 What's up YouTube? My name is John Hammond. Welcome back to some more Pico CTF 2018. This is a video write-up on some of the cryptography warm-up challenges and just a few others that follow. So this first one crypto warm-up one is 75 points. It says Creepytoe or a typo on crypto. That's funny. Can often be done by hand. Here's a message you got from a friend seemingly gibberish with the key of this is a little key. Can you use this table to solve it? So let's go ahead and just download this and I'm actually going to do this in I'm going to use curl for this. Let's make a directory for it. Creepytoe crypto warm-up one and I'm going to use curl to download this because it's nothing huge. It's just this bit of information. So this is the table that it suggests us to look at right and this essentially is trying to put together or illustrate the encryption and decryption of another message or a plain text a plain text message with a specific key. So letter by letter you would look at one of the letters that okay let's say is in the original plain text message. I'm sorry I'm blocking my mind trying to think about this and you would use that as a row or a column and then you would use the other first letter or the corresponding letter position in the key and you'd use that as the other maybe your column or row and then because of this transition on the table because it shifted the alphabet has shifted kind of letter by letter in this case as you kind of move either across one row or down one row as you can see that is what is going to end up giving you the letter of your excuse me the letter of your cipher text. So the letter inside the grid here inside the table is what you would expect to see as your cipher text. So in our case we're given something a little bit interesting we're given this ll blah blah blah with this is a little key as the key here so I'm just going to paste this so we know what it is and this is a little key and I'm going to try and illustrate this or explain this and how we would go ahead and decrypt it by hand but I'm not going to have us decrypt it by hand because that's stupid and dumb we're smarter than that and we know that we can automate these things. So let's say we had the letter l and that's our our cipher text right and we know that it is in the middle of the grid because it's our cipher text but we also know it's going to be in the t column of something right because the key in the corresponding side is a what we're using as one edge or the the boundary and barrier of this this table here. So let's find l in let's say a t column here so I'm going to move down until I find l there it is and if I move all the way from that l to determine what it would be on the plain text side or what we've deemed to be the plain text side we would see s so we know that s is going to be the first letter of our plain text let's do the same thing for l but now this h as what we're using from our key so h let's say the column here look for again l so I'm sorry we see that the following letter should be e so c s e so whatever that could mean following we could go through that procedure until we got it however I want to kind of enlighten you and teach you a little bit more about what we're actually looking at here so this whole block this whole this whole diagram this whole table that we see is the alphabet shifted over and over again in a peculiar way right it's just one character by character so the real name of this is something that is associated with vignere and I'm saying that wrong I don't know the correct pronunciation but the vignere whatever that cipher is a form of a polyalphabetic substitution cipher and it uses a table or the vignere table which is the vignere square which is exactly what we're looking at that's that text table dot text file that we just downloaded so this is a vignere cipher we can actually if we wanted to do something online let's just get like a vignere cipher decoder and just take a link here that's perfectly fine let's say okay cool it already knows what we're doing here because I tested this earlier we have the cipher text that we can paste in we know the key so we can paste that in and then we can run decrypt vignere and it says secret message that is the full decryption or the full original plain text given the cipher text and key that we know so I actually have another video on writing this or doing this in python and I think it's part of the tj ctf video series and I do this often right I the vignere cipher is a kind of a common thing in capture flag competition so you can totally find it I certainly have videos on it but right now we know that our flag is pico ctf secret message and I could write something to do a get flag script with with running this but I'm not going to track down that actually I screw it I'll track down that code let's see if I still have it I may not because I tried to clean my hard drive vignere square vignere cipher looks like I have it or a copy of it oh these I have it in my original pico ctf folder so let's try that suble vignere cipher pull it up and I have insert the message that I'm using or really the the cipher text that I want to see so I'm gonna run decrypt on it encrypted this is the little key and what I'm doing is I'm taking the lowercase letters of the alphabet and I don't know if any digits in there I can probably remove that but I guess it's doing it just fine and I loop through the key if it's not the same size I iterate it and cycle it if it's not the same size because you will have to repeat the key until it's the length of the message that you originally see if your key is less than that but since our key is 13 characters and our message is 13 characters it's totally fine in this case uh I remove punctuation because that's kind of the habit and the standard that you would do in vignere cipher and and then I try to take the position that I see or the cipher letter and the key letter that I'm finding finding the original index and shifting or rotating the alphabet just as you would see on that vignere square or the vignere table and then determining what the new character is based off of the index of the cipher so I'm essentially automating what we did when we visually looked at it and I put it all together and decrypt I just go the other way on that table so I can run this and we see secret message so I'll save this as get flag dot pi and I will print out pico ctf with the format specifier formatting decrypt in there and that is our get flag script so mark that as executable and we've already got that flag saved so we're good let's mark that crypto warm-up challenge as complete and I should probably copy the flag go ahead and submit it oh it's not running because I changed the directory name stupid me submit 75 points oh oh it probably doesn't even need it I think it's just let's check out what these hints say submit your answer in our competition flag format for example if your answer was oh please use all caps for the message odd let's uh let's change that up in our script let's actually do that for our get flag script in here replace it redirect it to flag dot text flag dot text x clip it and submit that there we go that's much better sorry about that okay properly spelled crypto cryptography doesn't have to be complicated have you heard of something called rot 13 so if you don't know this again you can google it rot 13 it is a simple letter substitution that is essentially a caesar cipher right if you haven't heard of a caesar cipher it is that shift of the alphabet or just moving the letters rot 13 is moving the alphabet kind of in half right because 26 letters 13 of them so you just move them over to the other side of the alphabet you can read more a little bit about the page but it's a common common thing again you have online tools if you want to work with them you can paste them in and get the flag just like that pico ctf this is crypto if you want to do it from the command line and automate everything just like I do you can go ahead and do that let's get the original prompt here make a directory for it all market is complete again crypto warm up to nano let's do get flag dot sh bin bash echo this and pipe it to rot 13 so rot 13 is installed from bsd games so sudo apt install bsd games and you get uh caesar which allow you to actually control the shift but rot 13 will only shift by 13 characters so that's kind of a an interesting thing a peculiar thing and a good tool to have in your command line toolkit already solved it all right let's check out grep one because this is another simple simple challenge you can find the flag in this file we don't need it on the shell server let's just go ahead and download it and we have used grep before in a previous video so hopefully it won't be too hard to pick up or grab just because I've tried to showcase a little bit before make directory grep and let's mark it as complete just because we're confident and we know we're going to get it let's uh download this and let's grep for pico ctf let's do everything let's just get the flag format that we want out of the file and just like that easy let's get color equals none in there you might have to do the the same thing because your ending hash or the hexadecimal stuff that's added at the end of your flag will be specific to your account so don't use my flag paste that in kind of simple in this case but knowing the flag format is what is important in this case and grep to just quickly hunt and search for stuff is important because if we would actually check out the file there's a lot of nonsense in here right and it's probably all on one line so we would just regularly grep you could just grep for oh let's look for pico ctf uh in the file and oh I guess you'll find it anyway it is on its own line peculiar cool but good to know if you want to yeah it's on its own line wow if you want to determine only what you are returning just to use that tack lowercase oh and you'll get only which is which is a good hint so let's submit that um netcat using netcat will be a necessary whoa sorry will be a necessity throughout throughout your adventure I gotta stop this video I'm gonna lose my tongue can you connect to this at this port to get the flag I've covered netcat a lot and it's super important in a lot of like ctf challenges and in capture the flag competitions so let's go ahead and make a directory for this challenge simply netcat I probably could have marked out as complete but netcat to a specific host if you don't know what netcat is it is a program that will allow you to connect to a remote host on a service on a specific port so some software or some script or some code that's running on that service or kind of controlling that socket is what you are connecting to and what you're gonna interact with so you netcat to a specific host at a specific port and as you are connected it says hey that wasn't so hard and it gives us the flag so super simple challenge I'm gonna use tail tack end so I get the very last line and that is going to be our get flag script shebang line as usual pump our line in there market is executable flag dot text x clip it and we can paste that in so cool hopefully that one is another simple and easy one to showcase a little bit of the cryptography stuff and showcase simple grep and netcat so we're moving through pico and hopefully we'll get into some of the more fun and hardcore interesting stuff later on but certainly the first couple of levels are a little trivial and very very beginner friendly for people that have seen this kind of stuff before