 Hello everyone, my name is John Hammond. I want to showcase this simple challenge from Anxtrum CTF 2020. It's called Clam Clam Clam. It's in the miscellaneous category, and it is worth 70 points and only has 350 solves. That's a decent amount, but not as money as some of the others. So I figured, Hey, let's go ahead and showcase this challenge. The description is not very helpful. It says clam clam clam clam, etc. Same thing at the very, very end, but it also includes this net cat syntax. So we can go ahead and connect to this host and his port number in Iraq with the service. The CTF was pretty nice about giving hints. There was no actual like drawback. It wouldn't take away points for yourself or your team, whatever the case may be. So I always recommend, Hey, take a look at the hints. I don't think you should be bashful. You're trying to learn here. That's what the whole point of the CTF is. This is actually the unit code character for a I think carriage return, which is peculiar. Anyway, let's go ahead and take a look at the challenge. I am in my ACTF directory that I created for this and I want to go ahead and create a specific folder or directory for this challenge. So let's go ahead and do that with make their command change directory in there. I think it's a good idea. I always think it's best practice to make a little connect script just so you have kind of documented the host and port number because if the CTF goes down, you can't access the challenge anymore, blah, blah, blah. I think that's worthwhile to do. If you go ahead and connect to this. I've seen it take a little bit of time. I've also seen it do this, maybe connect right away. But what it does, it just kind of spams clam and milk and clam and seemingly a flag format, but there's nothing really happening. It's just kind of craziness. I've seen it fly by really, really fast in my terminal. But if you scroll through this, if you were to try and like, hey, take that and like rep for the flag format like Reptac, I ACTF, nothing's going to come through. I thought, what do I do with this? But then I remember to hate that hints and the carriage return maybe trying to hide some things. So I thought, well, the best way to capture all the data that comes through in this net cat connection is to go ahead and save it to a file. So I redirect that output to like data log dot text. And I'd let that run for just a couple seconds. I just want to see, hey, what is it going to get? What data is going to come through and is going to be captured and save in that file? I could use T. I'm not sure if T would display it in also in the file. If you use that syntax, you need to pipe it to T. Let's just do a little experiment. Let's find out will it display it both on the screen and throw it in the file. Maybe we'll get that data in there just as well, because we don't seem to see it in the terminal if I keep scrolling up whatever the hints and other data that they might be hiding is in the in the service. So anyway, let's now that we've created those files, we can see we have them in here. Okay, experiment does have some data. So does data log. Let's check out data log dot text. And if you scroll through this, interestingly enough, you might find some odd messages here, some that might stick out and aren't what you had seen originally in the clam etc. or milk. Every now and again, you'll see this type clam clam for salvation. Let me take a look at that experiment file just so I want to see if T was able to get that as well. Yeah, it was okay, fantastic. So now we know, okay, we got a lead for the challenge. If it literally means type clam clam while we're connected to it, let's go and do that. clam clam. I'm just typing it. There are the words. And oh, out pops the flag, right? That was that challenge. That was literally it. It was the smallest thing is to enter the words clam clam into all of that mass output. And you'll go ahead and get the flag. So if you wanted to, we could just simply hey, let me grab the netcat syntax so I can pipe things into it. So I'll echo clam clam, and pipe that into that netcat connection. And then we'll just go ahead and spit out that flag for us. We can go ahead and greptack. Oh, a CTF, I'm gonna use the oh, so I'll get only that I'm searching for in the capital E for extended regular expressions. So I can say I want a CTF and the color braces and anything that's inside of that. So there we go. We have that. I'm going to use color none. So I have just that output. And let's go ahead and say save flag, which will go ahead and create a simple get flag dot sh script for us. You can see that has that command that I just written in my recent prompt. If you don't know what that command is or what I'm doing with that, I actually had created those simple scripts to help me through capture the flags. Oh, sorry, save flag. In my Pico CTF 2019 series where I would simply take the most recent command that I would pull out of my bash history, and then create a simple little bash script that encapsulates that. So I save my solution and have a small tangential write up at least a little bit of documentation. So now we have that we have the flag. And we have our get flag script. So I can run finish, which will also mark that directory and mark that challenge as complete for us. And there we go. That was literally the clam clam clam challenge. That is what would get you 70 points. Just kind of hey, throw that in a file, catch all the data that's throwing at you. And then you can go ahead and submit that get those 70 points. Know what to do with that. Weird interesting challenge. But hey, Mr. Linus, hope it was kind of cool, kind of neat, maybe something you hadn't seen before. Thank you guys so much for watching. If you did like this video, please do hit that like button. If you didn't like the video, what do I even say? I'm speechless. I'm so bad at these address. Press the subscribe button and the comment button and then type in your keyboard and hit enter a few times. Thanks for watching everybody. Love to see you on Patreon. Love to see you on PayPal. Love to see you on Discord. Love to see you on Twitter, LinkedIn, Facebook, et cetera, et cetera. Thank you. I'll see you in the next video.