 Hey guys, my name is John Hammond and welcome back to a little bit more Pico CTF 2018 video write-ups So this challenge is called Caesar cipher one the challenge prompt here is this is one of the older ciphers in the books Can you decrypt this message? You can find the cipher text at this location on the shell server and I've downloaded this file already Let's move into that directory that I've created for it We can check out the cipher text. It has Pico CTF like the flag format we would expect But the inside of the flag is kind of gibberish. So what I'm gonna do is actually cut this up Let's just get that first portion here and then I am just going to Cut the other portion of it out because I don't care what it is And then I'm gonna go ahead and try and loop this through a Caesar cipher And you could do this with an online tool if you really wanted to just find like that deco Dot FR website or whatever they could that could break and crack this But I'm gonna try and do it from the command line because I think that's cool, right? So I'm going to pipe this into Caesar Tack, I guess whatever number I wanted Caesar again is a utility that's installed with pseudo app installed BSD games with rot 13 I've showed that a little bit ago if let's say I want to use two or three or four or whatever So if I were to just loop through all of those I can do the very beginning of the line for I In and in bash syntax you use curly braces to note and then one dot dot to say a range And I'm gonna go to 26 So let's have a semicolon there to start kind of the code block with do and then I'll use Caesar dollar sign I so I have a bash variable that will expand to whatever iteration. I'm currently looking at and then Semi-colon to note the end of that command or the end of the yeah that that line in the code block And then we'll make that code block finish with the done block there so I'll hit enter and we got all of these lines pumped out and You can see blah blah blah a little bit of English right here It says just a good old Caesar cypher. Oh boy. Oh geez Okay, and that is what our flag is going to be so let's just take note of that Let's just say flag dot text pico CTF and I'll paste that in You could probably detect this however you wanted to in in that but that's a simple way to just kind of get all the solutions So let's go ahead and submit this right Submit awesome. All right next challenge is called environment It says sometimes you have to configure environment variables before executing a program Can you find the flag we've hidden an environment variable on the shell server? Yes? Let's go check out the shell server. I click open this link over here See how my internet fares Let's log in here John Hammond YouTube Enter my password My password is password With like all capital ASS All right, let's change directory. Do I need to change it? No, no, I just need to get the environment variables So a cool command that you can actually just use to list all the environment variables is simply ENV and You'll notice as we kind of take a look through this We have mail path these things all kind of set up and there's pico CTF flag set to a nice try keep looking But if we just kind of scroll up You'll see secret flag equals pico CTF environment variable flag So since ENV will literally just display all of it. It's not too hard We could script this if we were to automate our ssh connection Maybe we'll do that later, but in this case, I'm just gonna go ahead and submit this flag Let's kind of jot that down though. We can move our Caesar cipher one to be marked complete and then We'll just keep track of our environment flag Just for good habits, you know next challenge is called hurts It says here's another simple cipher for you where we make a bunch of substitutions Can you decrypt it and it gives us a net cat connection that we can connect to? So let's make directory hurts get in there Hurts Hurts What the heck okay cool whatever tab autocomplete was not having my my day right now Net cat connect. It's all this crap where there's the text seeming is seemingly different each time But it should still I don't know potentially give us a flag if we wanted to I'm just gonna throw this an X clip If you wanted to you could you could kind of copy all of it But what I'm going to do is I'm gonna go ahead and throw this to quip quip which is a awesome tool quip quip comm That will essentially solve substitution ciphers and it's kind of my go-to when I know it is a substitution cipher So I'm just gonna spit this in there hit the solve button let it like do its thing run its course do that voodoo magic and We should eventually get some solution out of it. My internet connection is still crap All right, it says congrats here is probably your flag Substitution ciphers are solvable Ha had no had no bones. I don't know what that last one may be hand bone boson Let's get another string And we can go ahead and give it That's kind of one of the neat things is that we're well. We're getting a lot of these different Cypher text messages that we could use and we could just keep using quip quip until we figure out something that kind of makes the flag Form out a little bit more understandable. It looks like it is just kind of giving us Have to there it is congrats here is your flag substitution ciphers are solvable and then random letters following that So good we can just go ahead and submit that wrap it in our flag our flag format And we've got that one done as well. So perfect super super cool Quip quip is an awesome tool and totally what you should just kind of use as your knee jerk reaction and low hanging fruit for Substitution ciphers. It's definitely good to know Alright, it's everyone's favorite time on the video again where I say the same thing in every single video Thank you patreon supporters. You're the best Hey $1 month on patreon is gonna make my life so much better. Let me tell you that it it's incredible $1 month on patreon will give you a special shout out just like this at the end of every video If you'd like to see your name up in lights or kind of visible at just at the end of each video This is a cool way to do it It's a cool way to make yourself feel like a good person and helping out a dude who's really poor and just kind of Has a little shitty life right now But I'm kidding. I'm kidding, but I Do appreciate and I'm grateful for whatever you guys are willing to help and support The channel with $5 a month on patreon will give you early access to everything that are released on YouTube before it goes live Because I try to record videos kind of in bulk and get them ready to be released later on and let YouTube gradually Release them kind of on a schedule, but I need to get better at that. So hey, don't tell anyone If you would like content right away right when it's ready right when it's hot and fresh I leave and that's the best way to do that just $5 a month on patreon and it helps me. I appreciate it It shows that you love thanks if you did like this video guys Please do like comment and subscribe it helps me grow the channel grow the YouTube algorithm magic Com, whoa, it's gonna say something supportive supportive. Yeah, I Gotta stop I'm running out of words again. I gotta end this video. Thanks guys join our discord server link in the description