Category: Writeups

Lookey here

Description Attackers have hidden information in a very large mass of data in the past, maybe they are still doing it. Download the data here. …

Milkslap

Description 🥛http://mercury.picoctf.net:16940/ Info Went to website: http://mercury.picoctf.net:16940/ Right Click and download image / html / css / …

Operation Oni

Description Download this disk image, find the key and log into the remote machine. Note: if you are using the webshell, download and extract the disk …

Operation Orchid

Description Download this image and find the flag. https://artifacts.picoctf.net/c/216/pico.flag.png Info gunzip disk.img.gz Mounted disk.img to /mnt …

Redaction gone wrong

Description Now you DON’T see me. This report has some critical data in it, some of which have been redacted correctly, while some were not. Can you …

Shark on wire 1

Description We found this packet capture. Recover the flag. …

SideChannel

Description There’s something fishy about this PIN-code checker, can you figure out the PIN and get the flag? Download the PIN checker program …

Sleuthkit Apprentice

Description Download this disk image and find the flag. Note: if you are using the webshell, download and extract the disk image into /tmp not your …

Sleuthkit Intro

Description Download the disk image and use mmls on it to find the size of the Linux partition. Connect to the remote checker service to check your …

So Meta

Description Find the flag in this picture. https://jupiter.challenges.picoctf.org/static/916b07b4c87062c165ace1d3d31ef655/pico_img.png Info First …

St3g0

Description Download this image and find the flag. https://artifacts.picoctf.net/c/216/pico.flag.png Info Zsteg from bash 9 lines …

Who is it

Description Someone just sent you an email claiming to be Google’s co-founder Larry Page but you suspect a scam. Can you help us identify whose …

Dream Server - DFIR

Example Direction: Lock Picking Lawyer Server Category Item Blue 1 Gmail in session of browser Blue 2 Email in URL of the payload download Blue 3 …

Key Replicator

Example Direction: Lock Picking Lawyer

Neck Tie Connection

Serial Connection Connection Type: Serial Baud Rate/Speed: 115200 Port: COM3 Client: PuTTY Reference Reverse Engineering of ESP32 Flash Dumps with …

Neck Tie QR Code

NorthSec 2023

NorthSec < NSEC 2023

The Clock

Other Write-Up See SD Card Data for more information. Challenge Walkthrough 1. Splash Screen Flag When the device boots, a flag flashes very quickly …

The Rules

Warmups

Download mypcap.pcap Spoiler Command: bash 5 lines tshark -r mypcap.pcap -Tfields -e data \ | cut -c -2 \ | sed ':a;N;$!ba;s/\n/ /g' \ | sed …

A Flag

Context: @0xstatic is spoiling us with another challenge. Here’s a flag for you. Can you flag the flag? txt 1 lines …

Hackademy – Authorization 1

Check the html Or in the PCAP:

NorthSec 2022

NorthSec < NSEC 2022 - Extra Information Data

Portobello 53 - Denial (2 of 2)

Context Why do you need DNS logs anyway? We both know that DNS servers are just address books of Internet resources and I’ve never seen anyone abuse a …

Portobello-53-Anger (2/2)

Part 1 - Version 1 3232::3 had base64 encoded strings. After decoding, found a flag. ID3 is the magic number for MP3 files, but can’t get it to …

Portobello-53-Bargaining

Packet Analysis Within your method of looking through the packets (using Wireshark), searching for the word flag- brought me directly to the flag. …

Portobello-53-Depression

Part 1 – PunnyCode After noticing multiple xn-- CNAMES in the PCAP, I narrowed down to host 9 and observed many of these entries. After removing the …

Warm-up - MONTREAL (Semi-Solved)

Context I play this tune every time I’m headed home and land at Montréal-Pierre Elliott Trudeau International Airport! It has a special meaning …

Rule One, There Isn't any rules!

Step 1: Download the challenge

VFCrypter

Step 1: Extract Step 2: Download decode-vbe Get it from: https://github.com/DidierStevens/DidierStevensSuite/blob/master/decode-vbe.py Alternatively, …