Obedient Cat
We will start with the first task which should not be to difficult ;).
cat flag
Python Wrangling
Download all 3 files what are necessary for the challenge and follow the syntax:
![](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-05_19-34.png)
Wave a flag
./warm -h
Nice netcat…
In your terminal call nc mercury.picoctf.net 35652 > nice_netcat.
Now with a little python script we will read the output, trim the white spaces, newlines and convert it into ASCII character.
temp = open('nice_netcat')
temp = temp.read().splitlines()
flag = ''
print(temp)
for e in temp:
flag += chr(int(e))
print(flag)
Static ain’t always noise
Download the static binary and use the following command
strings static | grep pico
Tab, Tab, Attack
Straight forward
![unzip the picoctf challange](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-06_18-25.png)
Magikarp Ground Mission
Login via the ssh credentials and follow the instructions
![ssh connection to picoctf](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-06_18-30.png)
Lets Warm Up
0x70 Hex in ASCII – lets see the man files for ascii with – man ascii
![man ascii hex 0x70](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-06_18-36.png)
Warmed Up
This can be solved with python
>>> int('0x3D', 16)
2Warm
Again python
>>> bin(42)
what’s a net cat?
nc jupiter.challenges.picoctf.org 25103
strings it
strings strings | grep pico
Bases
echo "bDNhcm5fdGgzX3IwcDM1" | base64 -d
First Grep
cat file | grep pico
Based
This can be done with CyberChef open in a separate window
![picoctf nc challenge](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-06_20-32.png)
plumbing
nc jupiter.challenges.picoctf.org 14291 > plumbing; cat plumbing | grep pico
mus1c
After a while you will recognize some words which are repeating over and over again. These are shout, put and knock. Just go to google with there 3 words and put on your search a esoteric behind you fill find the first search result very interesting – rockstar.
![rockstar program](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-06_20-59.png)
Just translate the decimal output into ASCII characters and you have the flag which to submit in the format picoCTF{}.
flag_shop
When you look into the source code you will see the part which we can exploit:
![pico-ctf flag_shop solution](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-16_09-58.png)
This integer can hold 4 Byte – a maximum value of -2 147 483 648 and 2 147 483 647.
To create the complement of the integer we can divide the maximum value of the integer through 899 (not 900 – because of the account balance) and give the result 2388747 as input to the flag volume. After this you can but the 1337 flag.
![nc session to buy the flag](https://it-tfuerst.de/wp-content/uploads/2021/05/2021-05-16_10-02.png)