PicoCTF 2024

My first CTF while in a full-time job and staffing weekend gigs! So I just want to quickly highlight my favorite challenges and how I did them:

General Skills (category) : dont-you-love-banners (title): 300 (pts) :

I redid my solution several times to get the most compact screenshot of my process.

My Process: Run the Ubuntu instance and Netcat to port 55529. Instances reset every half hour and sometimes a new one will have different content. In this case, it’s always the same password. Use it to enter port 58066, where you’ll see a “WELCOME” banner, then answer two questions. (“Defcon” was a guess. I also guessed “Captain Crunch”, but they wanted his real name, which is “John Draper”.)

The goal is “flag.txt” in the root folder, but even sudo is disabled. The name of this challenge is a hint. Whenever you log in, notice how it automatically displays “WELCOME”? I used “mv” command to rename that file to “originalbanner”, then made a new “banner” file using the “ln -s” (aka command to create a symlink, the Linux version of a Windows shortcut) that links to flag.txt.

So the next time I logged in, the server displayed flag.txt instead: picoCTF{b4nn3r_gr4bb1n9_su((3sfully_a0e119d4}

Forensics (category) : Blast from the past (title): 300 (pts) :

I was very close to solving this, but exiftool (ver 12.76) couldn’t bypass a snag in the metadata.

My Process: As you can see in the screenshot, the last check literally snagged on the “TimeStamp”.

exiftool -time:all -s FILENAME (lets you see all the timestamps in the file) exiftool "-AllDates=1970:01:01 00:00:00.001+00:00" FILENAME (overwrites most of the timestamps that picoCTF wants changed) The last three SubSec ones, plus TimeStamp, had to be done separately. But TimeStamp gives a “Warning: Not an integer for XMP-apple-fi:TimeStamp” error.

…I’ll follow-up with this one later. I can’t work on it further since the instances are off. Hopefully, it’ll appear in the picoCTF Gym.