Juniors CTF 2016 :: Lost Code

John Hammond · Intermediate ·🔐 Cybersecurity ·9y ago

Key Takeaways

Solves Junior's CTF 2016 challenges

Full Transcript

hey what's up everybody welcome back another YouTube video my name is John Hammond still showing off the junior CTF a game that was going on over the past weekend and uh I wanted to Showcase some of the some of the small challenges that I was able to solve and demonstrate them for you so the next one was a trivial challenge apparently this was in their easy category so it's only about 300 points now they had Dynamic scoring so they were all originally 500 and then fluctuate with however many people actually solved the challenge so okay Lost Code trivial brute force and uh again based off of this Gravity Falls cartoon here um I honestly didn't even read this description because I'm like okay whatever I don't really care about all this stuff I just want to know the technical challenge here so okay your hacker skills can be useful help gide into crack the safe you need this special pick lock so they're using this like weird cryptic hosting thing so I go ahead and download this this this ZIP archive um and I'll just create a folder for it Lost Code now let's hop on to our terminal and take a look at it unzip this archive here and I can change directory and take a look at the files we have and they're all Windows executable so whatever I'm assuming I can run them with wine thankfully I can I don't know if I can get rid of that uh error message oh oh sweet I can okay so the the thing here says it's a safe brute forcer try to guess any character Zero through nine a through f um 32 times so it's a 32 wide string uh and it'll give us a one or a zero depending on what it is uh-h will show this help but I guess if you just pass in dash DB and you give it a string of characters it will supposedly like do things for you I'm I'm just going to leave this error here I'm perfectly fine with seeing it I guess if you guys don't care um so according to this R1 and like I I don't know what that what index that refers to maybe r a some other character is is in the correct spot and same with so the one means that that is a correct character for the correct spot so if I change this to like a zero here that first one will turn into a zero because know that is the wrong character so we know it has to be one okay so the idea is to root Force this right so we can script it pretty easily um here I'll show you the code that I ended up writing out and we'll crank it out together so I'm going get Sublime Text open and working here drag this down taking my notes off to the side don't look so Juniors Lost Code get flag. py or whatever we really want to name it and I'll add a shebang line as usual even though I always struggle typing these things and it literally bogs down every video I create so I'm using subprocess as a module to be able to actually like call the function and then I imported lowercase letters and digits because that's what it said it was made up of so I'll actually shrink this and what I did is I created I concatenated those video those things together pool equals SK lowercase in digits and I created like a general purpose like get results or like a check function so what I did is I would have subprocess check the output of that command I was using wine lost .exe DB and I'd concatenate on our um what we're sending through to it and I actually have to split this up because subprocess takes its arguments as an array so I split this and I think that's all I did and then I wanted to actually get the line like the very last result just in case so I I think the output should give it to us anyway once we're sending it to us but yeah I ended up splitting that initially too I'm actually not going to worry about that I'm looking at my notes and think I don't think I have to do that because it should return to us anyway we can just test it I mean we could just run get result print and like a * 32 oh we'll move get flag into the actual directory make sure we're working with the actual code and Sublime Text okay cool am I in lost now no Mar our script executable be able to run it okay so it does it does pass things in okay and we can view them as the string sweet so now what I ended up doing was like creating a list of the characters that I know so I just set this to be a random list and I can set any index all like however I want while I Loop through it so what I did is I literally looped through all the characters in the pool just like I kind of did with a * 32 I can do that for every single character for C in pool I can say uh our string can be that character 32 times and then the result will be the result that we get once we send it our string and for anything that we see as we Loop through that result we can get the index of all these ones and say that our new characters the string that we're building that index should be the character that we're looking at so we can keep track of the actual one successes that we get and build them up into a a list that is built over time as we Loop through all of these so for I in I get I want to go through the index here if the result I if the current index we're looking at is a one a one then we know that that is the correct character so we can say our characters the one that we're looking at that index can be the current character we're looking at so ideally at the end of this Loop we should have all the characters in a list so let's join them as a as a string and if we wanted to we can print out the character that we're looking at and the result that we get just so you get some visual thing as to what's really happening here so I can run get flag and it print through all of these things oh and what did I do wrong here oh I think because I didn't split the initial output it might be reading a new line character so I actually am going to go back to my get result and go ahead and split that um we ended up taking the string of its split right so we can take the string of oh we don't need to take the string of anything as that's already done we just need it on the actual output that we got we can split the actual output by new lines and just get the first result from it okay how now hopefully ideally NOP still wrong okay well it looks like it's just having trouble because it's an array we can just kind of change it to a dictionary if we wanted to and then we can print out the values because the values are what we're actually iterating the what we're adding to so now let's try it okay cool We're looping through it and sweet we get what should be the flag see this eight is in the right spot looks like this six is in the right spot so we don't actually have to print these all out if we don't want to and I guess if we wanted to we can get flag all this stuff see these error messages can we get rid of those I don't know if we can very easily do it okay sweet we can and there's our flag so we can wrap that in a bash script if we wanted to just to just to crank that out so that's what you ended up submitting that is um the key that they that the program will take obviously to get all the successes line lost 11111 and that is the flag so you go ahead and submit that and there you go so sorry all those hiccups writing the script for some reason that seemed to work on my notes yesterday but now it didn't today maybe I don't know whatever a dictionary is probably a better thing to use anyway other than an array because like you can't really create an index at those places that haven't already been created those indexes that haven't already been created yet you can ever do that with the dictionary so that's what we ended up doing so thanks for watching guys hope you enjoyed this one I think it was kind of cool to do some scripting for this one because the brute force was simple but easy enough for us to just crank out um with an with a interesting idea just send the same character 32 times over and get all those indexes where it's in the right place and we just compile all those correctness things and we have the flag so all right thanks again guys hope you're enjoying these and uh I'll show off some later challenges in the the next video see you soon

Original Description

If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 47 of 60

1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

Related Reads

📰
CyberChef is Overkill for Quick Text Jobs — Here's What to Use Instead
Discover alternative tools to CyberChef for quick text jobs and learn when to use them
Dev.to · wendygostudio
📰
From Public Key to Admin Access: An RS256-to-HS256 JWT Confusion Attack on crAPI
Learn how to exploit JWT algorithm confusion attacks to gain admin access, and understand the importance of proper API security
Medium · Cybersecurity
📰
Stop Claude Code Push Accidents at the Machine Level: Guarding Against Leaked API Keys and Wrong-Repo Pushes
Prevent Claude code push accidents by implementing machine-level guards against leaked API keys and wrong-repo pushes
Dev.to · Lily
📰
You can't sign a negative
Learn why negative attestations are ineffective and how to issue alternative attestations
Dev.to · Colin Easton
Up next
Is the CCNA Still Worth It in 2026? The Truth Nobody in IT Tells You #ccna #cisco
Sirat in Tech
Watch →