xfnty's personal website

This is my little personal website I put my thoughts on.

GitHub Discord

-- home --

PicoCTF Challange Solutions and Notes

I don't know anything about hacking but I find doing CTF challanges entertaining. So there will be this blog post.

Verify

The goal was to run SHA-256 encryption on every file inside files/ folder and compare it with the checksum in checksum.txt.

Here's the script I wrote do this:

from hashlib import sha256 from os import listdir checksum = open('checksum.txt').read() for f in listdir('files'): hash = sha256(open('files/' + f, 'rb').read()).hexdigest() if hash == checksum: print(f'match on {f}')

The file contained encrypted flag that I then decrypted using the command from task description.

Binary Search

This one was a bit funny. The goal was to basically play "Guess the number" game with the prompt telling you whether the secret number was less or greater than the one you entered.

Time Machine

Here I only had to run git log inside the task directory. The flag was the commit message.

Unminify

The flag was inside the HTML.

Super SSH

Simply had to connect to a host with a specified port and login name.

format string 0

That one was more interesting. To solve the puzzle I had to trigger segfault in the binary with available source code. Here's the vulnerability:

#define BUFSIZE 32 ... char choice1[BUFSIZE]; scanf("%s", choice1);

And the segfault handler:

void sigsegv_handler(int sig) { printf("\n%s\n", flag); fflush(stdout); exit(1); } ... signal(SIGSEGV, sigsegv_handler);

So basically I just had to enter a string big enough to overflow the buffer and trigger segfault.

Scan Surprise

The flag as a QR code, OK )

Web Decode

Base64-encoded flag inside an HTML.

heap 0

Another binary exploitation task. The goal was to override data in one block of memory by writing to the block before it.

Here are the two blocks:

#define INPUT_DATA_SIZE 5 #define SAFE_VAR_SIZE 5 ... char *safe_var; char *input_data; ... input_data = malloc(INPUT_DATA_SIZE); strncpy(input_data, "pico", INPUT_DATA_SIZE); safe_var = malloc(SAFE_VAR_SIZE); strncpy(safe_var, "bico", SAFE_VAR_SIZE); ... scanf("%s", input_data);

You could override the second block by getting the distance between the two pointers which were kindly printed by the program and entering that amount of characters plus SAFE_VAR_SIZE.

strcmp(safe_var, "bico") != 0 was the win condition.

Secret of the Polyglot

PDF that has a PNG image in front of it.

Commitment Issues

Had to git checkout to the first commit in the history.