As you play the 2018 version of the game, share some tips here …
- For the first 3 warmups, use Google Searches and make sure you type the answers in the correct format.
- Use the pico resources: https://picoctf.com/resources
- Split your teams up and tackle different areas.
- If you go to an area that you have absolutely no idea how to handle, try a different area. You can always go back to the ones you have skipped over.
- Use the view source options for the web competitions
- In Web Exploitation, look at all of the pages and their source.
- For the 2nd Web Exploitation challenge, look at the sources again. Not meaning to split hairs, but this really not a good place to store a password.
- This link might be helpful … https://www.base64decode.org/
- For what base is this … use the following:
- https://www.convertbinary.com/
- http://www.unit-conversion.info/texttools/hexadecimal/#data
- http://www.unit-conversion.info/texttools/octal/#data
- For Cryptography, try some of these:
- https://lingojam.com/CaesarCipher
- https://cryptii.com/pipes/caesar-cipher
- https://www.dcode.fr/caesar-cipher
- Use the Shell command at the top of the menu options. Hint: right-click on Shell and open in a new tab
- Use grep textstring file to search for the textstring in “file”
- nc = netcat
- some very helpful command line information for linux: https://maker.pro/linux/tutorial/basic-linux-commands-for-beginners
- Forensics: Now You Don’t – GIMP’s image adjustment helps
- For one of the images in Forensics, you will need a Hex Editor. If there is not one on your computer, see BK once you have the correct image ready to check.
or try this … https://www.onlinehexeditor.com/ - This might be helpful http://www.imageforensic.org/
- And this https://fotoforensics.com/ works really well with the pico 2018 image
- Need to view json files? Try this http://jsonviewer.stack.hu/
- For the Admin Panel in Forensic, you will need the portable version of Wireshark Portable to look for the flag . Find it here it in Canvas…
- In Forensics, you can brute force the Malware Shops answer with a little patience.
- This works for the Husky: http://stylesuxx.github.io/steganography/
- FireyFoxes sometimes work better than metallic browsers
- To find the missing images from the snap, use a program to mount .dd files then a program to recover erased files
- Sometimes like in reverse engineering warmup, it is as simple as viewing the file’s contents to find the flag