timnott-it

You have found your next IT professional

Month: February 2022

PicoCTF – Static Ain’t Always Noise

February 22, 2022 / / 0 Comments

https://play.picoctf.org/practice/challenge/163

Description:

Can you look at the data in this binary: static? This BASH script might help!

Solution:

So I had seen the term ‘bash’ around quite a bit but didn’t actually know what it was or what it meant. A search for ‘bash script’ gave me: 

“A Bash script is a text file containing a series of commands. Any command that can be executed in the terminal can be put into a Bash script. Any series of commands to be executed in the terminal can be written in a text file, in that order, as a Bash script.”

Not complicated. But how to set it in motion? That’s not difficult either:

bash filename.sh 
I used wget to get the script downloaded and that gave me a file: ltdis.sh

#!/bin/bash

echo "Attempting disassembly of $1 ..."

#This usage of "objdump" disassembles all (-D) of the first file given by 
#invoker, but only prints out the ".text" section (-j .text) (only section
#that matters in almost any compiled program...

objdump -Dj .text $1 > $1.ltdis.x86_64.txt

#Check that $1.ltdis.x86_64.txt is non-empty
#Continue if it is, otherwise print error and eject

if [ -s "$1.ltdis.x86_64.txt" ]
then
		echo "Disassembly successful! Available at: $1.ltdis.x86_64.txt"

		echo "Ripping strings from binary with file offsets..."
		strings -a -t x $1 > $1.ltdis.strings.txt
		echo "Any strings found in $1 have been written to $1.ltdis.strings.txt with file offset"



else
		echo "Disassembly failed!"
		echo "Usage: ltdis.sh <program-file>"
		echo "Bye!"
fi

This turns out to be an if statement and tells you what you are looking out for with a successful outcome. “Disassembly successful!” At this stage I don’t understand the detail contained in this script but I knew enough to run it and hopefully find a flag. But how to insert the ‘static’ file into the script?

Using wget to download the ‘static’ file the obvious thing to then try was just putting the filename after the bash script command in the webshell:

bash ltdis.sh static

And yes that worked:

Attempting disassembly of static ...
Disassembly successful! Available at: static.ltdis.x86_64.txt
Ripping strings from binary with file offsets...
Any strings found in static have been written to static.ltdis.strings.txt with file offset

and gave me two more files: static.ltdis.x86_64.txt and static.ltdis.strings.txt the second of which contained the flag.

PicoCTF – Speeds and Feeds

February 15, 2022 / / 0 Comments

https://play.picoctf.org/practice/challenge/116?page=3

Description:

There is something on my shop network running at nc mercury.picoctf.net 59953, but I can’t tell what it is. Can you?

Solution:

So if we run nc mercury.picoctf.net 59953 in the webshell we get a whole bunch of data lines all starting with the letter G. The hint in the challenge asks what code does a CNC machine use? Google tells us that it is called gcode. 

Next we can look for a CNC simulator online and of course there is such a thing:

https://ncviewer.com/

But the webshell doesn’t make it easy to copy all of the lines to the clipboard so we need a way to download the them to our local machine where we can open them in a text editor and clipboard all of the text. So to do this I used the command:

nc mercury.picoctf.net 59953 > gcode.txt

This created a .txt file containing all the data lines. Then I needed to find a way to download this file to my local machine. After searching online for a while and only coming up with complicated answers that didn’t work or needed an install that the picoCTF webshell wouldn’t allow, I went back to basics and read the READme.txt file! In this file we see:

# Experimental features

– Exporting files from the webshell to the browser or vice versa

  is possible using `sz <filename>` / `rz`.

So then it was just a case of: 

sz gcode.txt

Open this file in a text editor, copy all the lines of data to the clipboard and paste in the gcode file field in the NCViewer, hit ‘Plot’ and see the result:

Obviously I’m not going to reveal the answer that would be far too easy for you.

© 2025 timnott-it

Theme by Anders NorénUp ↑