Juniors CTF 2016 :: Lost Code
Key Takeaways
Solves Junior's CTF 2016 challenges
Full Transcript
hey what's up everybody welcome back another YouTube video my name is John Hammond still showing off the junior CTF a game that was going on over the past weekend and uh I wanted to Showcase some of the some of the small challenges that I was able to solve and demonstrate them for you so the next one was a trivial challenge apparently this was in their easy category so it's only about 300 points now they had Dynamic scoring so they were all originally 500 and then fluctuate with however many people actually solved the challenge so okay Lost Code trivial brute force and uh again based off of this Gravity Falls cartoon here um I honestly didn't even read this description because I'm like okay whatever I don't really care about all this stuff I just want to know the technical challenge here so okay your hacker skills can be useful help gide into crack the safe you need this special pick lock so they're using this like weird cryptic hosting thing so I go ahead and download this this this ZIP archive um and I'll just create a folder for it Lost Code now let's hop on to our terminal and take a look at it unzip this archive here and I can change directory and take a look at the files we have and they're all Windows executable so whatever I'm assuming I can run them with wine thankfully I can I don't know if I can get rid of that uh error message oh oh sweet I can okay so the the thing here says it's a safe brute forcer try to guess any character Zero through nine a through f um 32 times so it's a 32 wide string uh and it'll give us a one or a zero depending on what it is uh-h will show this help but I guess if you just pass in dash DB and you give it a string of characters it will supposedly like do things for you I'm I'm just going to leave this error here I'm perfectly fine with seeing it I guess if you guys don't care um so according to this R1 and like I I don't know what that what index that refers to maybe r a some other character is is in the correct spot and same with so the one means that that is a correct character for the correct spot so if I change this to like a zero here that first one will turn into a zero because know that is the wrong character so we know it has to be one okay so the idea is to root Force this right so we can script it pretty easily um here I'll show you the code that I ended up writing out and we'll crank it out together so I'm going get Sublime Text open and working here drag this down taking my notes off to the side don't look so Juniors Lost Code get flag. py or whatever we really want to name it and I'll add a shebang line as usual even though I always struggle typing these things and it literally bogs down every video I create so I'm using subprocess as a module to be able to actually like call the function and then I imported lowercase letters and digits because that's what it said it was made up of so I'll actually shrink this and what I did is I created I concatenated those video those things together pool equals SK lowercase in digits and I created like a general purpose like get results or like a check function so what I did is I would have subprocess check the output of that command I was using wine lost .exe DB and I'd concatenate on our um what we're sending through to it and I actually have to split this up because subprocess takes its arguments as an array so I split this and I think that's all I did and then I wanted to actually get the line like the very last result just in case so I I think the output should give it to us anyway once we're sending it to us but yeah I ended up splitting that initially too I'm actually not going to worry about that I'm looking at my notes and think I don't think I have to do that because it should return to us anyway we can just test it I mean we could just run get result print and like a * 32 oh we'll move get flag into the actual directory make sure we're working with the actual code and Sublime Text okay cool am I in lost now no Mar our script executable be able to run it okay so it does it does pass things in okay and we can view them as the string sweet so now what I ended up doing was like creating a list of the characters that I know so I just set this to be a random list and I can set any index all like however I want while I Loop through it so what I did is I literally looped through all the characters in the pool just like I kind of did with a * 32 I can do that for every single character for C in pool I can say uh our string can be that character 32 times and then the result will be the result that we get once we send it our string and for anything that we see as we Loop through that result we can get the index of all these ones and say that our new characters the string that we're building that index should be the character that we're looking at so we can keep track of the actual one successes that we get and build them up into a a list that is built over time as we Loop through all of these so for I in I get I want to go through the index here if the result I if the current index we're looking at is a one a one then we know that that is the correct character so we can say our characters the one that we're looking at that index can be the current character we're looking at so ideally at the end of this Loop we should have all the characters in a list so let's join them as a as a string and if we wanted to we can print out the character that we're looking at and the result that we get just so you get some visual thing as to what's really happening here so I can run get flag and it print through all of these things oh and what did I do wrong here oh I think because I didn't split the initial output it might be reading a new line character so I actually am going to go back to my get result and go ahead and split that um we ended up taking the string of its split right so we can take the string of oh we don't need to take the string of anything as that's already done we just need it on the actual output that we got we can split the actual output by new lines and just get the first result from it okay how now hopefully ideally NOP still wrong okay well it looks like it's just having trouble because it's an array we can just kind of change it to a dictionary if we wanted to and then we can print out the values because the values are what we're actually iterating the what we're adding to so now let's try it okay cool We're looping through it and sweet we get what should be the flag see this eight is in the right spot looks like this six is in the right spot so we don't actually have to print these all out if we don't want to and I guess if we wanted to we can get flag all this stuff see these error messages can we get rid of those I don't know if we can very easily do it okay sweet we can and there's our flag so we can wrap that in a bash script if we wanted to just to just to crank that out so that's what you ended up submitting that is um the key that they that the program will take obviously to get all the successes line lost 11111 and that is the flag so you go ahead and submit that and there you go so sorry all those hiccups writing the script for some reason that seemed to work on my notes yesterday but now it didn't today maybe I don't know whatever a dictionary is probably a better thing to use anyway other than an array because like you can't really create an index at those places that haven't already been created those indexes that haven't already been created yet you can ever do that with the dictionary so that's what we ended up doing so thanks for watching guys hope you enjoyed this one I think it was kind of cool to do some scripting for this one because the brute force was simple but easy enough for us to just crank out um with an with a interesting idea just send the same character 32 times over and get all those indexes where it's in the right place and we just compile all those correctness things and we have the flag so all right thanks again guys hope you're enjoying these and uh I'll show off some later challenges in the the next video see you soon
Original Description
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 47 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
▶
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
Related Reads
📰
📰
📰
📰
CyberChef is Overkill for Quick Text Jobs — Here's What to Use Instead
Dev.to · wendygostudio
From Public Key to Admin Access: An RS256-to-HS256 JWT Confusion Attack on crAPI
Medium · Cybersecurity
Stop Claude Code Push Accidents at the Machine Level: Guarding Against Leaked API Keys and Wrong-Repo Pushes
Dev.to · Lily
You can't sign a negative
Dev.to · Colin Easton
🎓
Tutor Explanation
DeepCamp AI