picoCTF 2021 Magikarp Ground Mission

Magikarp Ground Mission is a general skills puzzle worth 30 points. The description is as follows:

Do you know how to move between directories and read files in the shell? Start the container, `ssh` to it, and then `ls` once connected to begin. Login via `ssh` as `ctf-player` with the password, `481e7b14`

This challenge was straightforward. It had pieces of the flag in three different files, and instructions of where to get the pieces. Below is my session solving this puzzle:

 % ssh ctf-player@venus.picoctf.net -p 58785
The authenticity of host '[venus.picoctf.net]:58785 ([3.131.124.143]:58785)' can't be established.
ECDSA key fingerprint is SHA256:NrQkIxNEQQho/GA7jE0WlIa7Jh4VF9sAvC5awkbuj1Q.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[venus.picoctf.net]:58785,[3.131.124.143]:58785' (ECDSA) to the list of known hosts.
ctf-player@venus.picoctf.net's password:
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-1041-aws x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

ctf-player@pico-chall$ ls
1of3.flag.txt  instructions-to-2of3.txt
ctf-player@pico-chall$ cat instructions-to-2of3.txt
Next, go to the root of all things, more succinctly `/`
ctf-player@pico-chall$ cat 1of3.flag.txt
picoCTF{xxsh_
ctf-player@pico-chall$ ls /
2of3.flag.txt  boot  etc   instructions-to-3of3.txt  lib64  mnt  proc  run   srv  tmp  var
bin            dev   home  lib                       media  opt  root  sbin  sys  usr
ctf-player@pico-chall$ cat /2of3.flag.txt
0ut_0f_\/\/4t3r_
ctf-player@pico-chall$ cat /instructions-to-3of3.txt
Lastly, ctf-player, go home... more succinctly `~`
ctf-player@pico-chall$ ls -al ~
total 32
drwxr-xr-x 1 ctf-player ctf-player 4096 Aug 24 00:31 .
drwxr-xr-x 1 root       root       4096 Mar 16 06:12 ..
drwx------ 2 ctf-player ctf-player 4096 Aug 24 00:31 .cache
-rw-r--r-- 1 ctf-player ctf-player   80 Mar 16 06:12 .profile
drw------- 1 ctf-player ctf-player 4096 Mar 16 06:12 .ssh
-rw-r--r-- 1 ctf-player ctf-player   10 Mar 16 06:12 3of3.flag.txt
drwxr-xr-x 1 ctf-player ctf-player 4096 Mar 16 06:12 drop-in
ctf-player@pico-chall$ cat ~/3of3.flag.txt
1118a9a4}
ctf-player@pico-chall$ Connection to venus.picoctf.net closed by remote host.
Connection to venus.picoctf.net closed.

Piecing these three files together yields the flag.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s