Homemade CTF Challenge: 01 "Orchestra"

okay so hello everyone um this is a video and hopefully going to turn into a couple more videos um explaining and depicting and showing off some of the things that I put together for a local practice like Capture the Flag uh competition for my school the United States Coast Guard Academy's uh cyber team we're trying to build out the Cyber team here and I don't think there's really anything too sensitive about explaining that because it's just something that we want to do so I've been trying to put together practice exercises and stuff like that so this whole CTF platform is something that I built in flask uh with python or in Python with flask however you particularly want to say that but this is pretty much it it works on right now it's just running on a local machine uh like where we are and it's uses SSL so any packets you send back and forth are encrypted so people can't like sniff to get flags or stuff like that and you would typically register for an account and it's stored in like the sqlite database that I typically work with with flask with the shot 256 hash so just for demonstration purposes I'll create an account um my name is John Hammond and I'll do a super simple and stupid password just so I can register and log in and and start to play the competition so these are all challenges that I cooked up and wrote myself uh with the some help from a a couple of the encryption and cryptography challenges I asked for a friend of mine on the team to help out with but a good majority I think about nine of these are mine however many there are I don't honestly know but um so I wanted to show off how I created them and how we can solve them and stuff like that or how they were put together so um typically with a capture the flag there is like a flag format and I wanted to note that and kind of show the individual or the user who is very new to ctfs and is very new to cyber type stuff um you how I was going to display hints throughout my capture flag platform in this competition so I use uscga never be ashamed of hints and you could enter a completely wrong flag and it would tell you oh you're wrong with I think uh lib notify in JavaScript and I think I saw the flag was if you hover over some of the text um never be ashamed of hints so I did this from a design design perspective to um let them know that okay some of these things are going to be things I've never seen before but if you need a little more guidance on the challenge you can hover over it and hopefully occasionally there will be a uh a hint so okay Orchestra is one that super simple um it's actually just a big file that I ended up creating that is full of random btes I'll see if I can show in folder and I actually I'll actually just pull this up we'll start to look at this stuff um cyber repo and this was in the challenges and Orchestra was the name of it so it itself the file that I ended up creating was just a massive file of disgusting bites and stuff that is completely useless so the challenge itself was to just very simply run strings on it the hint was how can we avoid all of data that we can't read so you would typically just run strings on that f F again extremely easy and you could like Loop through it look for it scroll to find it and if you were smart you could know do grep okay I want to find uscga because I know that that is part of the flag format so the flag would be there is no Orchestra without the strings so I would get points for that but the way that I created that challenge was super simple um it's actually I'll fire up Sublime Text and I'll try and close everything that I already have open so you don't see it my garbage and I'll open up that stuff okay so the get flag scrip was something that I just did so I know a solution but I ended up creating this with just a simple python thing that would really just Loop through a bunch of bytes again I decided okay I want the file size of the of the program to be just a thousand or whatever and then I give it a bunch of possible numbers being the asy range from 0 to 255 and then I shuffled them randomly and I would just add them to this mess of things that I was like adding to to the junk and then if we were just randomly in the middle I would put in the flag and then we take that array join it so it's a string and I'd read that out to a to a file in which case it was Orchestra um so that's pretty much how I did it super simple but again that's how I cook that challenge of having a bunch of random strings and being like you having to have to use the strings command to be able to actually get the flag so simple demonstration hopefully in the next couple tutorials um I'll go into more explanations of how I saw how I created and how I uh started some of the other challenges and the solutions and stuff for that um please let me know if this is something you're interested in or I should do more of or I should start to like out how I created all these things but I don't think they're too difficult and I think I could just kind of explain them to you and show off some demonstration stuff um but yeah thanks for watching guys I'll see you in the next video