 What's going on everybody? My name is John Hammond. Welcome back to the YouTube video. Still looking at the Rice Tee Cat Panda CTF. I want to solve a few more of the challenges in the cryptography section. This one is Don't Give the Giants a Cookie. It has a long challenge prompt and description, which doesn't really make a lot of sense. I don't really know why giant and cookie or cook and cookie are happening to be capitalized. The view hint doesn't particularly give you much of a hint. It just tells you to put it in the proper flag format. Okay. What we're given here is just a string of numbers. It looks like hexadecimal numbers. I had to go ahead and bang my head against the wall of this for a while. But as it turns out, this is exactly 32 characters in length. So if you check that out, that means maybe this is a hash. What I went to go ahead and do was to see if I could crack that hash. Got a little crack station online. Simple online hash cracking utility. Tell them I'm not a robot, which is still up for debate. But this result here after it has cracked that hash is chocolate. And that is literally the flag. That's literally all that you need to submit. Here I go. It's RTCP in that proper flag format. That's that. That's literally the solution to that challenge. Just that hash in the challenge description. You wouldn't know. Anyway, the next challenge is challenge title 15. And this has a lot of interesting information that is seemingly all garbage and nonsense. It looks like they're all English letters. So that is a plus. Down at the very, very bottom we have what looks like to be the flag. You can tell by kind of the opening and closing curly braces and the four letters at the start. But we don't know how this might be encoded or how it's translating some text to the cipher text supposedly here. Because this looks like English, and because at least we know they're English letters, and because there's so much of it, what we can do is we can try and crack that as a substitution cipher. An awesome tool to do this is quipquip.com. So I'm going to go ahead and copy all of this. I'll bring it to quipquip.com, Q-U-I-P, Q-I-U-P. We'll go ahead and paste that all in there. Hit solve. And you've probably seen me cover that in tons of other videos. It's not a heavy lift. That's really just a criteria that you have to fill, is if you know, hey, there's a lot of text. It looks like it's using English letters and at least could very well be English. You can use this and solve that challenge. This one says it's RTCP, careful with EXIF data in some cool leapspeak. So let's go ahead and close those tabs. We could go ahead and submit that, and that is the flag for that challenge. Next one I want to show you is notice me senpai. This has significantly less solves than the others, and it was a little bit obscure. All they said was, ooh woo, senpai placed us on my desk before class, but I don't really want to do this voice, so I'm not going to. It gives you seemingly the flag kind of scrambled though, and it looks like it's almost like an anagram, where the letters are all misplaced to make something new. And what we need to do is figure out how this could translate to an actual flag. So I didn't particularly know what to do, so I went ahead and went to my little Katana checklist, and this is just a document CTF hyphen Katana, unlike GitHub repository. And I have here just a listing of things that we could potentially do, given a category in a capsule flag challenge. So I would search for cryptography, and I would literally open up all of these links that I have here, all these references and materials that I could go to, and try and figure out which of these things could it potentially be. It could be a Caesar cipher, it could be an at-pass cipher, it could be veneer, gronsfield, etc, etc, etc. Eventually I kind of got down to the rail fence cipher, and of course Quip was in there, the play fair cipher, etc, etc. So eventually I got to this being a rail fence cipher, and I was just kind of fumbling around with some of the text in here. You change this checkbox or this drop-down menu to decrypt, you can paste in your message, and then you could kind of finagle it to see how it will manipulate this cipher text. You can specify an offset here or the number of rows. I kept accidentally breaking this website because if you try and remove the number of rails and then add a new rail back in or a new number, the message down there hasn't really changed. It says you have to supply at least two rails. So I would have to refresh the page every time I did that. I would actually just as a stupid hack, I would enter the number that I want after it, and then remove the previous one. So eventually I got up to like the number six, and I thought this was weird because as I noticed that I saw, whoa, whoa, whoa, whoa. This looks like potential. This looks like something that I haven't seen before. I thought I could read out of the Leet Speak nonsense. I'm in with, this looks like a with, and then your mom, but it still wasn't right. It didn't have the flag format properly there, but it looked really, really close. So I actually, as I was manually solving this, just kind of stuck on it and tweaked the offset. I would bring this up to like one or two, and I kept incrementing this until I saw something new or could kind of understand what the Leet Speak was or where the proper letters that were replaced with numbers might be. Eventually, eventually, eventually I got up to nine and that had the proper flag. So that's that. That's how I solved it. That was my methodology. When I didn't know what the heck to do with this, I kind of just went back to my notes, my checklist, my archive of things that I've seen on other CTFs. And that CTF hyphen katana is available if you would like to see it. Well, that's all cool and all. I do want to show you the actual tool katana. So let me bring that down here and we can work with it because I have been using that a little bit. And now that it kind of has a little bit more support for that rail fence hyfer, you could use that just as well. Let's go ahead and activate the virtual environment for it. And it has all these INI files for other CTFs that you might go ahead and configure your use with katana with. What I'm going to do is actually get to go and create one for RiceDCatPanda INI. And let's go ahead and modify this .INI. So I'm going to create an output directory. I'll just call it RTCP. We'll download files if we see any. We'll specify the proper flag format for this specific CTF. I'll call mine RTCP, just that flag format that we've seen. And that's using regular expressions, right? As much as it can gather inside of those curly braces. It is hosted with CTFD. And we are using the URL for the CTF, which is HTTPS RiceDCatPandaWTF. And I'll use a login for the Discord account, a usual password just for fun. And then we don't need to particularly auto submit in this case. But I want to show you what we're going to end up working with. What I can do now is that I've created that as I can run katana. I'll go ahead and tack tack floor. So I'll remove the results directory we ever saved things in. And I'll use a configuration file for that RTCP.INI file that I just created. Now katana will be ready and willing to work with me. What I can do is I can type in CTF list, and it will automatically pull down all of the challenges for the CTF in a kind of situation and the status that I can work with within katana. This is cool. This is cool new functionality and features here. So we just saw 15 Q. That was the quick one. So let me go ahead and CTF show that number. CTF show 37 is the ID for that. And you could literally get the challenge prompt for this. And then if you wanted to, you could add it to a target or queue that up with maybe a file that that challenge includes. You could download or the description. So let me go ahead and do that with R1 that we're showcasing just now. Let me get to CTF list to see all those again. That one was called notice me senpai. So that's ID number 62. Let's use CTF show 62. And here is that challenge prompts and we could go ahead and queue it. What I'll show you is how you can queue the whole description, but that kind of spirals to insanity. So let's go ahead and CTF queue 62. It will go ahead and queue nothing because there was no file to download with it. What CTF queue can do is it can actually include the description if the worthwhile information is part of that challenge prompt and not given in a file or something to ask you with. So let me go ahead and do that with tack D or tack tack description in that case. Now you can see there are a lot of units just spiraling off to go work and do their thing. I think this gets stuck in Caesar 255 for like a long, long time. Maybe eventually that will go ahead and solve it for us. So let's actually just create a new terminal down here so I can show you it working in might have a more tighter way. Let's again turn on the virtual environment source and bin activates. And now I won't do that in the interpret in interpretive way. I'll go ahead and use Python tack m katana tack tack force. I'm going to specify the flag format as RTCP just with command line arguments and I'll go ahead and give it this string here. So let's go ahead and specify that is what we're going to use as our target and it will take Katana a little bit of time to work through this. Not as much time as it's spiraling to 255, but it should be able to get it to vorus in a couple seconds. Let me say that with my fingers crossed. Okay, there we go. Now it tracked down rail fence with the proper offset and rail number for us. If you knew, hey, I just want to run a rail fence cipher on this. I just want to see how it would work. Well, you can use tack tack units and then rail fence. You could pass into it and then boom, it should just spit out the flag once it runs for us. Famous last words, right? Okay, cool. So there we go. That runs a little bit faster right now. I think he's still kind of confused up top with what Caesar might be doing with it or we're spiraling away from all the other things, but you could just as easily if you didn't want to see that happen anymore. Let me zoom back in on this. We can see we do have these units running. We could run target list on the targets that we're particularly working with. It has a specific hash. We could go ahead and target stop and then I can tab to autocomplete that hash. Now that isn't running anymore. Now that's totally fine. So let me just CTFQ 62 or show 62 one more time so I can get that string and now let's go ahead and target add this, run that and that should be ideally a little bit faster because now it's not going to try and Caesar 255 or any other operations on all of that actual challenge description. Now it just kind of zoomed in on that flag itself. So okay, that's how we could solve that with Katana. It was just a simple rail fence cipher, a little bit obscure and trying to track that down though. And same thing with those actual offset and rails number for that cipher. So we could brute force that and Katana would try and massage it and try and track down where is a flag in that mess and that's exactly what this is doing. Let me see what we can see when I show that argument. I think it's hard to view. There it is, yeah. So that is the hash for that specific target. And now we could see it tried to at bash it. It tried to run it against Caesar. It tried to run against Caesar 255. Tons and tons of things that are being created here, base 85, base 58, blah, blah, blah. Let me search for our rail fence cipher. Okay, it tried a bunch of these. Why is it saving artifact? Oh, that's because of base 58. It's as a child of rail fence. A lot of noise, a lot of nonsense. But anyway, Katana just ripped through it and that's the whole point is it was able to carve out a flag and try everything for us. Okay, I talked a lot and that's the end of the video. I hope you guys enjoyed just three challenges within RTCP, Rice, TCat, Panda, CTF. We're gonna get a little bit more done soon. I want to keep recording. Thank you guys for watching. I hope you enjoyed this video. If you did, press that like button. If you didn't, press the dislike button twice so you know I hated it that much. I'm really bad at outros. All right, I'm just gonna end the video. Bye everybody.