Verify Writeup - Pico CTF Challenge Solved

Description : People keep trying to trick my players with imitation flags. I want to make sure they get the real thing! I'm going to provide the SHA-256 hash and a decrypt script to help you know that my flags are legitimate.
(Additional details will be available after launching your challenge instance.)

Solution : The challenge looks like below, Click on Launch Instance to start the challange.

After starting the challange, it gives more information for connection to the machine using ssh

• Start a terminal and run the given ssh command to coonect to the remote machine.
• In my case, command was ssh -p 65315 ctf-player@rhea.picoctf.net
• Syntax :
  • ssh ⟶ tool name.
  • -p ⟶ flag for port.
  • 65315 ⟶ port number.
  • ctf-player ⟶ user.
  • rhea.picoctf.net ⟶ host.
• It will ask for connection confirmation, type yes and then enter

● Listing files and directories of current directory. There are 2 files and 1 directory.

● Checksum have following content (sha256sum) :

● The files directory having multiple files 😓

• Now we have to find that file whose hash is given in previous file.
• Using grep command we can do it. Using command sha256sum files/* | grep -i "b09c99*"
• Syntax :
  • sha256sum ⟶ tool for calculating sha256 hash of a file.
  • files/* ⟶ * for all the files in files directory.
  • | ⟶ For sending the output of each file to grep.
  • grep ⟶ tool for seaching a string in given input.
  • -i ⟶ flag for case insensitively.
  • "b09c99*" ⟶ A regex for the checksum.
• Boom 💣 , we got the file name 451fd69b

• Now we have to pass that file to the decrypt script for verification.
• decrypt.sh files/451fd69b

● Finally, we got the flag : picoCTF{trust_but_verify_451fd69b}