the contents of the bin directory.
  • _11=(*/*): Assigns to array _11 paths to all items one level down from every directory in the current directory, notably includes blargh/flag.txt.
  • ${_3[42]} ./${_11[0]}: Executes the 43rd item from _3 with ./${_11[0]} (the first item in _11, blargh/flag.txt) as its argument. This process iterates over all items in _3, executing each against blargh/flag.txt.
  • Overall Goal: Iteratively execute each file or script found within the bin directory (two levels up) against the file blargh/flag.txt located in a directly accessible subdirectory, aiming to identify specific behaviors or outputs.

Flag

challenge screenshot


Super SSH

Tags: `General Skills` `shell` `ssh` `browser_webshell_solvable`

Description

Using a Secure Shell (SSH) is going to be pretty important. Can you ssh as ctf-player to titan.picoctf.net at port 60572 to get the flag? You'll also need the password 1ad5be0d. If asked, accept the fingerprint with yes. If your device doesn't have a shell, you can use: https://webshell.picoctf.org If you're not sure what a shell is, check out our Primer: https://primer.picoctf.com/#_the_shell

Flag

ssh ctf-player@titan.picoctf.net -p 60572

challenge screenshot


Time Machine

Tags: `General Skills` `git` `browser_webshell_solvable`

Description

What was I last working on? I remember writing a note to help me remember...

Flag

git show e65fedb3a72a16c577f4b17023b63997134b307d | grep 'picoCTF{'

challenge screenshot