jng | tribbletron
jng | tribbletron
  • About
  • CTFs
    • Target x WiCyS CTF 2024
      • D2 Look for Insider Threats
      • D8 YARA Analysis
      • O3 Constructing your Phish
      • O7 Bypass the EDR
      • O8 Performing an Exfil of a Filesystem
      • O9.1 Escalate your Privileges
    • US CyberGames IV 2024
      • USCG IV: Forensics
      • USCG IV: Web
    • DoD Cyber Sentinel 2024
    • Amazon x WiCyS CTF 2023
    • PicoCTF.org
      • PicoCTF 2024
      • PicoCTF 2023
  • Links
    • Readings
  • Tools
  • Notes
    • To Burp or Not to Burp
    • Common issues
    • Rankings
Powered by GitBook
On this page
  1. CTFs
  2. PicoCTF.org

PicoCTF 2024

Last updated 1 year ago

My first CTF while in a full-time job and staffing weekend gigs! So I just want to quickly highlight my favorite challenges and how I did them:

General Skills (category) : dont-you-love-banners (title): 300 (pts) :

I redid my solution several times to get the most compact screenshot of my process.

My Process: Run the Ubuntu instance and Netcat to port 55529. Instances reset every half hour and sometimes a new one will have different content. In this case, it’s always the same password. Use it to enter port 58066, where you’ll see a “WELCOME” banner, then answer two questions. (“Defcon” was a guess. I also guessed “Captain Crunch”, but they wanted his real name, which is “John Draper”.)

The goal is “flag.txt” in the root folder, but even sudo is disabled. The name of this challenge is a hint. Whenever you log in, notice how it automatically displays “WELCOME”? I used “mv” command to rename that file to “originalbanner”, then made a new “banner” file using the “ln -s” (aka command to create a symlink, the Linux version of a Windows shortcut) that links to flag.txt.

So the next time I logged in, the server displayed flag.txt instead: picoCTF{b4nn3r_gr4bb1n9_su((3sfully_a0e119d4}

Forensics (category) : Blast from the past (title): 300 (pts) :

My Process: As you can see in the screenshot, the last check literally snagged on the “TimeStamp”.

exiftool -time:all -s FILENAME (lets you see all the timestamps in the file) exiftool "-AllDates=1970:01:01 00:00:00.001+00:00" FILENAME (overwrites most of the timestamps that picoCTF wants changed) The last three SubSec ones, plus TimeStamp, had to be done separately. But TimeStamp gives a “Warning: Not an integer for XMP-apple-fi:TimeStamp” error.

…I’ll follow-up with this one later. I can’t work on it further since the instances are off. Hopefully, it’ll appear in the picoCTF Gym.

I was very close to solving this, but exiftool (ver 12.76) couldn’t bypass a .

snag in the metadata