circusmonkey404's Security Site

picoCTF2018 Miscellaneous Absolutely-relative Objective: In a filesystem, everything is relative ¯\_(ツ)_/¯. Can you find a way to get a flag from this program [1] ? You can find it in /problems/absolutely-relative_2_69862edfe341b57b6ed2c62c7107daee on the shell server. Source [2] . Here is the program we need to retrieve the flag #include <stdio.h> #include <string.h> #define yes_len 3 const char *yes = "yes"; int main() {     char flag[99];     char permission[10];     int i;     FILE * file;     file = fopen("/problems/absolutely-relative_2_69862edfe341b57b6ed2c62c7107daee/flag.txt" , "r");     if (file) {      while (fscanf(file, "%s", flag)!=EOF)      fclose(file);     }     file = fopen( "./permission.txt" , "r");     if (file) {      for (i = 0; i < 5; i++){             fscanf(file, "%s", permission);         }         permission[5] = '\0';         fcl

PicoCTF2018 Miscellaneous You can't see me Objective : '...reading transmission... Y.O.U. .C.A.N.'.T. .S.E.E. .M.E.  ...transmission ended...' Maybe something lies in /problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f. Solution : Let's LS the folder and see whats in there ls by itself it shows no files in the directory @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ ls @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ ok now lets do -la which returns long format with while not ignoring . files @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ ls -la total 60 drwxr-xr-x   2 root       root        4096 Mar 25 19:57 . -rw-rw-r--   1 hacksports hacksports    57 Mar 25 19:57 . drwxr-x--x 556 root       root       53248 Mar 25 19:58 .. lets try to cat it now @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ cat

PicoCTF2018 - Miscellaneous - What Base is this? Objective: To be successful on your mission, you must be able read data represented in different ways, such as hexadecimal or binary. Can you get the flag from this program to prove you are ready? Connect with nc 2018shell.picoctf.com 15853. Soution: So I just used some websites to convert the data for me for Binary I used  https://www.rapidtables.com/convert/number/binary-to-ascii.html for Hex I used https://www.rapidtables.com/convert/number/hex-to-ascii.html for Octal I used http://www.unit-conversion.info/texttools/octal/ @pico-2018-shell:~$ nc 2018shell.picoctf.com 15853 We are going to start at the very beginning and make sure you understand how data is stored. toxic Please give me the 01110100 01101111 01111000 01101001 01100011 as a word. To make things interesting, you have 30 seconds. Input: toxic Please give me the 6c616d70706f7374 as a word. Input: lamppost Please give me the  164 141 142 154 145 as

PicoCTF2018 - Miscellaneous - ssh-keyz Objective: As nice as it is to use our webshell, sometimes its helpful to connect directly to our machine. To do so, please add your own public key to ~/.ssh/authorized_keys, using the webshell. The flag is in the ssh banner which will be displayed when you login remotely with ssh to  with your username. Solution: ok so I used puttykeygen to generate a pub and private key connected to webshell under my home directory I created a folder name ./ssh/authroized_keys mkdir ./ssh/authorized_keys I created a new file using vim vim pub.key inserted my public key in the file and saved it I then copied the pub key to the directory I created earlier ./ssh/authorized_keys using putty I connected up to picoctf2018 using ssh login as: ************ Pre-authentication banner message from server: | picoCTF{who_n33ds_p4ssw0rds_38dj21} End of banner message from server Keyboard-interactive authentication prompts from server: | Enter your p

PicoCTF2018 - Miscellaneous - environ Objective: Sometimes you have to configure environment variables before executing a program. Can you find the flag we've hidden in an environment variable on the shell server? Solution: So let's just print out the enviroment variables and see what we see oh, the flag is literally the first output @pico-2018-shell:/problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742/files$ printenv                          SECRET_FLAG=picoCTF{eNv1r0nM3nT_v4r14Bl3_fL4g_3758492} FLAG=Finding the flag wont be that easy...

PicoCTF2018 - Miscellaneous - grep2 Objective: This one is a little bit harder. Can you find the flag in /problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742/files on the shell server? Remember, grep is your friend. Solution: @pico-2018-shell:~$ cd /problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742 @pico-2018-shell:/problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742$ ls -l                                  total 4 drwxr-xr-x 12 root root 4096 Mar 25 19:18 files cool so there is a folder name files lets see what's inside cd files @pico-2018-shell:/problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742/files$ ls -l total 40 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files0 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files1 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files2 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files3 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files4 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files5 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files6 drwxr-xr-x 2 r

PicoCTF2018 - Miscellaneous - Pipe Objective: During your adventure, you will likely encounter a situation where you need to process data that you receive over the network rather than through a file. Can you find a way to save the output from this program and search for the flag? Connect with 2018shell.picoctf.com 44310 Solution: Let's get on the shell let's try just netcat to the port listed wow it is just sending a bunch of text lines that say stuff like this is not a flag                                                                                                        This is not a flag                                                                                                        Unfortunately this is also not a flag                                                                                    I'm sorry you're going to have to look at another line                                                                    I&

PicoCTF2018 - Miscellaneous - Strings Objectives Can you find the flag in this file [1]  without actually running it? You can also find the file in /problems/strings_1_c7bac958dd6a4b695dc72446d8014f59 on the shell server. Solutions Connect up to the shell and cd to the appropriate folder @pico-2018-shell:/$ cd /problems/strings_1_c7bac958dd6a4b695dc72446d8014f59                                  @pico-2018-shell:/problems/strings_1_c7bac958dd6a4b695dc72446d8014f59$ ls                                    strings Let's run strings and see what it does @pico-2018-shell:/problems/strings_1_c7bac958dd6a4b695dc72446d8014f59$ ./strings                                Have you ever used the 'strings' function? Check out the man pages! Okay let's check out the man like the hint says man Strings STRINGS(1)                                       GNU Development Tools                                       STRINGS(1)                                   

PicoCTF2018 - Miscellaneous - ACA-Shell-A Objective: It's never a bad idea to brush up on those linux skills or even learn some new ones before you set off on this adventure! Connect with nc 2018shell.picoctf.com 27833. Resolution: OK this one is interactive asmith85338@pico-2018-shell:/$ nc 2018shell.picoctf.com 27833 Sweet! We have gotten access into the system but we aren't root. It's some sort of restricted shell! I can't see what you are typing but I can see your output. I'll be here to help you along. If you need help, type "echo 'Help Me!'" and I'll see what I can do There is not much time left! ~/$  let's start with ls -l to see where we are and whats in there. ~/$ ls -l drwxr-xr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Jul  1  2018 blackmail drwxr-xr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Jul  1  2018 executables drwxrwxr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Apr 13  2018 passwords dr