We need to find the malware name for a bitcoin address. Bitcoin address is the following.
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
Just search for 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX malware and you will be able to find the flag. Here is a hint...
picoCTF[P...a]
In this ctf, we will learn about SSH, ls and cat. If you know nothing about these terms, do not worry, we will cover them right now.
You can always use the following commands to learn more about them in the terminal.
man ssh
man ls
In a short, ssh is a program that has the purpose of logging into a remote machine and executes commands that the user wants.
First, open up the terminal and using the following command initiate a connection with the server.
nc saturn.picoctf.net 57689
You have to md5 hash the presented text between quotes. To do that, you can apply this command.
echo -n "cholesterol" | md5sum
Open up the terminal and type the following command.
nc saturn.picoctf.net 51109
You will get an output. Copy that output and open up a terminal and type the following command.
python3
print('picoCTF{gl17ch_m3_n07_' + chr(0x62) + chr(0x64) + chr(0x61) + chr(0x36) + chr(0x38) + chr(0x66) + chr(0x37) + chr(0x35) + '}')
Download the fixme2.py file, open it in an editor and change it to the following.
import random
def str_xor(secret, key):
#extend key to secret length
new_key = key
i = 0
while len(new_key) < len(secret):
new_key = new_key + key[i]
i = (i + 1) % len(key)
return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
flag_enc = chr(0x15) + chr(0x07) + chr(0x08) + chr(0x06) + chr(0x27) + chr(0x21) + chr(0x23) + chr(0x15) + chr(0x58) + chr(0x18) + chr(0x11) + chr(0x41) + chr(0x09) + chr(0x5f) + chr(0x1f) + chr(0x10) + chr(0x3b) + chr(0x1b) + chr(0x55) + chr(0x1a) + chr(0x34) + chr(0x5d) + chr(0x51) + chr(0x40) + chr(0x54) + chr(0x09) + chr(0x05) + chr(0x04) + chr(0x57) + chr(0x1b) + chr(0x11) + chr(0x31) + chr(0x0e) + chr(0x51) + chr(0x5c) + chr(0x44) + chr(0x51) + chr(0x0a) + chr(0x5b) + chr(0x5a) + chr(0x19)
flag = str_xor(flag_enc, 'enkidu')
# Check that flag is not empty
if flag == "":
print('String XOR encountered a problem, quitting.')
else:
print('That is correct! Here\'s your flag: ' + flag)
Download the fixme1.py file, open it in an editor and change it to the following.
import random
def str_xor(secret, key):
#extend key to secret length
new_key = key
i = 0
while len(new_key) < len(secret):
new_key = new_key + key[i]
i = (i + 1) % len(key)
return "".join([chr(ord(secret_c) ^ ord(new_key_c)) for (secret_c,new_key_c) in zip(secret,new_key)])
flag_enc = chr(0x15) + chr(0x07) + chr(0x08) + chr(0x06) + chr(0x27) + chr(0x21) + chr(0x23) + chr(0x15) + chr(0x5a) + chr(0x07) + chr(0x00) + chr(0x46) + chr(0x0b) + chr(0x1a) + chr(0x5a) + chr(0x1d) + chr(0x1d) + chr(0x2a) + chr(0x06) + chr(0x1c) + chr(0x5a) + chr(0x5c) + chr(0x55) + chr(0x40) + chr(0x3a) + chr(0x5f) + chr(0x53) + chr(0x5b) + chr(0x57) + chr(0x41) + chr(0x57) + chr(0x08) + chr(0x5c) + chr(0x14)
flag = str_xor(flag_enc, 'enkidu')
print('That is correct! Here\'s your flag: ' + flag)
First, download the file. Then navigate to the destination of the file and in terminal type the following command.
grep 'picoCTF' file
The command grep 'picoCTF' just searches through the file and prints the string that contains picoCTF.
First use wget to download the files.zip
wget https://artifacts.picoctf.net/c/500/files.zip
Extract the file using zip.
unzip -u files.zip
First, download the convert.py file. Run it with the folllowing command.
python3 convert.py
You are prompted with the following text.
If 15 is in decimal base, what is it in binary base?
Every decimal number has a representation in a binary form. For example, take the number 3, which is in the decimal format. In the binary form it is equal to '11'.
First download in the same directory code.py and codebook.txt
Then run the following command and you've got the flag.
python3 code.py