Picoctf Contents
Picoctf Contents
Task 1
Easy Peasy
Description: A one-time pad is unbreakable, but can you manage to recover the flag?
Step1: The otp.py python file is inspected. The command “nc mercury.picoctf.net 11188” initiates
communication with the server, essential for retrieving the encrypted flag or sending required
inputs.
Step 2: The command sends a long string of 'a' characters to a server at mercury.picoctf.net on
port 11188. This is often done to test the server's response to a large input. It can help identify
vulnerabilities or behaviors in the server's handling of data.
An online tool is used to convert this hexadecimal result into ASCII text. The ASCII text you get
from the tool is the original message or flag. Decrypted the message by XOR-ing key segments
with the ciphertext, converted the result from hexadecimal to ASCII, and submitted the ASCII text
as the flag to picoCTF.
Task 2
Pixelated
Description: I have these 2 images, can you make a flag out of
them? scrambled1.png scrambled2.png
‘scramble1.png’ and
‘scramble2.png’ are
the two given images
This code processes two images by summing their corresponding pixel values. Each pixel's RGB
values from both images are added together, and if the result exceeds the maximum value of 255,
it wraps around using modulo 256 to keep the values within the valid RGB range. The combined
result is saved as a new image called `flag.png`. This approach blends the two images, producing
a composite image that represents the combined colour information from the originals.
Task 3
Mini RSA
Description: Let's decrypt this: ciphertext? Something seems a bit small.
In RSA encryption, `n` is the modulus used for both encryption and decryption, and `c` is the
ciphertext resulting from encrypting plaintext with the public key. This code attempts to decrypt a
ciphertext `c` by finding the cube root of modified ciphertext values (`c + i * n`) for values of `i`
from 0 to 3999. It converts the cube root result from hexadecimal to ASCII and checks if the string
"pico" (in hex: "7069636f") is present. When found, it prints the corresponding plaintext.
Task 4
No Padding, No Problem
Description: Oracles can be your best friend, they will decrypt anything, except the flag's
ciphertext. How will you break it? Connect with nc mercury.picoctf.net
The code connects to a remote server and retrieves the RSA parameters `n`, `e`, and the ciphertext
`c`. It then modifies the ciphertext, sends it back to the server, and receives the decrypted response.
Finally, it processes and prints the decrypted message, revealing the flag.
Task 5
Substitution 1
Description: A second message has come in the mail, and it seems almost identical to the first
one. Maybe the same thing will work again.
Quipqiup online tool is a useful resource for decrypting messages encoded with simple ciphers
such as Caesar, Vigenère, or other classical encryption methods. Decrypting the message and
revealing the flag means successfully completing the challenge.
Task 6
Substitution 0
Description: A message has come in but it seems to be all scrambled. Luckily it seems to have
the key at the beginning. Can you crack this substitution cipher? Download the message here.
A substitution solver online tool decrypts messages by analyzing and substituting each letter of
the encoded text using the key, giving the correct plaintext letter, revealing the flag.
Task 7
rail-fence
Description: A type of transposition cipher is the rail fence cipher, which is described here. Here
is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it?Download the
message here.Put the decoded message in the picoCTF flag
format, picoCTF{decoded_message}.
CyberChef is an online tool that allows users to perform a wide range of data manipulation and
encryption/decryption tasks. It was used for decrypting the above message, to reveal the flag.
Task 8
ReadMyCert
Description: How about we take you on an adventure on exploring certificate signing
requestsTake a look at this CSR file here.
Task 9
HideToSee
Description: How about some hide and seek heh? Look at this image here.
Task 10
interencdec
Description: Can you get the real meaning from this file. Download the file here.
A substitution solver online tool decrypts messages by analyzing and cracking the Caesar using
the brute force method, giving the correct plaintext letters, revealing the flag.