PicoCTF Writeup – Based
# Information:
CTF Name: PicoCTF
CTF Challenge: Based
Challenge Category: General Skills
Challenge Points: 200
PicoCTF 2019.
# Challenge Description:
To get truly 1337, you must understand different data encodings, such as hexadecimal or binary. Can you get the flag from this program to prove you are on the way to becoming 1337? Connect with nc jupiter.challenges.picoctf.org 29956.
Hint: I hear python can convert things. It might help to have multiple windows open.
# Writeup
In this challenge, we are given an netcat command with a address and a port to connect. I used it on my Linux terminal as such:
mregra on Cyber ~$ nc jupiter.challenges.picoctf.org 29956
The output was as in the image below:
As you can see we have to convert that binary array to ASCII. To do that I decided to write a simple python 3 script. This script simply converts the value provided to ASCII, as such:
After inserting the correct word as input I received another conversion request. After that one a new came up. I was not able to solve all of them in time, the connection drooped and I had to restart. Once I did new values were presented!! I decided to improve my python 3 script to be able to perform all the required conversions (see below reference to source code on GitHub repository).
Below is an image of my path to the solution:
As you can see the first message given is in binary. The second however is in a different base. It is possible to see that the greater digit is 7, I assumed that this meant that the base was octal. I went to the ASCII table to confirm if these values matched any alphanumeric characters and it turned out that they matched!! The last one was a little harder to figure out, but after some research I was able to find out that it is hexadecimal. Knowing this I finished my python 3 script. In the final result I have 3 methods, one to convert from binary to ASCII, another from octal to ASCII and the last one from hexadecimal to ASCII.
In the image below you can see the interaction with the script interface for the example above:
And finally, the flag is:
The source code can be found here. I decided to improve the tool so the interface might be a little different, but the idea is the same.
Thank you very much for reading!
Cheers,
MRegra