 How's it going everybody? My name is John Hammond, Pico CTO 2019. This is the Caesar challenge for 100 points in the cryptography section. It says decrypt this message. You can find the cipher text here at that location on the shell server. Let's just go ahead and download this and work with it. So I'm going to move into that Caesar directory that I just created. Let's W get that file so we're working with. It simply is the flag in the typical flag format, but only this section is what seems to be kind of encoded in that regular Caesar cipher cryptography. Maybe the key is not strictly 13, as we saw in the previous video. In this case, it might be anything, again, in that range 0 to the 26. So we can try and brute force that. I'm going to do that with the Caesar command, which we got as part of the BSD games package we installed in the last video. So we could simply echo this right into Caesar and we can supply any key that we want as an argument. You can see that I changed the number and that's kind of modifying what it might end up being. What I'm going to end up doing is actually modify a little for loop. I'll do for I in 1, 2, 26. I'll do echo that string one last time into Caesar with that I variable so we can literally look through all of these results. And maybe one of them might look like English to us. I'll scroll through this and I see one of these is crossing the Rubicon API SVSUJ. So some randomness there, but that looks like English. We could simply just wrap that in that Pico CTF format here. I'll paste that in and I'll echo that into a flag dot text for us. If we wanted to, just in that loop, we could determine what that number particularly is. We could echo out our I variable with it. And we could say, okay, that's at 25 and that way we could use that as a key. Simply use that in our own simple command line that we might use for a get flag data stage script, whatever the case may be. But that is our flag. Let's grab that and paste that in to grab our 100 points. Not too difficult challenge. If you want to use some online tools to do that, you absolutely could. But it's nice and easy with that Caesar utility. We'll move on to the next challenge, because that was pretty quick. This one is don't use client side for 100 points and web exploitation. It says, can you break into the super secure portal? Gives us a link here, another portal we need to access to and one hosted on port 80. I'll jump over to that link. It says, this is the secure login portal. Enter valid credentials to proceed and please subscribe. You can trust that I typed that, even though there are bullets there, whatever. Let's look at the view source, because it obviously didn't let us in. We can see some JavaScript. Again, that's client side code. Talked about that in another video. It has a verify function. Looks like it has a lot of if statements and conditionals to determine whether or not the input that we pass in, with that pass kind of input box, value can be kind of segmented to different sections that would essentially build out the flag. I can see Pico, CTF, et cetera, et cetera. I'm just going to do some simple deductive reasoning, honestly, and we'll try and carve out what that flag might be for us. Let's finish the Caesar one and make directory don't use client side. Okay, cool. Now let's nano flag and let's say Pico, CTF, and it's probably no C, no client side. Oh, I totally killed that because I hit control shift C, rather than shift C. Get out of here, DevTools. Know what I need right now. Just paste that guy in. No C client, I'm assuming. No client, please. I see that nine and I'm assuming that that zero FF3 is the regular hex that's included at the very, very end of all the flags that we've seen thus far. So that should simply be the flag that we need, just kind of some deductive reasoning, not needing to reverse that JavaScript. That would just take too much time and be silly. So I'll paste that in. That's correct, great. Thank you guys for watching. I think I'm going to end the video now because we burned through those and those are nice and easy and simple. Thank you guys for watching. I hope you enjoyed this. Please do like, comment, and subscribe. Love to see you on Discord. Link in description. Love to see you on Patreon, PayPal, et cetera. Take care.