New to CTF?
Before I get into the solutions allow me to explain what is a capture-the-flag (CTF) competition(s). Capture the Flag (CTF) is a type of cybersecurity competition that challenges participants to solve a series of challenges in order to find a hidden “flag.” The flag is typically a string of text [ex. flag{.*}] that proves the participant has successfully completed the challenge.
Majority of CTFs incorporate real-world defensive and offensive scenarios which is an excellent way for cybersecurity professionals to test their skills in a safe and controlled environment as well as to identify potential vulnerabilities in computer systems. Participating in these competitions can be a great way to test your knowledge, validate your skills, improve research process, learn new tools & techniques, and network with other professionals in the field.
Why participate in picoCTF?
picoCTF is an online cybersecurity competition designed for students and beginners who are interested in learning more about cybersecurity and computer science. The competition is organized by Carnegie Mellon University and is open to anyone who wants to participate.
The challenges in picoCTF range from basic concepts such as general skills, cryptography and programming to more advanced topics like web exploitation, reverse engineering, binary exploitation, and forensics. Participants can earn points by solving challenges, and the competition typically lasts for more than a week.
One of the unique features of picoCTF is its emphasis on education and learning. The competition provides resources and tutorials to help participants develop the skills they need to solve the challenges, and the challenges themselves are designed to be educational and informative.
In general, picoCTF is a great way for students and beginners to gain hands-on experience with cybersecurity, while also having fun and competing against other participants from around the world.
Learn more about picoCTF here: https://picoctf.org/about.html.
picoCTF 2023 at a glance
This year’s picoCTF covers six (6) categories: Binary Exploitation, Cryptography, Forensics, General Skills, Reverse Engineering, and Web Exploitation.
I participated together with Team SneakBytes — our team is composed of diverse group of individuals with a passion for information security, including enthusiasts, seasoned professionals, experienced practitioners, and striving students.
SOLUTION — General Skills
Okay! enough with the intro. I’ll showcase how I solved some of the challenges on General Skills and Forensics, and will update this article once I got the permission from my other teammates to publish their solutions to other challenges.
1. [General Skills] Repetitions
Solution:
- Make sure to read the
description and tagsfor every challenges so you’ll have a better understanding on what type of challenge you’re dealing with. - The first clue to solving majority of CTF challenge is noticing the hint embedded in their title.
- For this challenge, download the file. Upload it to CyberChef, use the Recipe From Base64 (4) times to get the flag.
2. [General Skills] Rules 2023
Solution:
- This challenge is very simple. Click on the link from the challenge description to view the rules and you’ll be redirected to picoCTF Rules website. You’ll notice that the rules is in image format and flag will not be visible on the page.
- To get the flag — View Page Source and search for the flag string. The flag is in the
alttext (alternative text) — is a word or phrase that can be inserted as an attribute in an HTML(Hypertext Markup Language) document to tell website viewers the nature or contents of an image.
3. [General Skill] moneyware
Solution:
- For this challenge, it can be solved thru a simple google search.
- Google the
bitcoin addressindicated in the challenge description — I found this article. The flag is the name of the identified malware.
4. [General Skills] useless
Solution:
- Launch the challenge instance then ssh into the remote machine.
- There will be an “interesting script” in the machine named “useless”. To get the flag, use the command below:
picoplayer@challenge:~$ man useless
5. [General Skills] chrono
Solution:
- ssh into the instance
- my intuition tells me that this challenge has something to do about crontabs since the challenge title sounds similar to it and Chrono — related to time.
- the
/etc/crontabfile is used to schedule system-wide tasks that need to be executed at specific times or intervals, and it follows a specific format that specifies the time and date when the task should be run, the user account that will run the task, and the command to be executed. - Therefore, to get the flag I used the following command:
cat /etc/crontab
6. [General Skills] Permissions
Solution:
- ssh into the instance
- I tried to list files to check interesting files and directories using command
ls -la - nothing interesting, so I tried to check permissions using command
sudo -lto determine which commands my current user is allowed to execute with elevated privileges. - so I tried searching for misconfigurations associated with
vion this system thru —
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.
The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.
7. [General Skills] Special
Solution:
- ssh into the instance
- I noticed that when running common unix commands it returns
command: not foundor there are cases that the commands are not recognized. It is also noticeable that I also found out that spaces are not recognize during my first trial and error on this machine which I forgot to screenshot. - Another finding — whenever I tried to run a specific command it returns the nearest common english
dictionary wordand capitalized the first letter — example:lsreturnsIs;whoamireturnsWhom; etc. Therefore, I assume that I need to bypass spellcheck. - I reviewed some linux commands and operators then I tried to chain two operators:
$and@followed by theabsolute pathof the command/directory.
$ — In linux, this symbol is used to represent environment variables in the command line interface. Environment variables are values that are set by the shell and are available to all processes running in that shell session.
@ — in context of linux file permission, this symbol can be used as a file attribute to represent extended file attributes on some filesystems.
8. [General Skill] Specialer
Solution:
- ssh into the instance
- I assume that this challenge is somewhat similar to Special, however, it isn’t. Though we’re prompted with the same problem that we’re not able to invoke the conventional linux commands.
- I have analyzed that it only accepts the following commands:
cd,pwd, andecho.
After this observations, I came up with the following idea:
- I used
cdto change directories (you don’t say?) pwdto check which directory I’m in (sanity check LOL)echo *(as substitue tolssince we cannot invoke this command directly)- and,
echo $(<filename.txt)to print out the contents of the file. - I repeat the process to all 3 directories until I got the flag.
- Some reference: https://stackoverflow.com/questions/22377792/how-to-use-echo-command-to-print-out-content-of-a-text-file
SOLUTION — Forensics
I managed to answer few challenges due to work schedules and other engagements.
Forensics challenges in CTF (Capture the Flag) competitions are typically focused on analyzing digital artifacts, such as disk images, network traffic, or memory dumps, to extract hidden information or solve a puzzle. These challenges can range in difficulty from relatively simple tasks such as finding a hidden message in a file, to more complex tasks such as recovering a deleted file or identifying malware.
Some common types of forensic challenges in CTF competitions include:
Steganography: Challenges that involve finding hidden messages or data within images, audio files, or other types of media.
Network analysis: Challenges that involve analyzing network traffic to extract information, such as identifying suspicious activity or finding a hidden message.
File analysis: Challenges that involve analyzing files to extract hidden information, such as finding a password or uncovering a secret message.
Memory analysis: Challenges that involve analyzing a memory dump to extract information, such as finding a password or identifying malware.
Disk forensics: Challenges that involve analyzing a disk image to extract information, such as recovering a deleted file or identifying hidden data.
1. [Forensics] hideme
Solution:
- the filename of the download file is: flag.png (photo of picoCTF logo), therefore we’ll be dealing with an image/photo.
- i used binwalk — command:
binwalk -e flag.png
the -e is to automatically extract known file types.
Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images. Binwalk uses the libmagic library, so it is compatible with magic signatures created for the Unix file utility.
- from the screenshot above, we can see that there’s an embedded file inside the flag.png which is secret/flag on hex address
0x9B7C— knowing the address of the interesting file would be much easier to identify which embedded file to check/download. - I then used CyberChef to extract and download the file.
- After downloading the flag will be inside the secret folder.
2. [Forensics] PcapPoisoning
Solution:
- the solution is very simple.
- download the challenge file “trace.pcap” then upload in to cyberchef using the recipe
Stringsto extract and you can find the flag right away.
3. [Forensics] FindAndOpen
Solution:
- There are 2 files for this challenge: Download the challenge file “dump.pcap” and “flag.zip” which is password protected.
- extract strings from pcap file using cyberchef
- This part took me some time to analyze, when I first tried to decode it using Base64, the result was gibberish, but then I realized I have to remove some parts of the strings which is
AABBHHPJGTFRLKwhich gives me the result below —
- Use this portion of the flag to unlock the flag.zip file then get the flag.
4. [Forensics] MSB
Solution:
- download the challenge file.
- First I used, StegOnline tool — A web-based, enhanced and open-source port of StegSolve. Upload any image file, and the relevant options will be displayed.
- However, there’s nothing interesting results discovered
- tried to research on different steganography tools available in the wild that fits the Most Significant Bit (MSB) challenge.
- I found a git repository and tried to clone it:
git clone https://github.com/Pulho/sigBits - Take time to read the
README.md.— to get an overview about the tool and how to use it. - I also installed pillow:
pip install pillow - changed the permission of
sigBits.py:chmod +x sigBits.py
- I then run the command:
python3 sigBits.py -t=msb ../../Desktop/Ninja-and-Prince-Genji-Ukiyoe-Utagawa-Kinisada.flag.png
- After running the command, there’s a file
outputSB.txt - I then tried to read the contents of the file —
- I know that the flag is here, so to get the flag I used the command —
cat outputSB.txt | tr " " "\n" | grep -oE "picoCTF{.*?}"
That’s it for now.
Conclusion
Thought Process for Cybersecurity/CTF
When it comes to solving challenges in a CTF competition, there are often multiple approaches and strategies that can be used. Sometimes the easiest solution can be the most effective and efficient way to solve a challenge.
It’s important to remember that CTF challenges are designed to test your problem-solving skills and creativity. As long as your solution works and you’re able to obtain the flag, it doesn’t necessarily matter how complex or simple the solution is.
In fact, many experienced CTF participants often advocate for using the simplest possible solution to a challenge, as this can save time and reduce the risk of introducing errors or complications into the solution.
So if you come across a challenge that seems simple or straightforward, don’t be afraid to trust your instincts and try the most direct solution. It might just be the quickest and most effective way to solve the challenge and obtain the flag!
Thanks for dropping by!
