picoCTF

You may be interested in participating in picoCTF, a computer security game designed to teach students computer security concepts and techniques. It is open to anyone, but primarily aimed at middle and high school students in the United States. You can find more information at https://picoctf.com/.

Additionally, if you're interested in learning more about offensive and defensive security, as well as other topics such as blockchain, crypto, forensic, OSINT, and more, I highly recommend checking out my other Repositories.

All of the content is published on GitHub and Medium, so you can easily access it and learn at your own pace.

The Emoji below will tell you about the status for the writeup
⚠️ - The Challenge is currently dissabled.
❌ - The Writeup is not done yet
✅ - The Writeup is done

General Skills

Challenge	Points	Category	Status
Obedient Cat	5	Basic Linux cmd cat	✅
Python Wrangling	10		✅
Wave a flag	10		✅
Nice netcat...	15	netcat(nc) python basic decode	✅
Static ain't always noise	20		❌
Tab, Tab, Attack	20		❌
Magikarp Ground Mission	30		❌
Lets Warm Up	50		❌
Warmed Up	50		❌
2Warm	50		❌
what's a net cat?	100		❌
strings it	100		❌
Bases	100		❌
First Grep	100		❌
Codebook	100		❌
convertme.py	100		❌
fixme1.py	100		❌
fixme2.py	100		❌
Glitch Cat	100		❌
HashingJobApp	100		❌
PW Crack 1	100		❌
PW Crack 2	100		❌
PW Crack 3	100		❌
PW Crack 4	100		❌
PW Crack 5	100		❌
runme.py	100		❌
Serpentine	100		❌
First Find	100		❌
Big Zip	100		❌
chrono	100		❌
money-ware	100		❌
Permissioins	100		❌
repetitions	100		❌
useless	100		❌
Based	100		❌
plumbing	100		❌
mus1c	300		❌
flag_shop	300		❌
Special	300		❌
1_wanna_b3_a_r0ck5star	350		❌
Specialer	400		❌

Forensic

Challenge	Points	Category	Status
Informations	10	metadata exiftools base64	✅
Matryoshka Doll	30	hidden file unzip	✅
tunn3l v1s10n	40		❌
Glory of the Garden	50		❌
Wireshark doo dooo do doo...	50		❌
MacroHard WeakEdge	60		❌
Trivial Flag Transfer Protocol	90		❌
Wireshark twoo twooo two twoo...	100		❌
advanced-potion-making	100		❌
Enhance!	100		❌
File types	100		❌
Lookey here	100		❌
Packets Primer	100		❌
Redaction gone wrong	100		❌
Sleuthkit Intro	100		❌
hideme	100		❌
PcapPoisoning	100		❌
who is it	100		❌
Disk, disk, sleuth!	110		❌
Milkslap	120		❌
Disk, disk, sleuth! II	130		❌
So Meta	150		❌
shark on wire 1	150		❌
extensions	150		❌
What Lies Within	150		❌
Pitter, Patter, Platters	200		❌
scrambled-bytes	200		❌
WPA-ing Out	200		❌
Sleuthkit Apprentice	200		❌
FindAndOpen	200		❌
MSB	200		❌
m00nwalk	250		❌
WhitePages	250		❌
c0rrupt	250		❌
like1000	250		❌
Surfing the Waves	250		❌
m00nwalk2	300		❌
Investigative Reversing 0	300		❌
shark on wire 2	300		❌
Very very very Hidden	300		❌
Eavesdrop	300		❌
Operation Oni	300		❌
St3g0	300		❌
Invisible WORDs	300		❌
Investigative Reversing 1	350		❌
Investigative Reversing 2	350		❌
WebNet0	350		❌
Investigating Reversing 3	400		❌
Investigating Reversing 4	400		❌
Operation Orchild	400		❌
SideChannel	400		❌
Torrent Analyze	400		❌
WebNet1	450		❌
investigation_encoded_1	450		❌
investiagtion_encoded_2	500		❌
B1g_Mac	500		❌
UnforgottenBits	500		❌

Cryptography

Challenge	Points	Tags	Status
Mod 26	10	ROT 13	✅
Mind your Ps and Qs	20	RSA	:white_check_mark
Easy Peasy	40		❌
The Numbers	50		❌
New Caesar	60		❌
Mini RSA	70		❌
Dachshund Attacks	80		❌
No Padding, No Problem	90		❌
Easy 1	100		❌
13	100		❌
caesar	100		❌
Pixelated	100		❌
spelling-quiz	100		❌
basic-mod1	100		❌
basie-mode2	100		❌
credstuff	100		❌
morse-code	100		❌
rail-fence	100		❌
substitution0	100		❌
substitution1	100		❌
substitution2	100		❌
transposition-trial	100		❌
Vigenere	100		❌
HideToSee	100		❌
ReadMyCert	100		❌
rotation	100		❌
Play Nice	110		❌
Double DES	120		❌
Compress and Attack	130		❌
Scrambled: RSA	140		❌
XtraORdinary	150		❌
triple-secure	150		❌
la cifra de	200		❌
Tapping	200		❌
Flags	200		❌
Mr-Worldwide	200		❌
rsa-pop-quiz	200		❌
PowerAnalysis: Warmup	200		❌
college-rowing-team	250		❌
waves over lambda	300		❌
miniRSA	300		❌
It's Not My Fault 1	300		❌
New Vignere	300		❌
Very Smooth	300		❌
corrupt-key-1	350		❌
b00tl3gRSA2	400		❌
AES-ABC	400		❌
Sequences	400		❌
Sum-O-Primes	400		❌
PowerAnalysis: Part 1	400		❌
SRA	400		❌
b00tl3gRSA3	450		❌
john_pollard	500		❌
Clouds	500		❌
corrupt-key-2	500		❌
NSA Backdoor	500		❌
PowerAnalysis: Part 2	500		❌

Binary Exploitation

Challenge	Points	Tags	Status
Stonks	20	Format String Address Leaking	✅
Cache Me Outside	70		❌
Here's a LIBC	90		❌
Unsubscriptions Are Free	100		❌
basic-file-exploit	100		❌
buffer overflow 0	100	32-bits Buffer Overflow	✅
CVE-XXXX-XXXX	300	CVE Searching	✅
babygame01	100		❌
two-sum	100		❌
clutter-overflow	150		❌
filtered-shellcode	160		❌
Kit Engine	200		❌
buffer overflow 1	200	Buffer Overflow 32-bits Ret2win	✅
RPS	200		❌
x-sixty-what	200	64-bits Buffer Overflow Ret2win	✅
babygame02	200		❌
hijacking	200		❌
tic-tac	200		❌
VNE	200		❌
Guessing Game 1	250		❌
Stonk Market	250		❌
fermat-strings	250		❌
messy-malloc	300		⚠️
Guessing Game 2	300		❌
buffer overflow 2	300		❌
buffer overflow 3	300		⚠️
flag leak	300		❌
ropfu	300	Buffer Overflow 32-bits Syscall ropchain	✅
wine	300		❌
Horsetrack	300		❌
seed-sPRiNG	350		❌
Download Horsepower	350		❌
SaaS	350		❌
The Office	400		❌
homework	400		❌
function overwrite	400		❌
stack cache	400		❌
Turboflan	450		❌
lockdown-horses	450		❌
sice_cream	500		❌
zero_to_hero	500		❌
Bizz Fuzz	500		❌
vr-school	500		❌
solfire	500		❌

Reverse Engineering

Challenge	Points	Category	Status
Transformation	20		❌
keygenme-py	30		❌
crackme-py	30		❌
ARMssembly	30		❌
vault-door-training	50		❌
speeds and feeds	50		❌
Shop	50		❌
ARMssembly 1	70		❌
ARMssembly 2	90		❌
vault-door-1	100		❌
Hurry up! Wait!	100		❌
file-run1	100		❌
file-run2	100		❌
GDB Test Drive	100		❌
patchme.py	100		❌
Safe Opener	100		❌
unpackme.py	100		❌
Ready Gladiator 0	100		❌
Reverse	100		❌
Safe Opener 2	100		❌
timer	100		❌
Virtual Machine 0	100		❌
gogo	110		❌
ARMssembly 3	130		❌
Let's get dynamic	150		❌
not crypto	150		❌
Easy as GDB	160		❌
ARMssembly 4	170		❌
Powershelly	180w		❌
asm1	200		❌
vault-door-3	200		❌
breadth	200		❌
bloat.py	200		❌
Fresh Java	200		❌
No way out	200		❌
Ready Gladiator 1	200		❌
asm2	250		❌
vault-door-4	250		❌
droids0	300		❌
asm3	300		❌
vault-door-5	300		❌
reverse_cipher	300		❌
OTP Implementation	300		❌
Rolling My Own	300		❌
Bbbbloat	300		❌
unpackme	300		❌
Virtual Machine 1	300		❌
droids 1	350		❌
vault-door-6	350		❌
riscy business	350		❌
Checkpass	375		❌
asm4	400		❌
Need For Speed	400		❌
B1ll_Gat35	400		❌
droids2	400		❌
vault-door-7	400		❌
keygenme	400		❌
Ready Gladiator 2	400		❌
vault-door-8	450		❌
droids3	450		❌
droids4	500		❌
Forky	500		❌
MATRIX	500		❌
Wizardlike	500		❌

Web Exploitation

Challenge	Points	Category	Status
GET aHEAD	20	curl Header	✅
Cookie	40	Cookie	✅
Insp3ct0r	50	Web Puzzles Source Code	✅
Scavenger Hunt	50	Web Puzzles Source Code Apache 2.0 robots.txt	✅
Some Assembly Required 1	70		❌
More Cookies	90		❌
where are the robots	100	robots.txt hidden directory	✅
logon	100		❌
dont-use-client-side	100		❌
It is my Birthday	100		❌
Who are you?	100		❌
login	100		❌
Includes	100		❌
Inspect HTML	100		❌
Local Authority	100		❌
Search source	100		❌
findme	100		❌
MatchTheRegex	100		❌
SOAP	100		❌
Some Assembly Required 2	110		❌
Super Serial	130		❌
Most Cookies	150		❌
caas	150		❌
Some Assembly Required 3			❌
Web Gauntlet 2	170		❌
picobrowser	200		❌
Client-side-again	200		❌
Web Gauntlet	200		❌
Some Assembly Required 4	200		❌
Forbidden Paths	200		❌
Power Cookie	200		❌
Roboto Sans	200		❌
Secrets	200		❌
SQL Direct	200		❌
More SQLi	200		❌
X marks the spot	250		❌
notepad	250		❌
Irish-Name-Repo 1	300		❌
Web Gauntlet 3	300		❌
JAuth	300		❌
SQLiLite	300		❌
Java Code Analysis!?!	300		❌
Irish-Name-Repo 2	350		❌
Irish-Name-Repo 3	400		❌
JaWT Scratchpad	400		❌
Java Script Kiddie	400		❌
Java Script Kiddie 2	450		❌
Bithug	500		❌
Live Art	500		❌
noted	500		❌
cancri-sp	500		❌
msfroggenerator2	500		❌