flag leak Description Story telling class 1/2 I’m just copying and pasting with this program. What can go wrong? You can view source here. And connect with it using: nc saturn.picoctf.net 51385 Solving This is a format string attack. So if we use some magic to send some format strings to the app, this should get us the flag. Here
basic-file-exploit Description The program provided allows you to write to a file and read what you wrote from it. Try playing around with it and see if you can break it! Connect to the program with netcat: $ nc saturn.picoctf.net 49698 The program’s source code with the flag redacted can be downloaded here. Solving Netcat into the service via given
Vigenere Description Can you decrypt this message? Decrypt this message using this key "CYLAB". Solving Lets use CyberChef for that. Copy the message into the input field and use Vigenère Decode The key is given Key: "CYLAB"
Substitution Challenges Because this challenges are all very similar, we will not describe them in own articles 🙂 . Solving Substitutions cypher replace the 26 letters of an alphabet with other letters (one letter matches only one other). If you can find out which letter was replaced with which letter, then you can crack this cypher relatively easily. The best
transposition-trial Description Our data got corrupted on the way here. Luckily, nothing got replaced, but every block of 3 got scrambled around! The first word seems to be three letters long, maybe you can use that to recover the rest of the message. Download the corrupted message here. Solving Looking into the encrypted message we can see, that the first
diffie-hellman Description Alice and Bob wanted to exchange information secretly. The two of them agreed to use the Diffie-Hellman key exchange algorithm, using p = 13 and g = 5. They both chose numbers secretly where Alice chose 7 and Bob chose 3. Then, Alice sent Bob some encoded text (with both letters and digits) using the generated key as
morse-code Description Morse code is well known. Can you decrypt this? Download the file here. Wrap your answer with picoCTF{}, put underscores in place of pauses, and use all lowercase. Solving The soundfile is a morse code You could either translate it by your self with the morse alphabet or use this link Change all characters to lowercase and replace
basic-mod2 Description A new modular challenge! Download the message here. Take each number mod 41 and find the modular inverse for the result. Then map to the following character set: 1-26 are the alphabet, 27-36 are the decimal digits, and 37 is an underscore. Wrap your decrypted message in the picoCTF flag format (i.e. picoCTF{decrypted_message}) Solving This challenge is similar
basic-mod1 Description We found this weird message being passed around on the servers, we think we have a working decrpytion scheme. Download the message here. Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. Wrap your decrypted message in the picoCTF
I recently wrote a Flask web application in Python. When I put it online, I of course ran Nikto over it. Since I was immediately confronted with the usual suspects, I wanted to write down the solution for this weak point as a reminder to myself and possibly for your support. Vulnerabilities What vulnerabilities do we encounter again and again?