 Hello, what is going on everybody? My name is John Hammond and welcome to hopefully a long series This is the first video in my attempt to record what I can of the pico CTF 2018 game I have another series on YouTube for pico CTF 2017 that I'm not completely finished yet But I just wanted to showcase pico CTF 2018 because it's been an awesome game Personally, I've only solved like as an individual. I think only up to 20,000 points worth of challenges But hopefully that's still okay and plenty to plenty to showcase as the game is now over and I can release some of this cool stuff I'm actually recording this before the game ends. So hope to have a little bit of time and some backlog stuff That I'll be able to show you. I'm not going to go through the game rendition of this I'm just going to be actually solving the CTF challenges through the problems page itself So I'm on I'm running Linux, right? And I'm gonna try and make this as beginner-friendly as I can for the first Segment or so or for the first like a couple of videos in the series So I'm still friendly to people that haven't been doing this for all too long So let's go go ahead and get started with the first couple of challenges running Linux So I have a terminal open. I have a folder created for the game I have a lot of the folders already created for the first couple of challenges that I want to solve in this video and We'll creep keep creating folders as we move on. So let's just go ahead and get started This first challenge here forensics warm-up one Can you just unzip this file for me and retrieve the flag? So if you wanted to you click on this and download it and move it into the folder or whatever What I like to do and I've been doing and a lot of recent videos It's just right click on a link and then open or copy the link address so that I can in my terminal W get it which is default a new bun to or I think it's default new bun to whatever Some Linux systems where we can just download that file If you don't have it you can pseudo after pseudo and yum install whatever package manager using hopefully you're running Linux So that way it'll automatically get the file in our current directory where I'm working within the terminal So we have a flag dot zip. I'm actually I do want to move this into forensics warm-up one And I totally forgot the flag file. All right, so One there we go now I can go ahead and work with this thing if you were to use just a file explorer You could click on it and open it up and that's cheesy and fun and cool But I want to do this from the command line want to automate it So I'm just going to unzip which is again a built in I think on Linux where we can if we have zip tools We can go ahead and unzip it and unzip flag dot zip and it will create this new file for those for us Flag dot jpeg. So I'm not I have no more EOG that image check it out here And it says Pico CTF welcome to forensics. I'm gonna try and write that down So I just use terminator right this in this case to go ahead and split my screen So I'm gonna use Pico CTF is all lowercase except for CTF's and It looks like all of this is lowercase welcome to forensics Cool, so I use nano as a text out of there just to go ahead and save that and Let's paste that in see if we get the points. Nope. I failed. I had an S in there Welcome to forensics not welcomes. I like to keep these zero this this video these these videos in this series Holy cow. I can't speak. I like to keep these videos pretty real. So hopefully you can bear with me. Hopefully it's fun Whatever, let's go ahead and close out of that. I don't need I have no I'm open anymore and once I move out of there I can move forensics warm-up one two Complete so now that that's marked complete we can move on all right Forensics warm-up two for some reason I can't open this PNG. Let's go ahead and check it out move into forensics warm-up two W get that file and Now we have it as a Image file just a PNG if I click on it though or opened up it just won't open It says fatal error reading PNG image not a PNG file So we could go ahead and run the file command on this file file flag dot PNG And it reads it as instead a JPEG image So what if we were to just simply rename this file to not flag dot PNG but flag dot JPEG now Could I simply I have known or open it in Nautilus as I had before so let's just run I have known flag that JPEG and it says pico CTF extensions are extensions are a lie. Nice Let's jot that down extensions are a lie and If I wanted to I can cat flag dot text And pipe it to X clip and if you don't have X to Excuse me. I'm sorry if you don't have X clip installed You can pseudo app install X clip if you wanted to and I actually just have it aliased to X clip Selection clipboard so whatever I pipe into will automatically be copied into my clipboard Go ahead and paste that in That's correct. Cool. We're moving on. Let's go ahead and move into general warm-up number one If I told you your grade was zero X for one in hexadecimal, what would it be in ASCII? You can check out the hints here and they're usually hints for a lot of these tasks, which is pretty handy It says submit your answer in our competitions flag format So example if your answer was hello, you would submit pico CTF curly braces hello as the flag So it just wraps around Let's go ahead and try that Let's move into another Folder for us after we mark this challenge as complete the previous one and our answer is Zero X for one in hexadecimal We want it in ASCII. So if you don't know what ASCII is you could go ahead and Google that There is such thing as an ASCII table, but ASCII is really just like okay the kind of procedure or character encoding standard for electronic communication So numbers in the range from zero to two five zero to two hundred and fifty five Have a kind of representation when you look at it as text So if you wanted to we could view in a ASCII table Which I guess I'm just gonna go for an image of standard character ASCII set If we had zero X for one, which is what we were looking at in hex right now I'm gonna fire up Python. So you can just see that in decimal is 65 So in our ASCII table if you wanted to check out the hexadecimal column the hex you can see in the middle there You can check out four one and that is six five in decimal as it sees in the same column The CHR or the character of it when it's considered to be represented in ASCII It's just a capital letter a so that should be the flag. Let's actually just take note of that flag text Pico CTF remember once it wrapped in there Pico CTF a and if we wanted to we could go ahead actually create a get flag script in Python, so I'm gonna do this in nano again. Let's do nano get flag dot pie Get a simple shebang line which is necessary for the system to know what kind of script we're running Let's go ahead and print out Pico CTF with curly braces and then let's use percent s to denote that I'm gonna be using a format Specifier here. I'm gonna use the percent sign and I want to take the string of 0x41 as we expected here So 0x41 is gonna be evaluated to in decimal because Python represents everything typically in decimal So it'll go 65 first and actually I'm sorry. We don't want the string of that We want the character version of it or it in ASCII. So it's not str We won't we're not gonna convert just the number 65 to a string. We want it converted to ASCII So let's use chr so you get the ASCII value. Let's go ahead and run Python get flag And it's Pico CTF a so great Let's convert that to an executable or not an it not convert to an executable market is executable with ch mod No, we can dot slash it and then if you wanted to just for any purposes You could redirect it to flag dot text, but we already have that done for us. So let's go ahead and submit this Paste it in we are correct cool, and I moved all of that into the Big folder here. Let's put it all in general warm-up Cool. So let's check out after we mark that one complete We can check out general warm-up number two What do we got here can you convert the number? 27 to binary or base two. Yeah, we can do that in Python a little bit more as well Let's go ahead into general warm-up two and let's go ahead and copy the general warm-up One get flag script into this directory So we can go ahead and nano that and then instead of actually converting this string of chr 0x 401 as we had in the other challenge. Let's actually take the number 27 treated as an integer and in Python You can actually pass a second argument to this integer function and you can say what base you wanted in So I'm going to say zero two But if we were to check this out in Python Comma two sorry not zero two. So base two if I were to check out what this gives me in Python int should be Converted as a string. Oh I'm sorry. I'm totally going wrong here We want to just run the function bin because it'll convert it to binary for us not into into will Expect to take a string given a base and interpret it as a different number. So bin two was really what we want here Except when I run bin two, you'll notice it returns a string for me But it uses zero B as a prefix to denote that. Okay, this is binary numbers here So we could actually go ahead and slice that and slicing in Python just means kind of indexing But cutting pieces off of it. So if I want to take the second character and Like the first two characters off I could say let's go zero to let's go two characters in and then Colon to cut from that position two characters in all the way to the end So all we have are the one one zero one one. It just slices that end bit off for us Just like that. So I'm totally wrong. I'm sorry. I kind of went down that rabbit hole with you know Giving you the wrong information. You're trying to call the in function when you should run the binary function Sweet, whatever. Let's go ahead and try and run that. Let's run Python Get flag and now we have Pico CTF One one zero one one submit. That's correct. Awesome. Let's go ahead and redirect that to a flag dot text file Just for good practice move general warm-up to to be complete and Let's check out get general warm-up three I'm probably saying words that I don't even mean to me mean to say here. Whatever You guys know how it is. What is this number zero x 3d base 16 hexadecimal in decimal base 10 This again wants it in the flag format. So let's do the exact same thing. Let's change directory into general warm-up three Copy general warm-up two All the way they're they're get flag strip all the way into this directory not too far on the file system Nano get flag to change the script up and let's go ahead and change the zero x 3d from decimal into Decimal base 10 so since Python will automatically want to convert this to decimal It'll go ahead and do that and then we can run str on it to get the number that we're expecting here So let's run Python get flag we get 61 redirect that to flag Dot text file x clip it so we have in our clipboard Let's go ahead and paste it in and we are moving just like that. So cool 250 points Just kind of breezing right through some of these. I hope you're learning a little bit just right now This is simple stuff, right? These are just warm-up challenges But they are still good at to knock out of the way and showcase what you can do with Python Python is certainly going to be your sword in a capsule flag or ccf game So I don't know don't take it lightly know how to do just about everything you want to do with it Hey quick shout out to the people that support me on patreon. Thank you guys so much I cannot say this enough you are what makes this channel a reality like in all and I'll complete off so you are my motivation The support structure that I need Well, that sounds good. It sounds kind of morbid like it. I don't know whatever I'm not depressed or anything one dollar a month on patreon will give you a special shout out just like this at the end Every video um it super duper helps me It's I'm just grateful for it five dollars a month on patreon will give you early access to everything that are released on YouTube before it goes live. It's kind of early access to some of my videos, but I Lately have been pretty bad about getting some stuff out in the system out in the world So I apologize for the for that, but hopefully maybe it'll come in handy Maybe and I'm grateful for anything that you're just willing to support and help with so hey If you like this video, please do like comment and subscribe I'm gonna be doing a lot more of these hope to showcase some more pico ctf 2018 and other caps to flag competitions and challenges cool stuff Please do join our discord server link in description. It's a cool community full of ctf players programmers and hackers You can hang out with me other awesome people and it's just a really cool community If you want to learn something new and just kind of get exposure to the field like this So thank you guys so much for watching. I love you. I'll see you in the next video