______ ______ ______ ____   _____  ____   ____                         
   / ____// ____// ____// __ \ / ___/ / __ \ / __ \                        
  / __/  / /    / __/  / /_/ // __ \ / / / // /_/ /                        
 / /___ / /___ / /___  \__, // /_/ // /_/ / \__, /                         
/_____/ \____//_____/ /____/ \____/ \____/ /____/                          
                                                                           
    ___                 _                                        __     ___
   /   |   _____ _____ (_)____ _ ____   ____ ___   ___   ____   / /_   <  /
  / /| |  / ___// ___// // __ `// __ \ / __ `__ \ / _ \ / __ \ / __/   / / 
 / ___ | (__  )(__  )/ // /_/ // / / // / / / / //  __// / / // /_    / /  
/_/  |_|/____//____//_/ \__, //_/ /_//_/ /_/ /_/ \___//_/ /_/ \__/   /_/       
                       /____/

Assignment 1

Overview

In this assignment you will complete several introductory Capture-the-flag (CTF) challenges.

Capture the flag challenges are a great way to begin to develop your cyber skills. But (and there’s a but)… you should attempt to complete these challenges without looking up the answer. The purpose of this course is not test how well you can find information in Google (although it’s certainly a worthwhile skill). The purpose of this course is to help you develop basic cyber skills.

How the assignment is marked

In order to get full marks on this assignment it is not sufficient merely to capture the flag. Similarly it is not acceptable to copy/paste a solution found on the web.

You can use existing solutions to help you build your understanding. But in order to get full marks, you will need to provide some evidence that you actually attempted to think and work through the problem.

What to do

Some examples of how you can convince us you thought through the problem could include sharing details of:

  • Your thought process (e.g., “I noticed something unusual in the code, so I…”)
  • Things you didn’t know (e.g., “I had to look up how netcat works”)
  • Things you tried that didn’t work (e.g., “The documentation mentioned the ‘-x’ flag, but it kept giving an error, so I…”)
  • The lead up to the moment where things finally made sense (e.g., “…then I realized, no, it had to be … so I changed it and then it worked!”)

What NOT to do

  • Submit the writeup of another person, whether another student, or someone online (duh)
  • Use text and images you didn’t write/create yourself (unless you properly quote and cite it)
  • Only give the flag and no other window into your thought process

Instructions

Complete the following steps:

Step 1

Create an account at picoctf.org.

Step 2

Solve the following challenges:

Web Exploitation

  • dont-use-client-side
  • picobrowser

Cryptography

  • la cifra de
  • john_pollard

Reverse Engineering

  • vault-door-3
  • vault-door-4

Forensics

  • So Meta
  • extensions

Step 3

For each challenge answer the following:

  1. What was the flag? (i.e., picoCTF{...})
  2. How did you approach solving the problem? hat steps did you take to solve the question? If you did look up the answer, what steps would you have taken if you didn’t? Be sure to mention any software, websites, resources, methods, and/or commands you used.

Step 4

Put all the responses from Step 3 into a PDF (don’t forget your name/student number) and submit it online in OWL-> ECE 9609-> Assignments-> Assignment 1