picoCTF2019 was a two-week long CyberSecurity challenge created by security experts at Carnegie Mellon University. The 2019 competition was held between September 27, 2019 and October 11, 2019. My Team AeroCoders secured Global Rank 189 in the competition.
These flags may not work for you as everyone gets unique flags on most problems.
| Problem Title | Category | Points | Flag |
|---|---|---|---|
| The Factory's Secret | General Skills | 1 | picoCTF{zerozerozerozero} |
| 2Warm | General Skills | 50 | picoCTF{101010} |
| Lets Warm Up | General Skills | 50 | picoCTF{p} |
| Warmed Up | General Skills | 50 | picoCTF{61} |
| Bases | General Skills | 100 | picoCTF{l3arn_th3_r0p35} |
| First Grep | General Skills | 100 | picoCTF{grep_is_good_to_find_things_737a3686} |
| Resources | General Skills | 100 | picoCTF{r3source_pag3_f1ag} |
| strings it | General Skills | 100 | |
| what's a net cat? | General Skills | 100 | |
| Based | General Skills | 200 | picoCTF{learning_about_converting_values_0df4252d} |
| First Grep: Part II | General Skills | 200 | |
| plumbing | General Skills | 200 | picoCTF{digital_plumb3r_931b2271} |
| whats-the-difference | General Skills | 200 | picoCTF{th3yr3_a5_d1ff3r3nt_4s_bu773r_4nd_j311y_aslkjfdsalkfslkflkjdsfdszmz10548} |
| where-is-the-file | General Skills | 200 | |
| flag_shop | General Skills | 300 | picoCTF{m0n3y_bag5_b9f469b5} |
| mus1c | General Skills | 300 | picoCTF{rrrocknrn0113r} |
| 1_wanna_b3_a_r0ck5tar | General Skills | 350 | picoCTF{BONJOVI} |
| B1g_Mac | Forensics | ||
| c0rrupt | Forensics | 250 | |
| extensions | Forensics | 150 | picoCTF{now_you_know_about_extensions} |
| Glory of the Garden | Forensics | 50 | picoCTF{more_than_m33ts_the_3y3b7FBD20b} |
| investigation_encoded_1 | Forensics | picoCTF{encodedgxmurhtuou} |
|
| investigation_encoded_2 | Forensics | picoCTF{t1m3f1i3500000000000501af001} |
|
| Investigative Reversing 0 | Forensics | 300 | picoCTF{f0und_1t_eeaec48b} |
| Investigative Reversing 1 | Forensics | picoCTF{An0tha_1_b179115e} |
|
| Investigative Reversing 2 | Forensics | picoCTF{n3xt_0n30000000000000000000000000f69eb8c8} |
|
| Investigative Reversing 3 | Forensics | picoCTF{4n0th3r_L5b_pr0bl3m_0000000000000aa9faea3} |
|
| Investigative Reversing 4 | Forensics | picoCTF{N1c3_R3ver51ng_5k1115_00000000000ade0499b} |
|
| like1000 | Forensics | 250 | picoCTF{l0t5_0f_TAR5} |
| m00nwalk | Forensics | 250 | picoCTF{beep_boop_im_in_space} |
| m00nwalk2 | Forensics | 300 | picoCTF{the_answer_lies_hidden_in_plain_sight} |
| pastaAAA | Forensics | picoCTF{pa$ta_1s_lyf3} |
|
| shark on wire 1 | Forensics | 150 | picoCTF{StaT31355_636f6e6e} |
| shark on wire 2 | Forensics | 300 | |
| So Meta | Forensics | 150 | picoCTF{s0_m3ta_368a0341} |
| unzip | Forensics | 50 | picoCTF{unz1pp1ng_1s_3a5y} |
| WebNet0 | Forensics | ||
| WebNet1 | Forensics | ||
| What Lies Within | Forensics | 150 | picoCTF{h1d1ng_1n_th3_b1t5} |
| WhitePages | Forensics | 250 | picoCTF{not_all_spaces_are_created_equal_3bf40b869ee984866e67f3057f006a92} |
| 13 | Cryptography | 100 | picoCTF{not_too_bad_of_a_problem} |
| AES-ABC | Cryptography | 400 | picoCTF{d0Nt_r0ll_yoUr_0wN_aES} |
| B00tL3g RSA | Cryptography | permanently disabled |
|
| b00tl3gRSA2 | Cryptography | 400 | picoCTF{bad_1d3a5_3778907} |
| b00tl3gRSA3 | Cryptography | 450 | picoCTF{too_many_fact0rs_7187489} |
| caesar | Cryptography | 100 | picoCTF{crossingtherubiconojovpqjs} |
| Easy1 | Cryptography | 100 | picoCTF{CRYPTOISFUN} |
| Flags | Cryptography | 200 | PICOCTF{FLAGSANDSTUFF} |
| john_pollard | Cryptography | 500 | picoCTF{73176001,67867967} |
| la cifra de | Cryptography | 200 | picoCTF{b311a50_0r_v1gn3r3_c1ph3r54ddc1b9} |
| miniRSA | Cryptography | 300 | picoCTF{n33d_a_lArg3r_e_1dcea0a2} |
| Mr-Worldwide | Cryptography | 200 | picoCTF{KODIAK_ALASKA} |
| rsa-pop-quiz | Cryptography | 200 | picoCTF{wA8_th4t$_ill3aGal..o1c355060} |
| Tapping | Cryptography | 200 | picoCTF{M0RS3C0D31SFUN3960854397} |
| The Numbers | Cryptography | 50 | PICOCTF{THENUMBERSMASON} |
| waves over lambda | Cryptography | 300 | |
| cereal hacker 1 | Web Exploitation | 450 | picoCTF{2eb6a9439bfa7cb1fc489b237de59dbf} |
| cereal hacker 2 | Web Exploitation | picoCTF{c9f6ad462c6bb64a53c6e7a6452a6eb7} |
|
| Client-side-again | Web Exploitation | 200 | picoCTF{not_this_again_055670} |
| dont-use-client-side | Web Exploitation | 100 | picoCTF{no_clients_plz_a67772} |
| Empire1 | Web Exploitation | 400 | picoCTF{wh00t_it_a_sql_injecta4dfbd62} |
| Empire2 | Web Exploitation | 450 | picoCTF{its_a_me_your_flag3f43252e} |
| Empire3 | Web Exploitation | 500 | picoCTF{cookies_are_a_sometimes_food_404e643b} |
| GLHF | Web Exploitation | permanently disabled |
|
| Insp3ct0r | Web Exploitation | 50 | picoCTF{tru3_d3t3ct1ve_0r_ju5t_lucky?9df7e69a} |
| Irish-Name-Repo 1 | Web Exploitation | 300 | picoCTF{s0m3_SQL_0397f20c} |
| Irish-Name-Repo 2 | Web Exploitation | 350 | picoCTF{m0R3_SQL_plz_3693681d} |
| Irish-Name-Repo 3 | Web Exploitation | 400 | picoCTF{3v3n_m0r3_SQL_d490b67d} |
| JaWT Scratchpad | Web Exploitation | 400 | picoCTF{jawt_was_just_what_you_thought_9de8e25511a8841ab9ade0aa092be116} |
| logon | Web Exploitation | 100 | picoCTF{th3_c0nsp1r4cy_l1v3s_3294afa0} |
| Open-to-admins | Web Exploitation | 200 | picoCTF{0p3n_t0_adm1n5_effb525e} |
| picobrowser | Web Exploitation | 200 | picoCTF{p1c0_s3cr3t_ag3nt_7e9c671a} |
| where are the robots | Web Exploitation | 100 | picoCTF{ca1cu1at1ng_Mach1n3s_54e98} |
| Java Script Kiddie | Web Exploitation | 400 | picoCTF{905765bf9ae368ad98261c10914d894e} |
| Java Script Kiddie 2 | Web Exploitation | 450 | picoCTF{f1ee7ff44419a675d1a0f0a1a91dff4c} |
| AfterLife | Binary Exploitation | 400 | picoCTF{what5_Aft3r_d2d97c7b} |
| CanaRy | Binary Exploitation | 300 | picoCTF{cAnAr135_mU5t_b3_r4nd0m!_0bd260ce} |
| Ghost_Diary | Binary Exploitation | 500 | |
| GoT | Binary Exploitation | 350 | picoCTF{A_s0ng_0f_1C3_and_f1r3_db12a9ed} |
| handy-shellcode | Binary Exploitation | 50 | picoCTF{h4ndY_d4ndY_sh311c0d3_55c521fe} |
| Heap overflow | Binary Exploitation | 450 | picoCTF{a_s1mpl3_h3ap_69424381} |
| L1im1tL355 | Binary Exploitation | 400 | picoCTF{str1nG_CH3353_295c8b0f} |
| leap-frog | Binary Exploitation | 300 | picoCTF{h0p_r0p_t0p_y0uR_w4y_t0_v1ct0rY_f60266f9} |
| messy-malloc | Binary Exploitation | 300 | picoCTF{g0ttA_cl3aR_y0uR_m4110c3d_m3m0rY_8aa9bc45} |
| NewOverFlow-1 | Binary Exploitation | 200 | picoCTF{th4t_w4snt_t00_d1ff3r3nt_r1ghT?_bfd48203} |
| NewOverFlow-2 | Binary Exploitation | 250 | picoCTF{r0p_1t_d0nT_st0p_1t_64362a2b} |
| OverFlow 0 | Binary Exploitation | 100 | picoCTF{3asY_P3a5yd2b59a57} |
| OverFlow 1 | Binary Exploitation | 150 | picoCTF{n0w_w3r3_ChaNg1ng_r3tURn5a1b468a7} |
| OverFlow 2 | Binary Exploitation | 250 | picoCTF{arg5_and_r3turn598632d70} |
| pointy | Binary Exploitation | 350 | picoCTF{g1v1ng_d1R3Ct10n5_16d57b6c} |
| practice-run-1 | Binary Exploitation | 50 | picoCTF{g3t_r3adY_2_r3v3r53} |
| rop32 | Binary Exploitation | 400 | picoCTF{rOp_t0_b1n_sH_dee2e288} |
| rop64 | Binary Exploitation | 400 | picoCTF{rOp_t0_b1n_sH_w1tH_n3w_g4dg3t5_11cdd436} |
| SecondLife | Binary Exploitation | 400 | picoCTF{HeapHeapFlag_d11a9aaf} |
| seed-sPRiNG | Binary Exploitation | 350 | picoCTF{pseudo_random_number_generator_not_so_random_24ce919be49576c7df453a4a3e6fbd40} |
| sice_cream | Binary Exploitation | 500 | flag{th3_r3al_questi0n_is_why_1s_libc_2.23_still_4_th1ng_148c832c} |
| slippery-shellcode | Binary Exploitation | 200 | picoCTF{sl1pp3ry_sh311c0d3_ecc37b22} |
| stringzz | Binary Exploitation | 300 | picoCTF{str1nG_CH3353_b7f47023} |
| zero_to_hero | Binary Exploitation | ||
| asm1 | Reverse Engineering | 200 | picoCTF{0x533} |
| asm2 | Reverse Engineering | 250 | picoCTF{0x89} |
| asm3 | Reverse Engineering | 300 | picoCTF{0x5a7} |
| asm4 | Reverse Engineering | 400 | picoCTF{0x1d8} |
| B1ll_Gat35 | Reverse Engineering | ||
| droids0 | Reverse Engineering | 300 | picoCTF{a.moose.once.bit.my.sister} |
| droids1 | Reverse Engineering | 350 | picoCTF{pining.for.the.fjords} |
| droids2 | Reverse Engineering | 400 | picoCTF{what.is.your.favourite.colour} |
| droids3 | Reverse Engineering | picoCTF{tis.but.a.scratch} |
|
| droids4 | Reverse Engineering | picoCTF{not.particularly.silly} |
|
| Forky | Reverse Engineering | ||
| Need For Speed | Reverse Engineering | 400 | PICOCTF{Good job keeping bus #0d11d09e speeding along!} |
| reverse_cipher | Reverse Engineering | 300 | picoCTF{r3v3rs369806a41} |
| Time's Up | Reverse Engineering | 400 | picoCTF{Gotta go fast. Gotta go FAST. #2d5896e7} |
| vault-door-1 | Reverse Engineering | 100 | picoCTF{d35cr4mbl3_tH3_cH4r4cT3r5_29f5ca} |
| vault-door-2 | Reverse Engineering | 150 | permanently disabled |
| vault-door-3 | Reverse Engineering | 200 | |
| vault-door-4 | Reverse Engineering | 250 | picoCTF{jU5t_4_bUnCh_0f_bYt3s_b9e92f76ac} |
| vault-door-5 | Reverse Engineering | 300 | |
| vault-door-6 | Reverse Engineering | 350 | |
| vault-door-7 | Reverse Engineering | 400 | |
| vault-door-8 | Reverse Engineering | 450 | picoCTF{s0m3_m0r3_b1t_sh1fTiNg_ad0f0c833} |
| vault-door-training | Reverse Engineering | 50 |
Flutter Developer | Network Security | ML Enthusiast | Sophomore | Blogger
Utkarsh Mishra (Thapar Institute)
Mankaran Singh (Thapar Institute)
Jaskeerat Singh (Thapar Institute)
Vaibhav Shrotriya (Thapar Institute)
If you found this repository useful, then please consider giving it a ⭐ on Github and sharing it with your friends via social media.
If you got any queries or found a bug create a PR or ping me over on hi@shivamgoyal.co
If you learned even a thing or two and want to thank me, consider buying me a drink 🍺
To the extent possible under law, Shivam Goyal has waived all copyright and related or neighboring rights to this work.