 Alright, what's up guys welcome back to another YouTube video. My name is John Hammond showcasing the junior CTF capture flag competition It was going on over the last week. So dirty repo. This was another forensics challenge. It was a little bit harder I guess higher up in their difficulty range 500 points still because not many people had been able to solve it or whatever the scoring fluctuates is So as it gruggles and loves his money blah blah blah The Zell fighter for justice I just will one developers project try to find out what the melee factor added Here are all the developers projects. So we get this working directories this download link And it's a zip archive. So oh file download limit exceeded. Okay, we can only do that So this was also another like difficulty that a bunch of people had while they were like playing the CTF So thankfully I still have the archive. Let me get it So I'm gonna create a new folder here. Just call it dirty repo And just pasting the tar object here in our terminal. We can start to work with it You would have downloaded the same thing just with a GZ extension so you can just gun zip it and that's how you would actually be able to extract it and Then you can just tar extract of a tar except V. I guess and then we'll just crank it out So now we have a bunch of other archives. So great. Let's gun zip everything that is a zip archive Okay, so now we have all these Tars and we can tar except all of those and let's not get everything So let's actually just get the comp and extract those. Oh Okay, cool. So now we have everything extracted that works. Well So if you're just going to one of these these are Open VPN I was very confused with and apparently it just looks like the source code for open VPN Like I literally just looked at the read me file for a little bit It's like, okay. Wow, this is usually the source code for open VPN So we have a ton of these right if you check out Comp two It's the exact same stuff and that goes the same for all of the other things. So I'm assuming, okay We now have like 20 or so actual Archives that have different codes in them or the same code although there's one difference in them So it's our job to find out what the difference is So what I did is I actually ran this through with diff and if you take a look at the diff man pages It can actually Find recursive stuff like it can work through an entire directory R-lowercase R. I think it is Find dash R. Yeah. Yeah. Yeah dash R recursive recursively compare any sub directories found So we can just crank that out, right? I use comp one as my initial test So I grip out all the comp ones and let's get rid of the Tars actually Okay, so now while I read line what I can do is I can take the diff of comp one and The what I'm looking at and let's pass in the Rs to recursively look through it and let's go done and Hey, we see one difference Which is in this source code file and in comp one and And in comp five it looks like it looks like there is a new line in there Line 132 or 133 has has has a new comment called flag Grunkle Stan the worst coder. So boom that that's it. There's our flag All we did was we diff a bunch of different directories So sweet, right? What I ended up doing in in in real life was I I need to use like s so I could see like all the information and I took through that and I grept out what not what was not identical and then it tells me oh straight There it is right there. I had used Q for quiet when I did this for real thing because I just found that line on stack overflow And it says okay. These are the ones that differ. So this is the interesting file So I had cat it that out and just grept Lowercase flag and there's a bunch of stuff in there, but I could see just the very top here Hey, here's this comment flag is this but honestly this Without it and use you still get the flag just without those other Arguments to diff to like try and use quiet or stuff like that You just literally just get the one difference and it gives you the solution here So that wasn't too bad, right? It was there's a lot to look through but if you automate it with like some bash and Some some diff then you're done. The work is the work is easy. So you submit this and I mean 500 points cool crank it out So thanks for watching guys. Hope that one was kind of cool It looks like we had 20 different folders that we just like easily loop through them and that's awesome. So Hope you guys are enjoying these I'll record some more of the other later challenges that I it's often Maybe I'll be able to get a few more before the game ends that there's like a day left So, I don't know. I'll see you in a later video