Competitions CTF picoCTF

pico C T F Info

6 years ago
bk

As you play the 2018 version of the game, share some tips here …

  • For the first 3 warmups, use Google Searches and make sure you type the answers in the correct format.
  • Use the pico resources:  https://picoctf.com/resources
  • Split your teams up and tackle different areas.
  • If you go to an area that you have absolutely no idea how to handle, try a different area. You can always go back to the ones you have skipped over.
  • Use the view source options for the web competitions
  • In Web Exploitation, look at all of the pages and their source.
  • For the 2nd Web Exploitation challenge, look at the sources again. Not meaning to split hairs, but this really not a good place to store a password.
  • This link might be helpful … https://www.base64decode.org/
  • For what base is this … use the following:
    • https://www.convertbinary.com/
    • http://www.unit-conversion.info/texttools/hexadecimal/#data
    • http://www.unit-conversion.info/texttools/octal/#data
  • For Cryptography, try some of these:
    • https://lingojam.com/CaesarCipher
    • https://cryptii.com/pipes/caesar-cipher
    • https://www.dcode.fr/caesar-cipher
  • Use the Shell command at the top of the menu options. Hint: right-click on Shell and open in a new tab
  • Use grep textstring file   to search for the textstring in “file”
  • nc  =  netcat
  • some very helpful command line information for  linux:  https://maker.pro/linux/tutorial/basic-linux-commands-for-beginners
  • Forensics: Now You Don’t – GIMP’s image adjustment helps
  • For one of the images in Forensics, you will need a Hex Editor. If there is not one on your computer, see BK once you have the correct image ready to check.
    or try this …  https://www.onlinehexeditor.com/
  • This might be helpful   http://www.imageforensic.org/
  • And this   https://fotoforensics.com/   works really well with the pico 2018 image
  • Need to view json files?  Try this   http://jsonviewer.stack.hu/
  • For the Admin Panel in Forensic, you will need the portable version of Wireshark Portable to look for the flag . Find it here it in Canvas…
  • In Forensics, you can brute force the Malware Shops answer with a little patience.
  • This works for the Husky:  http://stylesuxx.github.io/steganography/
    • FireyFoxes sometimes work better than metallic browsers
  • To find the missing images from the snap, use a program to mount .dd files then a program to recover erased files
  • Sometimes like in reverse engineering warmup, it is as simple as viewing the file’s contents to find the flag