/ctf/pico/Recent content in PicoCTF on d3boHugo -- gohugo.ioenCopyright (c) 2025 HyasMon, 08 Jan 2024 12:16:22 +0100/ctf/pico/function-overwrite/Sat, 16 Aug 2025 00:00:00 +0000/ctf/pico/function-overwrite/#include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <wchar.h> #include <locale.h> #define BUFSIZE 64 #define FLAGSIZE 64 int calculate_story_score(char *story, size_t len) { int score = 0; for (size_t i = 0; i < len; i++) { score += story[i]; } return score; } void easy_checker(char *story, size_t len) { if (calculate_story_score(story, len) == 1337) { char buf[FLAGSIZE] = {0}; FILE *f = fopen("flag./ctf/pico/x-sixty-what/Fri, 15 Aug 2025 00:00:00 +0000/ctf/pico/x-sixty-what/#!/usr/bin/env python3 from pwn import * HOST = "saturn.picoctf.net" PORT = 64947 exe = ELF("./vuln_patched") context.binary = exe context.terminal = ['tmux', 'splitw', '-h'] #context./ctf/pico/clutter-overflow/Wed, 13 Aug 2025 00:00:00 +0000/ctf/pico/clutter-overflow/#include <stdio.h> #include <stdlib.h> #define SIZE 0x100 #define GOAL 0xdeadbeef const char* HEADER = " ______________________________________________________________________\n" "|^ ^ ^ ^ ^ ^ |L L L L|^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^|\n" "| ^ ^ ^ ^ ^ ^| L L L | ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ |\n" "|^ ^ ^ ^ ^ ^ |L L L L|^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ==================^ ^ ^|\n" "| ^ ^ ^ ^ ^ ^| L L L | ^ ^ ^ ^ ^ ^ ___ ^ ^ ^ ^ / \\^ ^ |\n" "|^ ^_^ ^ ^ ^ =========^ ^ ^ ^ _ ^ / \\ ^ _ ^ / | | \\^ ^|\n" "| ^/_\\^ ^ ^ /_________\\^ ^ ^ /_\\ | // | /_\\ ^| | ____ ____ | | ^ |\n" "|^ =|= ^ =================^ ^=|=^| |^=|=^ | | {____}{____} | |^ ^|\n" "| ^ ^ ^ ^ | ========= |^ ^ ^ ^ ^\\___/^ ^ ^ ^| |__%%%%%%%%%%%%__| | ^ |\n" "|^ ^ ^ ^ ^| / ( \\ | ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ |/ %%%%%%%%%%%%%% \\|^ ^|\n" "./ctf/pico/basic-file-exploit/Tue, 12 Aug 2025 00:00:00 +0000/ctf/pico/basic-file-exploit/#include <stdio.h> #include <stdlib.h> #include <stdbool.h> #include <string.h> #include <stdint.h> #include <ctype.h> #include <unistd.h> #include <sys/time.h> #include <sys/types.h> #define WAIT 60 static const char* flag = "[REDACTED]"; static char data[10][100]; static int input_lengths[10]; static int inputs = 0; int tgetinput(char *input, unsigned int l) { fd_set input_set; struct timeval timeout; int ready_for_reading = 0; int read_bytes = 0; if( l <= 0 ) { printf("'l' for tgetinput must be greater than 0\n"); return -2; } /* Empty the FD Set */ FD_ZERO(&input_set ); /* Listen to the input descriptor */ FD_SET(STDIN_FILENO, &input_set); /* Waiting for some seconds */ timeout./ctf/pico/cve-xxxx-xxxxx/Mon, 11 Aug 2025 00:00:00 +0000/ctf/pico/cve-xxxx-xxxxx/Description Enter the CVE of the vulnerability as the flag with the correct flag format: picoCTF{CVE-XXXX-XXXXX} replacing XXXX-XXXXX with the numbers for the matching vulnerability./ctf/pico/local-target/Sun, 10 Aug 2025 00:00:00 +0000/ctf/pico/local-target/#include <stdio.h> #include <stdlib.h> int main(){ FILE *fptr; char c; char input[16]; int num = 64; printf("Enter a string: "); fflush(stdout); gets(input); printf("\n"); printf("num is %d\n", num); fflush(stdout); if( num == 65 ){ printf("You win!/ctf/pico/hash-only-2/Sat, 09 Aug 2025 00:00:00 +0000/ctf/pico/hash-only-2/Este reto es parecido al de hash-only-1, hay un binario con permisos SUID que ejecuta md5sum sin poner el path completo, pero en este estamos en una restricted bash y no se puede redirigir el output a un archivo y tampoco se puede modificar $PATH/ctf/pico/hash-only-1/Fri, 08 Aug 2025 00:00:00 +0000/ctf/pico/hash-only-1/bool main(void) { basic_ostream *pbVar1; basic_ostream<> *pbVar2; char *__command; long in_FS_OFFSET; bool bVar3; allocator<char> local_4d; int local_4c; basic_string<> local_48 [40]; long local_20; local_20 = *(long *)(in_FS_OFFSET + 0x28); pbVar1 = std::operator<<((basic_ostream *)std::cout, "Computing the MD5 hash of /root/flag./ctf/pico/heap2/Thu, 07 Aug 2025 00:00:00 +0000/ctf/pico/heap2/#include <stdio.h> #include <stdlib.h> #include <string.h> #define FLAGSIZE_MAX 64 int num_allocs; char *x; char *input_data; void win() { // Print flag char buf[FLAGSIZE_MAX]; FILE *fd = fopen("flag./ctf/pico/pietime2/Wed, 06 Aug 2025 00:00:00 +0000/ctf/pico/pietime2/#include <stdio.h> #include <stdlib.h> #include <signal.h> #include <unistd.h> void segfault_handler() { printf("Segfault Occurred, incorrect address.\n"); exit(0); } void call_functions() { char buffer[64]; printf("Enter your name:"); fgets(buffer, 64, stdin); printf(buffer); unsigned long val; printf(" enter the address to jump to, ex => 0x12345: "); scanf("%lx", &val); void (*foo)(void) = (void (*)())val; foo(); } int win() { FILE *fptr; char c; printf("You won!