circusmonkey404's Security Site

PicoCTF2018  Cryptography  blaise's cipher Objective: My buddy Blaise told me he learned about this cool cipher invented by a guy also named Blaise! Can you figure out what it says? Connect with nc 2018shell.picoctf.com 46966. Solution: So a google search of blaise cipher brought up links to a Vigenere cipher created by Blaise Vigenere. It looks like this is more advanced Cesar cipher with a variable rotation based on a key word This site is a decoder for these ciphers https://www.dcode.fr/vigenere-cipher here is the output of connecting via nc Encrypted message: Yse lncsz bplr-izcarpnzjo dkxnroueius zf g uzlefwpnfmeznn cousex bls ltcmaqltki my Rjzn Hfetoxea Gqmexyt axtfnj 1467 fyd axpd g rptgq nivmpr jndc zt dwoynh hjewkjy cousex fwpnfmezx. Llhjcto'x dyyypm uswy ybttimpd gqahggpty fqtkw debjcar bzrjx, lnj xhizhsey bprk nydohltki my cwttosr tnj wezypr uk ehk hzrxjdpusoitl llvmlbky tn zmp cousexypxz. Qltkw, tn 1508, Ptsatsps Zwttnjxiax, tn nnd wuwv Puqtgxfahof

PicoCTF2018 Miscellaneous You can't see me Objective : '...reading transmission... Y.O.U. .C.A.N.'.T. .S.E.E. .M.E.  ...transmission ended...' Maybe something lies in /problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f. Solution : Let's LS the folder and see whats in there ls by itself it shows no files in the directory @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ ls @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ ok now lets do -la which returns long format with while not ignoring . files @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ ls -la total 60 drwxr-xr-x   2 root       root        4096 Mar 25 19:57 . -rw-rw-r--   1 hacksports hacksports    57 Mar 25 19:57 . drwxr-x--x 556 root       root       53248 Mar 25 19:58 .. lets try to cat it now @pico-2018-shell:/problems/you-can-t-see-me_1_a7045a1e39ce834c26556a81c2b3a74f$ cat

PicoCTF2018 Crypto Caesar cipher Objective: This is one of the older ciphers in the books, can you decrypt the message [1] ? You can find the ciphertext in /problems/caesar-cipher-1_0_931ac10f43e4d2ee03d76f6914a07507 on the shell server. Solution: Just a simple ceasar cipher shift I used this site to decrypt https://www.dcode.fr/caesar-cipher It is just a 15 shift justagoodoldcaesarcipherobyujeez picoCTF{JUSTAGOODOLDCAESARCIPHEROBYUJEEZ} ** this one took longer than it should have.... It  took me a while to realize the key needed to be lower case**

picoCTF Crypto Hertz Objective: Here's another simple cipher for you where we made a bunch of substitutions. Can you decrypt it? Connect with nc 2018shell.picoctf.com 48186. Solution: ------------------------------------------------------------------------------- ilahpgwe bqpq ue clkp mjgh - eksewuwkwula_iudbqpe_gpq_eljrgsjq_rvgeipxugy ------------------------------------------------------------------------------- igjj yq uebygqj. elyq cqgpe ghl-aqrqp yuav blx jlah dpqiueqjc-bgruah juwwjq lp al ylaqc ua yc dkpeq, gav alwbuah dgpwuikjgp wl uawqpqew yq la eblpq, u wblkhbw u xlkjv eguj gslkw g juwwjq gav eqq wbq xgwqpc dgpw lm wbq xlpjv. uw ue g xgc u bgrq lm vpuruah lmm wbq edjqqa gav pqhkjgwuah wbq iupikjgwula. xbqaqrqp u muav yceqjm hplxuah hpuy gslkw wbq ylkwb; xbqaqrqp uw ue g vgyd, vpunnjc alrqysqp ua yc elkj; xbqaqrqp u muav yceqjm uarljkawgpujc dgkeuah sqmlpq ilmmua xgpqblkeqe, gav spuahuah kd wbq pqgp lm qrqpc mkaqpgj u yqqw; gav qedqiugjjc xbqaqrqp y

PicoCTF2018 - Crypto- Crypto Warmup 2 Objective: Cryptography doesn't have to be complicated, have you ever heard of something called rot13? cvpbPGS{guvf_vf_pelcgb!} Solution: let's solve this in bash I'm just going to use tr translate to a ROT13 echo "cvpbPGS{guvf_vf_pelcgb}" | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' 1st shot @pico-2018-shell:~$ echo "cvpbPGS{guvf_vf_pelcgb!}" | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' -bash: !}: event not found OK it doesn't like to translate "!" because its not alpha we are trying. let's try it again without the ! (I'll just add it back in after the translation) @pico-2018-shell:~$ echo "cvpbPGS{guvf_vf_pelcgb}" | tr '[A-Za-z]' '[N-ZA-Mn-za-m]' picoCTF{this_is_crypto} let's not forget to add the ! back in picoCTF{this_is_crypto!} ** just a bit of explanation on the tr command what were doing here is remapping the al

PicoCTF2018 - Crypto- Crypto Warmup Objective: Crpyto can often be done by hand, here's a message you got from a friend, llkjmlmpadkkc with the key of thisisalilkey. Can you use this table [1]  to solve it?. Table:     A B C D E F G H I J K L M N O P Q R S T U V W X Y Z    +---------------------------------------------------- A | A B C D E F G H I J K L M N O P Q R S T U V W X Y Z B | B C D E F G H I J K L M N O P Q R S T U V W X Y Z A C | C D E F G H I J K L M N O P Q R S T U V W X Y Z A B D | D E F G H I J K L M N O P Q R S T U V W X Y Z A B C E | E F G H I J K L M N O P Q R S T U V W X Y Z A B C D F | F G H I J K L M N O P Q R S T U V W X Y Z A B C D E G | G H I J K L M N O P Q R S T U V W X Y Z A B C D E F H | H I J K L M N O P Q R S T U V W X Y Z A B C D E F G I | I J K L M N O P Q R S T U V W X Y Z A B C D E F G H J | J K L M N O P Q R S T U V W X Y Z A B C D E F G H I K | K L M N O P Q R S T U V W X Y Z A B C D E F G H I J L | L M N O P Q R S T U V W X Y

PicoCTF2018 - Miscellaneous - What Base is this? Objective: To be successful on your mission, you must be able read data represented in different ways, such as hexadecimal or binary. Can you get the flag from this program to prove you are ready? Connect with nc 2018shell.picoctf.com 15853. Soution: So I just used some websites to convert the data for me for Binary I used  https://www.rapidtables.com/convert/number/binary-to-ascii.html for Hex I used https://www.rapidtables.com/convert/number/hex-to-ascii.html for Octal I used http://www.unit-conversion.info/texttools/octal/ @pico-2018-shell:~$ nc 2018shell.picoctf.com 15853 We are going to start at the very beginning and make sure you understand how data is stored. toxic Please give me the 01110100 01101111 01111000 01101001 01100011 as a word. To make things interesting, you have 30 seconds. Input: toxic Please give me the 6c616d70706f7374 as a word. Input: lamppost Please give me the  164 141 142 154 145 as

PicoCTF2018 - Miscellaneous - ssh-keyz Objective: As nice as it is to use our webshell, sometimes its helpful to connect directly to our machine. To do so, please add your own public key to ~/.ssh/authorized_keys, using the webshell. The flag is in the ssh banner which will be displayed when you login remotely with ssh to  with your username. Solution: ok so I used puttykeygen to generate a pub and private key connected to webshell under my home directory I created a folder name ./ssh/authroized_keys mkdir ./ssh/authorized_keys I created a new file using vim vim pub.key inserted my public key in the file and saved it I then copied the pub key to the directory I created earlier ./ssh/authorized_keys using putty I connected up to picoctf2018 using ssh login as: ************ Pre-authentication banner message from server: | picoCTF{who_n33ds_p4ssw0rds_38dj21} End of banner message from server Keyboard-interactive authentication prompts from server: | Enter your p

PicoCTF2018 - Miscellaneous - environ Objective: Sometimes you have to configure environment variables before executing a program. Can you find the flag we've hidden in an environment variable on the shell server? Solution: So let's just print out the enviroment variables and see what we see oh, the flag is literally the first output @pico-2018-shell:/problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742/files$ printenv                          SECRET_FLAG=picoCTF{eNv1r0nM3nT_v4r14Bl3_fL4g_3758492} FLAG=Finding the flag wont be that easy...

PicoCTF2018 - Miscellaneous - grep2 Objective: This one is a little bit harder. Can you find the flag in /problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742/files on the shell server? Remember, grep is your friend. Solution: @pico-2018-shell:~$ cd /problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742 @pico-2018-shell:/problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742$ ls -l                                  total 4 drwxr-xr-x 12 root root 4096 Mar 25 19:18 files cool so there is a folder name files lets see what's inside cd files @pico-2018-shell:/problems/grep-2_0_783d3e2c8ea2ebd3799ca6a5d28fc742/files$ ls -l total 40 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files0 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files1 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files2 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files3 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files4 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files5 drwxr-xr-x 2 root root 4096 Mar 25 19:18 files6 drwxr-xr-x 2 r

PicoCTF2018 - Miscellaneous - Pipe Objective: During your adventure, you will likely encounter a situation where you need to process data that you receive over the network rather than through a file. Can you find a way to save the output from this program and search for the flag? Connect with 2018shell.picoctf.com 44310 Solution: Let's get on the shell let's try just netcat to the port listed wow it is just sending a bunch of text lines that say stuff like this is not a flag                                                                                                        This is not a flag                                                                                                        Unfortunately this is also not a flag                                                                                    I'm sorry you're going to have to look at another line                                                                    I&

PicoCTF2018 - Miscellaneous - Strings Objectives Can you find the flag in this file [1]  without actually running it? You can also find the file in /problems/strings_1_c7bac958dd6a4b695dc72446d8014f59 on the shell server. Solutions Connect up to the shell and cd to the appropriate folder @pico-2018-shell:/$ cd /problems/strings_1_c7bac958dd6a4b695dc72446d8014f59                                  @pico-2018-shell:/problems/strings_1_c7bac958dd6a4b695dc72446d8014f59$ ls                                    strings Let's run strings and see what it does @pico-2018-shell:/problems/strings_1_c7bac958dd6a4b695dc72446d8014f59$ ./strings                                Have you ever used the 'strings' function? Check out the man pages! Okay let's check out the man like the hint says man Strings STRINGS(1)                                       GNU Development Tools                                       STRINGS(1)