On the left side, in the "Main Functions" section, click the Wand icon labelled "Use the wizard...", as shown below.
In the "TASK SELECTION" screen, on the left side, click Cryptanalysis. Then click Next.
In the "AGE SELECTION" screen, click "Modern Encryption" and click Next.
In the "TYPE SELECTION" screen, click "Symmetric Encryption" and click Next.
In the "ALGORITHM SELECTION" screen, select AES, and click Next.
In the next screen, accept the default selection of "Ciphertext-Only" and click Next.
In the "AES - CIPHERTEXT-ONLY ANALYSIS" screen, some example ciphertext appears, as shown below.
Notice the "Keypattern"--most of the key is known. Only the portion shown as "*" is unknown. This is the weakness that makes the attack possible. There are six asterisks, and each is a hexadecimal character, so there are only 16^6 = 16.8 million possible keys.
Notice that there is no setting for Language. This attack will use simple entropy--encrypted text is more chaotic than text in a language.
Also note the "Chaining Mode" option. The simplest is ECB--the others are more secure. For now, accept the default of ECB.
Click Next. The progress screen is very small and difficult to see, but I was able to expand it as shown below, and it is obvious how it works. It's testing about 500,000 keys per second, and the attack requires about 33 seconds, so it's testing all 16.8 million possible keys. It chooses the result with the lowest entropy, which is shown in the "Value" column. The correct cleartext has entropy 4.2, and all the others have entropy of 5.2 or larger.
It works, finding the cleartext, which is in German, as shown below.
The flag is the author of that quote.
The flag is the first four words of the decrypted text.
HintDon't assume it's in ECB mode.
Note added Sep 28, 2020: The latest version of CrypTool, 8853.1, is broken and cannot solve this. Use CrypTool 2.0 (Stable Build 6222.1).zip instead.