 Hey, what's up everybody welcome back to the YouTube video my name is John Hammond still showing off the junior CTF again That was going on over the past weekend And I wanted to showcase some of those some of the small challenges that I was able to solve and demonstrate them for you So the next one was a trivial challenge. Apparently this was in their easy category So it's only about 300 points now they had dynamic scoring So they were all originally 500 and then fluctuate with however many people actually solve the challenge so okay lost code trivial brute force and Again, based off of this gravity falls cartoon here I honestly didn't even read this description because I'm like, okay, whatever. I don't really care about all this stuff I just want to know the technical challenge here. So okay Your hacker skills can be useful help Gideon to crack this safe. You need this special pick lock So they're using this like weird cryptic hosting thing. So I go ahead and download this this zip archive And I'll just create a folder for it lost code Now let's hop on over to a terminal and take a look at it Unzip this archive here, and I can change directory and take a look at the files that we have and they're all windows executable So whatever I'm assuming I can run them with wine. Thankfully I can I don't know if I can get rid of that error message Oh sweet, I can okay So the thing here says it's a safe brute-forcer try to guess any character 0 through 9 8 through f 32 times so it's a 32 wide string and it'll give us a 1 or 0 depending on what it is Dash H will show this help, but I guess if you just pass in dash dash B and you give it a string of characters It will supposedly Like do things for you. I'm gonna I'm just gonna leave this error here. I'm perfectly fine with seeing it I guess if you guys don't care So according to this are one and like I don't know what that what index that refers to you may bear a Some other characters it isn't the correct spot and same with so the one means that that is a correct character for the correct spot So if I change this to like a zero here that first one will turn into a zero because no that is the wrong character So we know it has to be one Okay, so the idea is to brute-force this right so we can script it pretty easily Here I'll show you the code that I ended up writing out and we'll crank it out together So I'm gonna get some blind text open and working here Drag this down Taking my notes off of the side. Don't look so Juniors lost good Get flag dot pie or whatever. We really want to name it And I'll add a shebang line as usual Even though I always struggle typing these things and it literally bogged down every video I create so I'm using sub-process as a module to be able to actually like call the function and then I imported lowercase letters and Digits because that's what it said it was made up of So I'll actually shrink this What I did is I created I concatenate those videos those things together pool equals sql lowercase and digits and I created like a general purpose like get results or like a check function So what I did is I would have sub-process check the output of that command. I was using wine lost Dot exe dash b and I concatenate on our What we're sending through to it and I actually have to split this up because sub-process takes its arguments as an array So I split this and I think that's all I did and Then I wanted to actually get the line like the very last result Just in case so I think the output should give it to us anyway once we're sending it to us, but Yeah, I ended up splitting that Initially, too I'm actually not gonna worry about that. I'm looking at my notes. I'm like, I don't think I have to do that because it should return to us Anyway, we can just test it. I mean we could just run get result print and Like a times 32 will move get flag into the actual directory Make sure we're working with the actual code and sublime text. Okay, cool. Am I in loss now? Muck our script executable be able to run it. Okay, so it does it does pass things in okay And we can view them as the string sweet So now what I ended up doing was like creating a list of the characters that I know So I just set this to be a random list and I can set any index all like however I want while I loop through it. So what I did is I literally loop through all the characters in the pool Just like I kind of did with a times 32. I can do that for every single character for C in pool I can say our string can be that character 32 times and the result will be the result that we get once we send it our string and For anything that we see as we loop through that result We can get the index of all these ones and say that our new characters the string that we're building That index should be the character that we're looking at So we can keep track of the actual one successes that we get and build them up into a list That is built over time as we loop through all of these so for I in I get I want to go through the index here If the results I if the current index we're looking at is a one a One then we know that that is the correct character So we can say our characters the one that we're looking at that index can be the current character We're looking at so ideally at the end of this loop. We should have all the characters in a list So let's join them as a as a string and If we wanted to we can print out the character that we're looking at and The result that we get Just so you get some visual thing as to what's really happening here So I can run get flag and it prints through all of these things. Oh, and what did I do wrong here? Oh I think because I didn't split the initial output it might be reading a new line character So actually I'm gonna go back to my get result and go ahead and split that We ended up taking the string of it split right so We can take the string of We don't need to take the string of anything as it's already done We just need it on the actual output that we got we can split the actual output by new lines and just get the first Result from it. Okay. How now hopefully ideally No, still wrong. Okay. Well It looks like it's just having trouble because it's an array We can just kind of change it to a dictionary if we wanted to and Then we can print out the values because the values are what we're actually iterating The rule we're adding to so now let's try it Okay, cool. We're looping through it and Sweet we get what should be the flag. See this eight is in the right spot Looks like this six is in the right spot So we don't actually have to print these all out if we don't want to and I guess if we wanted to We can get flag all this stuff. See these error messages Can we get rid of those? I don't know if we can very easily do it. Okay, sweet. We can and there's our flag So we can wrap that in a bash script if we wanted to just to just crank that out So that's what you ended up submitting. That is the key that they that the program will take obviously To get all the successes lost One one one one and that is the flag. So you go ahead and submit that and There you go, so sorry all those pickups right in the script for some reason that seemed to work on my notes Yesterday, but now it didn't today. Maybe I don't know whatever a Dictionary is probably a better thing to use anyway other than an array because like you can't really create an index at those places That haven't already been created let those indexes that haven't already been created yet You can have already that with the dictionary. So that's what we ended up doing. So thanks for watching guys Hope you enjoyed this one I think it was kind of cool to do some scripting for this one because the brute force was simple But easy enough for us to just crank out With an interesting idea just send the same character 32 times over and get all those indexes words in the right place And we just compile all those correctness things and we have the flag. So alright Thanks again guys. Hope you're enjoying these and I'll show off some later Challenges in the next video. See you soon