Enhance! Description Download this image file and find the flag. Download image file Solving Lets have a look at the svg file It looks like a normal file In the last lines of the file, in the tspan tag, we can see some interessting characters… looks like the end of the flag. id=“tspan3764″>F { 3 n h 4 n c
buffer overflow 1 Description Control the return address Now we’re cooking! You can overflow the buffer and return to the flag function in the program. You can view source here. And connect with it using nc saturn.picoctf.net 51721 Info The links could be different.. the instance will be different (you have to launch your own in CTF) Solving This is
buffer overflow 0 Description Smash the stack Let’s start off simple, can you overflow the correct buffer? The program is available here. You can view source here. And connect with it using: nc saturn.picoctf.net 65445 Solving Download the sourcecode and the program If we check the sourcecode we will see, that a sigsev will give us a flag Playing with
RPS Description Here’s a program that plays rock, paper, scissors against you. I hear something good happens if you win 5 times in a row. Connect to the program with netcat: nc saturn.picoctf.net 53296 The program’s source code with the flag redacted can be downloaded here. Solving Checking the code (as mentioned in the hint of the challenge) In the
CVE-XXXX-XXXX Description Enter the CVE of the vulnerability as the flag with the correct flag format: picoCTF{CVE-XXXX-XXXXX} replacing XXXX-XXXXX with the numbers for the matching vulnerability. The CVE we’re looking for is the first recorded remote code execution (RCE) vulnerability in 2021 in the Windows Print Spooler Service, which is available across desktop and server versions of Windows operating systems.
flag leak Description Story telling class 1/2 I’m just copying and pasting with this program. What can go wrong? You can view source here. And connect with it using: nc saturn.picoctf.net 51385 Solving This is a format string attack. So if we use some magic to send some format strings to the app, this should get us the flag. Here
basic-file-exploit Description The program provided allows you to write to a file and read what you wrote from it. Try playing around with it and see if you can break it! Connect to the program with netcat: $ nc saturn.picoctf.net 49698 The program’s source code with the flag redacted can be downloaded here. Solving Netcat into the service via given
Vigenere Description Can you decrypt this message? Decrypt this message using this key "CYLAB". Solving Lets use CyberChef for that. Copy the message into the input field and use Vigenère Decode The key is given Key: "CYLAB"
Substitution Challenges Because this challenges are all very similar, we will not describe them in own articles 🙂 . Solving Substitutions cypher replace the 26 letters of an alphabet with other letters (one letter matches only one other). If you can find out which letter was replaced with which letter, then you can crack this cypher relatively easily. The best
transposition-trial Description Our data got corrupted on the way here. Luckily, nothing got replaced, but every block of 3 got scrambled around! The first word seems to be three letters long, maybe you can use that to recover the rest of the message. Download the corrupted message here. Solving Looking into the encrypted message we can see, that the first