Back to CTFs Portfolio
CTF Writeups picoCTF 2024

picoCTF 2024

Date March 12-26, 2024
Solved 5 / 100
Rank #2,345
Team Solo

Overview

picoCTF 2024 is a beginner-friendly capture the flag competition designed for high school and college students. The challenges covered a wide range of topics including web exploitation, cryptography, reverse engineering, and forensics. Below are my writeups for the challenges I solved.

Challenges Solved

01

Web Gauntlet

Web Exploitation 100 points

Challenge Description

Can you beat the filters? Log in as admin to get the flag. The website implements multiple SQL injection filters that you need to bypass.

http://challenge.com

Solution

The challenge presents a login form with progressive SQL injection filters. Let's break down the approach:

Step 1: Reconnaissance

First, I inspected the login form and tested basic SQL injection payloads. The site had filters blocking common keywords like OR, AND, and =.

Step 2: Bypassing Filters

I used case manipulation and alternative operators to bypass the filters:

SQL 
admin'/**/OR/**/1/**/LIKE/**/1--

Step 3: Exploitation

The payload successfully bypassed all filters by using SQL comments to separate keywords and LIKE operator instead of equals:

Payload 
Username: admin'/**/OR/**/1/**/LIKE/**/1--
Password: anything
Success! The application returned the flag upon successful login.

Flag

picoCTF{sql_1nj3ct10n_m4st3r_abcd1234}
02

Caesar Cipher

Cryptography 50 points

Challenge Description

Decrypt this message that has been encrypted with a Caesar cipher.

encrypted.txt

Solution

Caesar cipher is a simple substitution cipher where each letter is shifted by a fixed number of positions.

Encrypted Message

Text 
Uljv lv d whvw phvvdjh iru fdhvdu flskhu

Decryption Script

I wrote a Python script to brute force all 26 possible shifts:

Python 
def caesar_decrypt(text, shift):
    result = ""
    for char in text:
        if char.isalpha():
            shift_base = ord('A') if char.isupper() else ord('a')
            result += chr((ord(char) - shift_base - shift) % 26 + shift_base)
        else:
            result += char
    return result

encrypted = "Uljv lv d whvw phvvdjh iru fdhvdu flskhu"
for i in range(26):
    print(f"Shift {i}: {caesar_decrypt(encrypted, i)}")

Result

After running the script, shift 3 revealed the plaintext message containing the flag.

Flag

picoCTF{cr4ck3d_th3_c0d3_xyz789}
03

Hidden Flag

Steganography 75 points

Challenge Description

Find the hidden flag in this image file. Use your forensics skills!

challenge.png

Solution

Step 1: Initial Analysis

First, I examined the provided image file visually and checked its metadata:

Challenge image
The original challenge image

Step 2: Using exiftool

I used exiftool to check for any hidden metadata:

Bash 
exiftool challenge.png
Terminal output
Output from exiftool showing suspicious metadata

Step 3: Steganography Detection

I used steghide to extract hidden data from the image:

Before extraction
Before extraction
After extraction
After extraction
Success! Found a hidden text file embedded in the image containing the flag.

Flag

picoCTF{h1dd3n_1n_pl41n_s1ght_abc123}
04

Social Media Trail

OSINT 100 points

Challenge Description

Track down information about a user across social media platforms to find the flag.

Solution

Add your OSINT writeup here...

Flag

picoCTF{0s1nt_m4st3r_xyz456}
05

Buffer Overflow

PWN 150 points

Challenge Description

Exploit a buffer overflow vulnerability to gain shell access.

vuln_binary nc server.com 1337

Solution

Add your PWN writeup here...

Flag

picoCTF{pwn3d_th3_st4ck_def789}