 How's it going guys? My name is John Hammond. This is a video right up for the challenge of what bases this for 200 points in the general skills category of Pico CTF 2018. Challenge problem here is to be successful on your mission. You must be able to read data represented in different ways such as hexadecimal or binary. Can you get the flag from this program to prove you're ready? Connect with this command here. So I'm going to go ahead and connect to this and it's kind of a long thing, right? If I just go ahead and go here to sort of start at the very beginning and make sure you understand how data is stored. Doctor? That's weird. If I input that. Oh shoot. Yeah. Okay. Sometimes I've noticed peculiar things in some of these services for Pico CTF. What will give the answer or like what it's expecting just kind of at the front of the service. So we will ignore that. That did correctly make that one right away. The next one is give me this information as hex as a word, etc. So right now see we're given binary and it wants it in as an ASCII word. Next we're given hex and it wants it as an ASCII word and we'll keep moving up from that. So let's just write a script to be able to do this because it says to make things interesting you have 30 seconds. So it's trying to encourage some scripting. But now that we now that we've actually interacted with the service, let's go ahead and like work with it. Let's create a Python script. I'm going to call mine ape.py. That's an inside joke, by the way. I know a lot of people ask about it. They say, why do you call your scripts like ape? And I say it's because I just throw stuff at the wall and see what sticks. Let's use PwnTools. Let's go ahead and use Pwn.remote with the host and the port being these. Host as a string port as a number or an integer. So let's say s for our session or a connection or whatever. And let's close it once we're done with it. Let's try and do print s.receive. And we're going to start from the very beginning. Please give me the blah, blah, blah as a word. Let's try and cut that out with import re. So s.receive, let's say prompt can equal this. Let's print out the prompt. Let's say binary can equal prompt dot. Oh, we want to use RE to find it out. So let's say RE.find all the string as a word. Let's go prompt. That should be a second argument. So I need to print these closing that, calling that function. And let's print out what we get. What is binary? Okay, we get the binary just like that. So let's go zero to carve that out. Let's go replace new line. I'm sorry, spaces, right? So now we have the binary and then let's go ahead and say int. So incorporate that int as a base and decimal. So we say base two to understand that in binary and then it converts it to decimal base 10. Now we can go hex on that and carve out the zero X at the start. We'll just slice it off. And then we can decode that from hex to get it to ASCII or a word. So we would send that. So our answer can be that. And let's go ahead and s dot send line answer. And then we'll do the next one. We'll keep moving. Let's do s dot receive. Check it out here. Okay. Now enter that as a word. So we'll use the exact same thing. Let's call this one hex. Hex a decimal. Let's print that out. See what we got here. And okay, we can just decode that one easily. Decode that to hex. And let's say that that is our answer, right? Do that again. Now let's get the next segment says please give me all of this as a word. So this is interesting because this is octal, right? Like you may not notice that you may think it's just like Ordinal values, but it's actually all like all less than eight and all less than seven, right? So we can say that we're going to have this now octal print octal. That's what we're working with. Okay. Carves it out just fine. Let's go ahead and remove all those spaces. And we'll say that is an integer base eight. Cool. So now we can mark that as hex a decimal. And now we can decode that. Once we slice it up, remove the zero X at the very start and decode it from hex. I have an odd length string. Am I wrong here? Maybe I am. Let's try a different message with that. Maybe that's not octal. Maybe I'm wrong. I'm sorry. I'm going to drag you guys down a mistake. Let's see octal. Let's do some list comprehension here. Let's just say X in octal dot split for X in. So let's say X. No. Should I have done that at base seven or something? No. Oh, well, wait, no, it's because I'm an idiot. You can't concatenate all those things and put them together. They are different numbers on their own. So let's, we do want to interpret all of these as octals. There we go. So now let's do character of the decimal number of the integer. Okay. And then we can put them together. So now we're getting real work. Good. So answer. I'm sorry. That was stupid. I'm an idiot. It's fine. Let's do S dot sun line answer. See what we got here. Move to the next one. Oh, sweet. We got the flag. Let's go ahead and print out the flag. Let's do. Actually, I don't even need that. Let's, yeah, let's print re dot find all pico CTF carve it out here. Zero. Good. And then we don't need any of these other stuff now anymore. So we get a simple clean. Pone dot context dot level. So that way it won't show all those connection strings. We can only get the flag. Did I do that wrong? Maybe I did. Let's do from Pone import all. And let's just do remote. We don't need that. What's the heck is going on? Is that because it's all right? Well, I don't care. I tried to test a little bit, but it doesn't really matter. As long as we're still getting the flag just like that. So interesting note here, the flag is just noted as a delusions about. Oh, market is executable. The flag is delusions about finding values. And I think that's a callback to delusions of grandeur, which is a, oh, geez, I don't like that. That's stupid. I'm sorry. It's a callback to delusions of grandeur, which is one of the Air Force Academy, like CTF player names. So, I mean, that's a reference between Martin, like Mr. Carlisle, who is working there and was originally an instructor at USAAF, US Air Force Academy is now with Pico CTF and the Carnegie Mellon team. I think he's, I don't know for sure. I may be wrong. I don't speak in his behalf, but I think he's working now at Carnegie Mellon, which is crazy cool. And a lot of the USAAF grads are actually some of the developers for Pico CTF have been some of the problem developers and the problem leads. And I know those guys, which is pretty cool. So, hey, shout out to you. I love you guys. Hope to see you very, very soon. Call me or something. We can hang out. I'd love to hang out and work with you guys. Hey, I want to give a quick shout out to the people that support me on Patreon. Thank you guys so much. $1 a month on Patreon. I'll give you a special shout out just like this at the end of every video. No, it's not much. It's just a little incentive to get your name up in lights or something or just have some celebration of you and your support. Thank you for being a good Samaritan and just helping me out. I appreciate your support with the channel. $5 a month on Patreon will give you early access to everything that I release on YouTube and just to share Google Drive folder. So, when I try and record a lot of these videos, like all this Pico CTF stuff, you don't have to wait for all the uploads to just finish. You can have them right away when they're recording and ready. So, if you did like this video, please do like, comment, and subscribe. I forget in my mind the blurb that I'm supposed to say next. Oh, the Discord server. I'm like in the middle of a stretch, too. This is awful. This is bad. Why do you guys even watch these videos? Please do join our Discord server. The link in the description. It's a cool community full of CTF players, programmers, and hackers. I hate. That's become just a slogan now. That's just become like what I say, but it probably doesn't even mean anything. Like, there's just cool people there. You can hang out with me, smart dudes, guys doing CTFs, guys trying to program, guys trying to just dig into the cybersecurity scene, and it's awesome. So, if you want to hang out, it would be really, really cool. I'm grateful and I love you for it. So, hope to see you in the next video. Hope to see you on Patreon. Have a great day.