# Writeups - [Hack The Box](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box.md) - [Linux Machines](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines.md) - [Easy](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/easy-linux.md) - [Traceback](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/easy-linux/traceback.md) - [Medium](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/medium.md) - [Magic](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/medium/magic.md): SQL injection, PHP reverse shell upload, mysqldump and PATH injection - [UpDown](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/medium/updown.md): LFI to RCE using PHAR files while bypassing disabled\_functions, followed by abuse of SUID and sudo. - [Hard](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/hard.md) - [Intense](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/hard/intense.md): SQL Injection, Hash Length Extension, LFI and binary exploitation - [Challenges](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges.md) - [Web](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web.md) - [Looking Glass](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/looking-glass.md) - [Sanitize](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/sanitize.md) - [Baby Auth](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/baby-auth.md) - [Baby Website Rick](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/baby-website-rick.md) - [Pwn](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn.md) - [Dream Diary: Chapter 1](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1.md) - [Unlink Exploit](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1/unlink-exploit.md) - [Chunk Overlap](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1/chunk-overlap.md) - [Ropme](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/ropme.md) - [picoGym](https://ir0nstone.gitbook.io/notes/writeups/picogym.md): picoGym contains all of the past challenges from previous picoCTF events and can be found at https://play.picoctf.org/practice - [Cryptography](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography.md) - [Mod 26](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/mod-26.md): Cryptography can be easy, do you know what ROT13 is? cvpbPGS{arkg\_gvzr\_V'yy\_gel\_2\_ebhaqf\_bs\_ebg13\_uJdSftmh} - [Mind Your Ps and Qs](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/mind-your-ps-and-qs.md): In RSA, a small e value can be problematic, but what about N? Can you decrypt this? values - [Easy Peasy](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/easy-peasy.md): A one-time pad is unbreakable, but can you manage to recover the flag? (Wrap with picoCTF{}) nc mercury.picoctf.net 11188 otp.py - [The Numbers](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/the-numbers.md): The numbers... what do they mean? - [New Caesar](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/new-caesar.md): We found a brand new type of encryption, can you break the secret code? (Wrap with picoCTF{}) apbopjbobpnjpjnmnnnmnlnbamnpnononpnaaaamnlnkapndnkncamnpapncnbannaapncndnlnpna new\_caesar.py - [Mini RSA](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/mini-rsa.md): What happens if you have a small exponent? There is a twist though, we padded the plaintext so that (M \*\* e) is just barely larger than N. Let's decrypt this: ciphertext - [Dachshund Attacks](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/dachshund-attacks.md): What if d is too small? Connect with nc mercury.picoctf.net 37455. - [No Padding, No Problem](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/no-padding-no-problem.md): Oracles can be your best friend, they will decrypt anything, except the flag's ciphertext. How will you break it? Connect with nc mercury.picoctf.net 10333 - [Easy1](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/easy1.md): The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We've given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPT - [13](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/13.md): Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg\_gbb\_onq\_bs\_n\_ceboyrz} - [Caesar](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/caesar.md): Decrypt this message. - [Pixelated](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/pixelated.md): I have these 2 images, can you make a flag out of them? scrambled1.png scrambled2.png - [Basic-Mod1](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/basic-mod1.md): Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. Wrap your decrypted message in picoCTF. - [Basic-Mod2](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/basic-mod2.md) - [Credstuff](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/credstuff.md): We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here. - [morse-code](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/morse-code.md) - [rail-fence](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/rail-fence.md): A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it? - [Substitution0](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/substitution0.md): A message has come in but it seems to be all scrambled. Luckily it seems to have the key at the beginning. Can you crack this substitution cipher? - [Substitution1](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/substitution1.md): A second message has come in the mail, and it seems almost identical to the first one. Maybe the same thing will work again. - [Substitution2](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/substitution2.md): It seems that another encrypted message has been intercepted. The encryptor seems to have learned their lesson though and now there isn't any punctuation! Can you still crack the cipher? - [Transposition-Trial](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/transposition-trial.md): Our data got corrupted on the way here. Luckily, nothing got replaced, but every block of 3 got scrambled around! - [Vigenere](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/vigenere.md): Can you decrypt this message? - [HideToSee](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/hidetosee.md): How about some hide and seek heh? Look at this image here. - [CTFs](https://ir0nstone.gitbook.io/notes/writeups/ctfs.md) - [Fword CTF 2020](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020.md): https://ctftime.org/event/1066 - [Binary Exploitation](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/binary-exploitation.md) - [Molotov](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/binary-exploitation/untitled.md): A ret2libc with a given leak - [Reversing](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/reversing.md) - [XO](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/reversing/xo.md): Messing with the XOR - [X-MAS CTF 2020](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020.md) - [Pwn](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/pwn.md) - [Do I Know You?](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/pwn/do-i-know-you.md) - [Naughty](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/pwn/naughty.md) - [Web](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/web.md) - [PHP Master](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/web/php-master.md) - [HTB CyberSanta 2021](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021.md) - [Crypto](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto.md) - [Common Mistake](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/common-mistake.md): Common Mod, DIfferent e - [Missing Reindeer](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/missing-reindeer.md): Cube Root Attack - [Xmas Spirit](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/xmas-spirit.md) - [Meet Me Halfway](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/meet-me-halfway.md): Meet-in-the-middle attack on AES --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ir0nstone.gitbook.io/notes/writeups.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.