Contact CTF writeups Notes

[PicoCTF 2018] - crypto - Cryptography : small tasks

This is one of my writeups for PicoCTF 2018

Here are the solutions for the first tasks in the Cryptography category that are to short to warrant individual blog posts.

Crypto Warmup 1

Problem

Crpyto can often be done by hand, here's a message you got from a friend, llkjmlmpadkkc with the key of thisisalilkey. Can you use this table to solve it?.

Hints :

  1. Submit your answer in our competition's flag format. For example, if you answer was 'hello', you would submit 'picoCTF{HELLO}' as the flag.
  2. Please use all caps for the message.

Solution

The table provided is that of the Vigenere cipher. We can work it out by hand, using the method described in that wikipedia page :

Decryption is performed by going to the row in the table corresponding to the key, finding the position of the ciphertext letter in that row and then using the column's label as the plaintext.

It is also possible to use an online tool.

Once decrypted, we get the message secretmessage. Following the instructions in the task description, we get the flag : picoCTF{SECRETMESSAGE}

Crypto Warmup 2

Problem

Cryptography doesn't have to be complicated, have you ever heard of something called rot13? cvpbPGS{guvf_vf_pelcgb!}

Hint :

  1. This can be solved online if you don't want to do it by hand!

Solution

Here's a fun fact : if you learned some Python, you're probably familiar with the import this easter egg (if you're not, just start a Python shell and try it). But have you ever looked at the source of the this module ?

It's rot13-encrypted. And rot13 is just the caesar cipher with a "key" of 13.

Here's another fun fact : Python has rot13 decoder. So let's use it :

import codecs
print(codecs.decode('cvpbPGS{guvf_vf_pelcgb!}', 'rot13'))

That's Python 3. In Python 2 :

print('cvpbPGS{guvf_vf_pelcgb!}'.decode('rot13'))

that prints the flag = picoCTF{this_is_crypto!}

HEEEEEEERE'S Johnny !

Problem

Okay, so we found some important looking files on a linux computer. Maybe they can be used to get a password to the process. Connect with nc 2018shell3.picoctf.com 5221.

Hint :

  1. If at first you don't succeed, try, try again. And again. And again.
  2. If you're not careful these kind of problems can really "rockyou".

Solution

We have a hashed password in shadow, and we need to crack it. John the Ripper is the classic bruteforcing tool we need. The hint points to the classic "rockyou" wordlist, so we're going to need that too.

On mac, you can install John the Ripper with homebrew :

brew install john-jumbo

(the "jumbo" version is a patched one with more features).

As for the rockyou wordlist, it's part of the SecLists repo and if you don't have it cloned somewhere already, now's a good time.

We can then start bruteforcing by running :

john --wordlist=/path/to/seclists/Passwords/rockyou.txt

We quickly get the password : thematrix. Using it to authenticate with the service, we get the flag : picoCTF{J0hn_1$_R1pp3d_289677b5}.

Caesar Cipher 1

Problem

This is one of the older ciphers in the books, can you decrypt the message ? You can find the ciphertext in /problems/caesar-cipher-1_3_160978e2a142244574bd048623dba1ed on the shell server.

Hint :

  1. caesar cipher tutorial

Solution

The Caesar cipher is extremely simple : we rotate by n letter in the alphabet, where "n" is the key (for example, if the message is "a" and the key is 2, the ciphertext will be "c"). Since there are 26 letters in the alphabet, there are only 25 possible keys, which is trivial to bruteforce. Here's a script that does it :

from collections import deque
from string import ascii_lowercase
from sys import argv


def brutus(message):
    for i in range(1, 26):
        c = ''
        k = deque(ascii_lowercase)
        k.rotate(i)
        k = list(k)
        for l in message:
            c += k[ascii_lowercase.find(l)]
        print(c)


if __name__ == '__main__':
    try:
        message = argv[1]
    except IndexError:
        exit(f'Usage : {argv[0]} [MESSAGE]')
    brutus(message)

Passing it our ciphertext, we get the flag : picoCTF{justagoodoldcaesarcipherfwacbovv}