HackCon CTF 2017 "Bacche" Challenges

Key Takeaways

hey everyone welcome back to the video on the hack on CTF challenges let's go and get started to see what their what we see what we're working with here I just wanted to show off some of the balk I have no idea beginner challenges or whatever a lot of these were real simple things but we should be able to just roll through them so I'll showcase them all for you in just this one video because there's no need to make a ton of videos just for it so this rotated is very clearly a Caesar cipher which we could just go ahead and Google honestly again they're not that hard there's descriptions of them obviously all over the Internet they're just cipher tools all over the Internet and let's just see what we get here I don't think these will actually work that well for us because yeah and they have numbers in it so that's why this won't work we could just pass this into rot13 you can see this is a rod through t1 this would be the flag because it's plus 13 but the numbers are being parsed out by this online tool so let's use brought 13 on here what I'm gonna do is just pipe this into 13 and oh like I literally copied what I just heard my but let's go and steal this back from challenge prompt stop why is that alerting what the what there we go I don't know why I was so awful I'm sorry hey and this breaks too for whatever reason it's not the full flag here oh the dollar sign is in the way so bash we'd have to escape that dollar sign because it thinks that's a variable and - but so the flag gear is dark who gives Caesar and a CTF code real easy I didn't use the online tool or rot13 for this I had just used the ez cipher easy Caesar cipher thing that I put together you can see in another video so that is just this here I use the collections module to create a deck cue deck which is just a list that I can rotate and shift back and forth and then I do that with whatever number I'm actually changing by the key and then I used to translate function in strings to just go ahead and you know move table so I used to translate and make trains table functions so I can kind of map each letter to the other letter that it would be if it were Caesar cipher shifted and then I used 13 if I wanted to I could just put I in here and then loop through a4 I in however many and I could brute force it but I knew it was 13 and obviously we could just use that brute force attack if we wanted to so cool what else we got here high base another real easy one this is very clearly base64 code you may not notice it because it doesn't have the trailing equal sign of the very end but honestly after doing enough CTF so you kind of just get an eye for what base64 looks like kind of random capitalizations mostly L letters and numbers like an occasional plus sign stuff like that so we can go ahead and just throw that into our base64 decoder which I'll use command line again for and there it is this is just base 64 easy enough and we'd submit that cool file this one was not hard at all this was just an executable file that you literally just had to run so if you were to download it you literally have the binary here and do you need to do on it oh it's a executable file if you run strings on it there's stuff there but literally just run it and it'll give you the fly it just prints it out easy next is needle this is like a needle in a haystack challenge so they give you a zip archive we can go ahead and unzip it if you to unzip techstars if it would just extract a txt text file and might already exist we can just put it there so we'll check it out it's just a bunch of text blah blah blah so what we'll do is we'll grep for the flag format because we know we have it we know what it would supposed to be and there it is dark it just finds that whole line for us if we want to extract only the flag I can use 0e and just use this here there we go so those flags are extended regular expressions and lowercase o for only what we capture so there's a regular expression just to grab the flag and that's all it's all set in there get our three points and all caps this is just a cipher it's a substitution cipher and honestly I don't have that very much of a good tool for it I just threw it in clip clip which is a really common CTF substitution cipher solver and this you can add as many hints as you want because like some of these it's not able to solve right so let's just say this we can clearly tell that that word here is substitution so find it up in the string and just say that equals that in the clues and then it'll be able to figure out more and more of the actual string here which substitution cipher is a method of encoding by which units of plaintext okay this one got it all except for the K and dark so then we'd submit that and that's what I had to flag B that's it and we'd submit that he left it in all caps because for it is in all caps so cool caves this was a weird one I think these are just Egyptian letters or hieroglyphics which yeah you can find however many images for and look for them some members of my team had found okay why am i searching for terminated books Yeah right here these aren't these all these aren't the ones that we'd actually use I think we ended yeah this is the one that we ended up using Egyptian hieroglyphics here I've got the files yeah this is the one that we used as the translation and we would literally just go each character by character and write out what it should be and it's so the flag is Egypt is better than you and it was all lowercase so we just submitted that as a flag should we go ahead and submit get our five points numbers that's all more busy one that's a hard one that we'll do later because there's a lot there RSA this one it's a simple RSA challenge but they give you P and Q so you already have the thing factored you just have to do the RSA math multiply these two to get n it take their totient like subtract one for the mobile bottom together find D etc and do the inverse so the code that I have for that is the same one that I've used in many times before so fire that up show you I have a ton of sublime ticket windows open right now so I'm just trying to clean it for you here we go so I've used the script a lot in some of the challenge that I've created for the team that I have at school so there's a bunch of comments that aren't particularly that useful to you but here we go we just paste in PQ the cipher text and the exponent find n just multiply them together by Taito shinto function and I take the multiplicative or modular inverse of these guys of D here I just take E inverse and that is out of the Python crypto util number function which has a lot of really good ones especially inverse because in finding that is hard to do but knowing there's a Python module to do it for you is pretty easy and then we just decrypt with using ciphertext raised to the private key mod N and then I converted out of hex so simple or say not this easy next time that's a flag go ahead and submit that rocket flag text this is a reference to robot so text even Google will be able to find the flag here get this website you go to robots.txt this was kind of annoying to me and cheesy because the robots attack gives you this directory that does at least the last time I checked not exist right so it doesn't give you the directory indexing but I guess you're just gonna have to figure out oh you'd put in flag tax as a file you're looking for out of that directory so whatever the challenge title is I guess the pointer to that but I was like very annoyed that that directory either doesn't exist or we're not allowed to see it because I figured that would be the tell-tale that oh I'm in the right place whatever whatever don't matter let's clean some of that stuff up I removed and xor xor xor xor and then we'll do numbers so xor is a xor challenge which i have some code that my friend had written just to be able to break a repeated xor key which I'll share i'll put on pastebin or something but this is all i'm hex already to begin with so in XOR we've got the file that has all that crap to it I had decoded that in Python so I had just run Python file text say that as an object read decode hex from it and that can be the actual content so see now you have the hex bytes and we'll just open up like real text so I think is where I put it and I wrote on all those bytes as a real bytes now in there so now you cat out real dot txt it's the actual bytes not not in hex but actual daily you should see so the way that the code works that we have break repeat XOR it takes a this is not my code so this looks like nonsense but it's a something a good friend of mine had written so I think he uses Hamming distance yeah Hamming distance here to solve and find English but he takes it through sixty-four decode an encoded file so all we have to really do is just encode our base64 one so if I base64 the real text that we just have here I throw it in something like B text if I run obviously P dot text now has all that pay 64 current if I run that break repeated XOR key it needs to have the file doesn't really have the best testing for it again I did not write this disclaimer will give it B and it'll start to look through see what a possible key length is we'll use the recommended one recommended spelt wrong I didn't write this it wants to use the lowest score so it recommends the minimum here and it recommends 30 and then it gives us a possible key after it kind of tabulates and calculates and does whatever needs to do to actually run through the Hamming distance and stuff like that takes a little bit of time but almost always this thing works it's the rot the wrapper opera and it will try this key which you can see it's just a repeated key fight enter it will go ahead and crank it out and there we have all of our stuff it decoded in a pure English so from there I just honestly copied all this and had greps for a flag so I put after I put it in a file yeah I think I saved in cracked out text and then I'll use that same grip Oh easy thing for dark code and there we go there's our flag I love that script honestly I'm very grateful for my friend for writing that because I don't know as much as I should for XOR and Hamming distance and stuff like that but it's what I always throw at any X or challenges because if we see them away too often Alice look at numbers because numbers huge and awful and scary but it's not all the same time they give you a ton of lists here that have 5 values so zero zero zero is common at the three at the end and ten twenty ten 20 is another common one and that's all we see so seeing 10 20 you think like wow that's pretty high normally we just see up to 255 in list like and I agree but we know there's a binary difference here it's either going to be 0 0 0 or 1 21 10 20 to 20 so that in my mind tells me black and white honestly and I see these as colors I see these as RGB values and then I'm thinking with that logic the two the first two for each each set of values is probably just going to be a position or a coordinate so I feel like this is just making an image but there is so much here look at my scrollbar there are so much data here because this is a color value for every single thing so I had a lot of trouble actually processing this so I had to do it from the command line here I didn't actually open it in sublime text or any text editor because it would just straight-up break I think what I did is I had numbers out text which was originally a one line it's all just one line but I wanted to be able to read it in Python from multiple lines so I'll show you what I did I think yeah lines dot text is where it split up but the way that I had done that it's a Python script that does it first I had used cat it all the numbers the regional lines and I you said to remove anywhere there's an end of the end of a list the end of it or a there and replace it with the new line and then I just had to change the very top and the very bottom because obviously the starting parenthesis and the ending parenthesis just won't be matched so I open those all up I read all the lines and then I figured out what the size of the image is gonna end up being by taking a DX of the y-coordinates just each of them and finding the largest value because it's obviously going to be the highest possible position high as possible pixel and it was 569 so I opted that one up to just want 570 and I created a new image with RGB with that width and height I load the data out of it again I'm just using Python image library and I'm manipulating the pixels in there so for every single number that we get out of here I again I take the pieces out of it the X&Y coordinate the first two and the color is the last bit those three pieces and since they're all gonna be the same either one 10 20 or 0 I literally just take the first one because again they're all gonna be the same and I I don't know why I inverted it it's either gonna have a 50/50 shot one color is gonna either be white or another color is gonna be black and then I just set that pixel in the image that we're creating to either black or white and I ran this I get a beautiful QR code I'll show here so you can see it and okay that's super promising right cuz now we actually have assemblance of progress in this challenge so what I had done there is I just ran Z bar image on that z bar image is the command-line tool that I almost always use for QR codes and it just gets me a base64 code after decodes so again no no no trailing equal sign but we can tell here and dark QR codes are fun with pill there's our flag there's our flag super easy super cool we did it but initially I wasn't able to process all that data because all it being one line sublime text would just choke whenever I tried to open that so that was hard but I just doing some command line stuff with it being able to process it without having a text editor buffer everything it works just fine so okay that was it thanks for watching some of those easy simple challenges now we'll move into the other challenges to show you some of the other things that I've got so thanks for watching guys see you later