PicoCTF 2019 Solutions

This is a dump of many of our PicoCTF 2019 solutions. Most solutions included here are ones that were solved with code, though some of them were done by hand.

Recommended tools

Here are some recommended tools that we used to complete these challenges

General

• www.google.com (infinite knowledge)
• https://en.wikipedia.org (finite knowledge)
• Python (programming solutions)
• C# (programming solutions)
• www.base64encode.org (encoding/decoding base64)
• www.rapidtables.com (converting integer bases and encodings)
• VMWare Workstation (Windows/Linux/Android virtual machines)
• VirtualBox (Windows/Linux virtual machines)
• Notepad++ (half decent text editor)
• Visual Studio Code (half decent cross-platform text editor)

Binary Exploitation

• Ghidra (reversing)
• IDA (reversing, patching)
• gdb (debugging)
• pwntools Python module (programming solutions)
• ROPgadget (ropchain generation)

Forensics/Reversing

• Ghidra (reversing)
• IDA (reversing, patching)
• HxD (hex editor)
• jd-gui (Java decompiler)
• dextools (APK to JAR converter)
• apktool (APK extractor)
• LuckyPatcher (signing recompiled APKs)
• Android Studio (android emulator)
• Android Emulator for Visual Studio (android emulator)

Web Exploitation

• Chrome Devtools (monitoring browser network traffic, controlling environment)
• CharlesProxy (monitoring network traffic)
• EditThisCookie (quickly editing cookies w/o devtools)
• JohnTheRipper (secret key cracker)
• www.jwt.io (JWT cookie editor)

Solution Index

Binary Exploitation

• AfterLife (solved)
• CanaRy (solved)
• Ghost_Diary (unsolved)
• GoT (solved)
• handy-shellcode (solved)
• Heap overflow (solved)
• L1im1tL355 (solved)
• leap-frog (solved)
• messy-malloc (solved)
• NewOverFlow-1 (solved)
• NewOverFlow-2 (solved)
• OverFlow 0 (solved)
• OverFlow 1 (solved)
• OverFlow 2 (solved)
• pointy (solved)
• practice-run-1 (solved)
• rop32 (solved)
• rop64 (solved)
• SecondLife (solved)
• seed-sPRiNG (solved)
• sice_cream (unsolved)
• slippery-shellcode (solved)
• stringzz (solved)
• zero_to_hero (unsolved)

Cryptography

• 13 (solved)
• AES-ABC (solved)
• b00tl3gRSA2 (solved)
• b00tl3gRSA3 (solved)
• caesar (solved)
• Easy1 (solved)
• Flags (solved)
• john_pollard (solved)
• la cifra de (solved)
• miniRSA (solved)
• Mr-Worldwide (solved)
• rsa-pop-quiz (solved)
• Tapping (solved)
• The Numbers (solved)
• waves over lambda (solved)

Forensics

• B1g_Mac (unsolved)
• c0rrupt (solved)
• extensions (solved)
• Glory of the Garden (solved)
• investigation_encoded_1 (solved)
• investigation_encoded_2 (unsolved)
• Investigative Reversing 0 (solved)
• Investigative Reversing 1 (solved)
• Investigative Reversing 2 (solved)
• Investigative Reversing 3 (solved)
• Investigative Reversing 4 (solved)
• like1000 (solved)
• m00nwalk (solved)
• m00nwalk2 (solved)
• pastaAAA (solved)
• shark on wire 1 (solved)
• shark on wire 2 (solved)
• So Meta (solved)
• unzip (solved)
• WebNet0 (solved)
• WebNet1 (solved)
• What Lies Within (solved)
• WhitePages (solved)

General Skills

• 1_wanna_b3_a_r0ck5tar (solved)
• 2Warm (solved)
• Based (solved)
• Bases (solved)
• First Grep (solved)
• First Grep: Part II (solved)
• flag_shop (solved)
• Lets Warm Up (solved)
• mus1c (solved)
• plumbing (solved)
• Resources (solved)
• strings it (solved)
• Warmed Up (solved)
• what's a net cat? (solved)
• whats-the-difference (solved)
• where-is-the-file (solved)
• The Factory's Secret (solved)

Reversing

• asm1 (solved)
• asm2 (solved)
• asm3 (solved)
• asm4 (solved)
• B1ll_Gat35 (unsolved)
• droids0 (solved)
• droids1 (solved)
• droids2 (solved)
• droids3 (solved)
• droids4 (solved)
• Forky (solved)
• Need For Speed (solved)
• reverse_cipher (solved)
• Time's Up (solved)
• Time's Up Again (solved)
• Time's Up For The Last Time (unsolved)
• vault-door-1 (solved)
• vault-door-3 (solved)
• vault-door-4 (solved)
• vault-door-5 (solved)
• vault-door-6 (solved)
• vault-door-7 (solved)
• vault-door-8 (solved)
• vault-door-training (solved)

Web Exploitation

• cereal hacker 1 (solved)
• cereal hacker 2 (solved)
• Client-side-again (solved)
• dont-use-client-side (solved)
• Empire1 (solved)
• Empire2 (solved)
• Empire3 (solved)
• Insp3ct0r (solved)
• Irish-Name-Repo 1 (solved)
• Irish-Name-Repo 2 (solved)
• Irish-Name-Repo 3 (solved)
• JaWT Scratchpad (solved)
• logon (solved)
• Open-to-admins (solved)
• picobrowser (solved)
• where are the robots (solved)
• Java Script Kiddie (solved)
• Java Script Kiddie 2 (solved)