Challenge Description Find the password (say PASS) and enter the flag in the form HTB{PASS} Solution This challenge is reverse engineering and we are asked to find a correct password. Let’s check the file type. Now, for analysis let’s use a debugging tool. I used ida. When opening the file, choose 32-bit and Intel 80386 … Read More “Hack the box – Find The Easy Pass write-up” »
Description I’ve hidden a flag in this file. Can you find it? Forensics is fun.pptm Solution Let’s see what is hidden in the ppt file. OK, There are quite many files hidden. Let’s extract them. Then we get the directory called _Forensics is fun.pptm.extracted Let’s see what’s inside. Found the file hidden! What’s written inside … Read More “picoCTF2021 – MacroHard WeakEdge write up” »
Description Kishor Balan tipped us off that the following code may need inspection: https://jupiter.challenges.picoctf.org/problem/9670/ (link) or http://jupiter.challenges.picoctf.org:9670 Solution Let’s check the webpage. There is the first part of the flag in page source view. The second part is hidden in the link at mycss.css And the last piece of the flag is in the myjs.js … Read More “picoCTF2019 – Insp3ct0r write up” »
Description Files can always be changed in a secret way. Can you find the flag? cat.jpg Solution Check out the details of the attached image file. exiftool can be used. Then, we get the result as below. License looks like base 64 encoded. Let’s decode it. picoCTF{the_m3tadata_1s_modified}
Description crackme.py Solution Check the source code of the python file. We can see there are two functions decode_secret() and choose_greatest(). At the end of the file, choose_greatest function is called. But, we don’t need this function. So let’s delete it. Instead, we want to use decode function. Also, we are given with the encoded … Read More “picoCTF2021 – crackme-py write up” »
I’ve pwned Keeper challenge. I will share how I solved the challenge. To sum up, before writing about the solution, I felt the user flag was easy to find but the privilege escalation was a bit tricky. OK, let’s start it. Enumerate First of all, I found ports 80 and 22 are open, So I … Read More “CVE-2023-32784 Hack the box – keeper writeup” »