Kappa

“Great things are not done by impulse, but by a series of small things brought together.”

Pico CTF

---

Scan Suprise

Description

I've gotten bored of handing out flags as text. Wouldn't it be cool if they were an image instead? You can download the challenge files here:

• challenge.zip

The same files are accessible via SSH here: ssh -p 59056 ctf-player@atlas.picoctf.net Using the password 6dd28e9b.
Accept the fingerprint with yes, and ls once connected to begin. Remember, in a shell, passwords are hidden!

Hints

1. QR codes are a way of encoding data. While they're most known for storing URLs, they can store other things too.
2. Mobile phones have included native QR code scanners in their cameras since version 8 (Oreo) and iOS 11
3. If you don't have access to a phone, you can also use zbar-tools to convert an image to text

Solution

picoCTF{p33k_@_b00_a81f0a35}

CLI

Kappajester83-picoctf@webshell:~$ ssh -p 59056 ctf-player@atlas.picoctf.net

The authenticity of host '[atlas.picoctf.net]:59056 ([18.217.83.136]:59056)' can't be established. ED25519 key fingerprint is SHA256:hVmbk/OaNT4902bBr7h26wfhmBuJWi4tub8AJqoAJCM. This key is not known by any other names Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

Warning: Permanently added '[atlas.picoctf.net]:59056' (ED25519) to the list of known hosts.

ctf-player@atlas.picoctf.net's password:
ctf-player@challenge:~/drop-in$ cd home/ctf-player/drop-in
picoCTF{p33k_@_b00_a81f0a35}