 What is up everybody? John Hammond here still looking at some of the Google capture the flag Competition and the beginners quest content. So before we jump into that quick shout out to live overflow Who is another awesome youtuber? Does the same cybersecurity capture flag hacking content stuff that I do? And he was willing to play and take a look at the Google CTF with me just past weekend He looked at some legitimate hardcore challenges Google CTF puts out some Significant brain teasers and and pretty difficult challenges for a capture flag competition stuff That's over my head, but we took a gander at one of the web challenges JS safe 2.0 And he was able to solve it. He did some really awesome reverse engineering We're with it and debugging and cool cool stuff. So props to him and Hopefully we'll be able to cover some more video content together But if you haven't seen him before check him out on YouTube subscribe to his stuff and uh We'll work together soon. So let's go back to Google capture flag a little bit of the beginners quest I'll showcase what I can here and Let's move to one of the later miscellaneous challenges up at the top here after that path has opened up This challenge is called OCR is cool Caesar once said don't stab me but taking a screenshot of an image sure feels like being stabbed You connect to a VNC server on the Fubanizer 9000. It was view only Screenshot is all that was present, but it's gibberish. Can you recover the original text? So let's go ahead and download this attachment. So we've got to work with I'm working in a my own director here GCTF And let's call this OCR is cool to match the challenge prompt that challenge here And let's actually get a command line open So we can work with this let's get into OCR is cool. Looks like we have another hash file name here It's a zip archive. So let's move that to OCR dot zip Unzip it and now we've got OCR is cool.png. Let's see what this file is It looks like a Gmail Email so okay Google mail email Your iDrop drive is ready the content of this email looks like gibberish just like the challenge said I Don't know why or how? Hmm Okay, let's take a look here and figure out what this thing really is OCR reference that that challenge title and that the challenge prompt is A note and a nod towards the obstacle character recognition So from an image being able to read out some of the plain text characters So my methodology for challenge like this is for one thing get the image really really big That way you can get better OCR or better optical character recognition Right now this is 1919 by 1079 so 1919 characters by 1079 characters not that huge So what I like to do is I like to use the convert command from the image magic suite and I'll convert that original image OCR is cool, and I'll scale it like tax scale, and I'll make it like 200% or 300% I don't know let's see what we go see how we do with like output dot PNG it needs a needs a Saving file name and that might take a second, but now we have output dot PNG which is significantly larger, right? But it's still the same image just scaled to be a lot larger So now we can run an OCR program and a good command line one that I know on Linux is called tesseract If you don't have it installed, I think you can pseudo app to install like Tesseract tack OCR. I think is a package name gotta admit. I don't know But if you try to type tesseract it may be able to recommend it for you so I can type tesseract on output dot PNG and this says it needs a Image name and an output base. So let's call it like out and It will run may take a little bit of time But once we're done that output base name in this case I just specified out should be filled or created with a out dot text And again, this will take longer depending on the size of the image But if you give it a good image with some high definition characters, hopefully you'll get a Better quality OCR process. So now we see we have an out dot text file let's try and view it cat out dot text and This Probably has some errors, right? I see compose that works. Well, you're I drew us ready in box Some of these words aren't all coming through correctly dump drive blah blah blah So not the best results, but something we can still work with I guess I Wonder what this thing is right the challenge prompts here when we looked at Firefox said Caesar So maybe this is a Caesar cipher I tried to pipe this to rot 13, which is a command line program that's installed when you pseudo apt install BSD games and If you actually look at the man page for it It gives you a note that you also have another program like Caesar Which will give you an let you use an argument for the number of rotations that you want to use here So it will try and do a Caesar cipher It attempts to decrypt Caesar ciphers using the English letter of frequency statistics Caesar reach from centered input and writes the centered output. So we can use that program Caesar if we wanted to Let's pipe this to rot 13. See if we get any results. Looks like not whatever. Okay, so let's try and bring it to Caesar Caesar one Still looks like nonsense. These are two still looks like nonsense, etc Let's try and bring this through a loop through all of the possible letters and let's see if we can get anything So what I did is a four I in and then I use my curly braces and I go zero dot-dot 26 so The alphabet 26 characters long do cat out dot text and If we done this right now, it looks like it'll run through 26 times and trying to cat out that that thing But let's pipe that into Caesar dollar sign. I so If we want to we can echo Inside of our do right because that's the noting our code block echo I Dot-dot-dot-dot So we have a note of what iteration we're actually on and let's less this so we can start to look through zero Obviously not gonna do much One not gonna do much We can if we'd like to forward slash dot-dot-dot-dot so we can oh that was probably a bad key to use because that will match Just about anything so let's change this to hyphen hyphen hyphen hyphen Cool, so now we can search for hyphens hyphens hyphens hyphens and we'll jump over and over again to the next iteration For still looks like nothing fives looks like nothing six still looks like nothing seven I Starting to see some English words here. We happy to welcome PP and that's not really We're our newest cloud maybe file sharing place blah blah blah so So wherever you go Your files follow. Oh, you can quickly lose this. There's a flag There was there is what looks like a flag here Um Okay, so we can determine that that is the key or is the Caesar Cypher number that we want to use so seven and we have the actual flag that we can grip or we can we can Observe out of the image. So if I were to EOG the OCR is cool here. We can zoom around. Okay, and that This text VMI inside the curly braces must be what we're actually going to work with so Let's background that so we can see it Let's get nano open side by side flag dot Caesar and We can if we wanted to write that out if you want to do it by hand not the best methodology because we want to do that all by see OCR but if We the flag honestly isn't going to be too long. So it'll be okay for us to try and type that out At least I say that as I'm trying to Say some filler filler statements so I can actually type this all out, but Now if we cat flag Caesar into Caesar seven because we know that's the key It says CTF Caesar Cypher is a substitution cypher. So we finally got the flag just like that Cool again, this one's kind of hard to automate. So I didn't create a Get flags grip for this when I was playing the game but that methodologies where I use I can jot that down and like a Solution dot text if I wanted to to maybe create a write-up later on But that is how I solved that challenge. I kind of looked through. Okay, what text can I get out with? OCR Looking at Caesar Cypher's or possible keys for Caesar Cypher and then found the flag and tried to ease it out on my own just like that cool, let's mark this challenge as complete and Thank you guys for watching. I hope you're enjoying this and hope you're enjoying some of these videos I know it is the beginners quest. So it's not the hardcore real stuff of the Google capture the flag but hey, we're all beginners in some way. We're all starting to learn and That's what's important learning getting better. So another shout-out to live overflow. Please check out some of his content He's a really cool guy and hopefully we'll be able to do more collaborative stuff pretty soon. Check out his channel. You totally should Hey, if you'd like this video, please click that like button if you'd like to leave me a comment Let me know what you think. Let me know what else you'd like to see Please do if you're willing to subscribe. I would thanks again. See you soon