 Hey guys, welcome back to another YouTube video. John Hammond here on the Pico CTF 2017 game, exploring how to get into capture the flag. So, we're moving through the CTF category, Mr. Delanius here. We're just about to finish this all on level one, so we got the last one here, World Chat 30 points. We think someone is trying to transmit a flag over World Chat. Unfortunately, there are so many people talking, we can't really keep track of what's going on. See if you can get the message out of shell 2017 picoctf.com, 611, 6161. Maybe your port number is different, but that's okay. Use Control C to cut the connection if it overwhelms you. So, again, we have a host name in port. This looks like a Netcat connection that's applicable to us. So, let's go ahead and create a new directory called World Chat. Move over there. And let's create a script to connect to this, which simply runs the Netcat command, but just for our own sake, so in case we ever lose track of the host name and port number or whatever the case may be, it's written down. We have it saved, and we can make this script executable just so you're used to that habit as well. Go ahead and run it. And World Chat, version blah, blah, blah. We're connecting to the service here. It says it's setting up a client. Looks like this has kind of funny timing techniques and tactics here. Welcome to World Chat. And whoa, okay. They're right. The challenge prop said there would be a lot of people connecting and stuff going on. So, this is just spamming a lot of text and not really, you know, genuine people connecting to this thing, but it looks like a lot of nonsense, right? So, the flag must be in here somewhere. How can we get it out? Well, we're here to learn, so there's no shame in this. Let's take a look at what that hint says. There are cool command line tools that can help filter out lines with specific keywords in them. Check out grep. You can use the pipe character or the single bar here, the shift form of the backslash on your keyboard. Put all the output into another process or command line or command, sorry, like grep. So, man grep, check out the man page for it. It will print lines that match a pattern. Grep searches the named input files for lines containing a match to the given pattern. If no files are specified, blah, blah, blah. Oh, it will read from standard input or file hyphen. The dash is given. Grep will read from standard input. So, that is where the pipe comes into play, because output from one process will be sent or piped into the input of another process. That's why grep is able to read through that. So, if we were to run our connect script, it pumps out all this output, but all these kind of things here, all these lines that say specific words in them, like if we wanted to read only things that said feed, we could pipe that to grep and search for that keyword feed, and then we won't have it see world chat or setting up read only client. It will say connecting to feed just like that. Now it got that result. It took a little bit of time because this service is trying to take up time. It's sleeping and waiting a little bit to have the effect of connecting to something, but it's not really. Just printing that output on the screen. So, if we wanted to look for flag, we could just grep for flag, and then all of that output that people, all these users were supposedly spamming, all the messages that were coming through, we'll only see ones that have flag in them. So, right now we're getting users that say what is flag, person with flag, blah, blah, blah. But oh, interesting thing, flag person looks like he has a message that says this is part one eighth of flag or two thirds, three eighths, et cetera, and this moves on. Nice. Okay. So, part of, we can actually narrow this down because this is still kind of hard to read. Control C to stop the connection like it says. If you wanted to grep for, get these results, but obviously they're still on standard output. So, we get pipe again, grep into finding a word or finding a phrase like this is part and then we'll only get the results that where flag person is trying to say, this is part one eighth of flag or two eighths flag, et cetera, et cetera. And this will eventually get all the results as they come through that world chat connection. Hopefully they'll start to come through the wire soon because again, grep will only display the lines that match those. My spaces may not have worked. So that's all right. Let's just use part, use the word part. All right. So they are starting to come through the wire here. I think it's buffering a little bit and maybe that's why these aren't coming through just as cleanly. But we can do our own like intelligent things here, right? We can know, okay, this is part whatever you could just change your original pattern to search for is this is part and then you won't have to do two greps here. So we've got all of these. Let's take note of them in nano. But before I do that, I want to see if we can just say this is part and then if they'll come in any faster than that. Okay, I got one result, two results, it looks like they're coming a little bit cleaner than how it was before. That works just fine for us. But whatever, we got the data that we needed. So let's put this in, put this in flag dot text and we can work with it if we really want to. It kind of sucks to go through all this. So let's actually just put this in here. And then let's do some command line magic to explore more of that piping potential for us. What we can actually do is cat out flag dot text. And we can try and pipe that into another command called cut. And if you check out here, cut will remove sections from each line of either a file or a standard input, like it says with no file supplied, or if you're supplying the dash, it'll read from standard input. So you can specify a delimiter or a field that you really want from this. And this case, what we want, the data that we need is the very, very end of each of the line. Maybe this is kind of a specific case, but maybe we won't always have the same number of words or spaces or things we can use to delimit out of this. So let's do something interesting where we can actually reverse the each line, reverse lines character wise. Okay, so if I actually had flag dot text, pipe that into reverse. Now it looks like it's all reversed here. Interesting. That means we can cut with the delimiter of a space character and get the first field, attack f1 to get the first field. Now we have just that part, but we've got to reverse it back to its original form. Rev, right? Okay, brought it back to no longer being backwards, but just the original form. Now we have all those new line characters. So, okay, let's tr to transform. Check out that one. Translate or delete characters. tr, tack d will delete them. So it doesn't translate, we'll just change things. But tr, if we want to delete, we can remove things like new line characters. We have special characters that are interpreted or escaped. Normally, you've seen an escaped new line character as a backslash n. So we can delete all those new line characters by pipe that into a new command, keep building, keep like bringing the standard output of one program to the standard input of another program, tr, tack d to delete new line characters. And now we have a flag. Let's redirect that to actually, if you redirect the output of one file to the same file, it may overwrite it. And I've, I want you to be very careful of that. So if I try and cat flag dot text now, see, now there's nothing in it because it, it wasn't able to handle that. Since I tried to read it from cat flag dot text, flag dot text is the file I wanted, tried to read it right back into flag dot text. Sorry, that was a, that was a bad tongue twister there. That didn't work for us, right? So be very careful of that. Use a separate file or like new flag dot text or whatever. Let's paste it in. And we can use that solution if we wanted to take note of it. But I don't think we can really write a feasible get flag script with that just easily. Other than waiting until we had eight out of eight parts, but then it wouldn't know to stop the receiving them afterwards. So let's move world chat to complete. Since we have the flag save, that's all right with me. Let's go ahead and submit it. And we're done. Cool, we're up 30 points. Well, I hope you guys learned a lot in that video. I think that piping is one of the most powerful things that we can do in the Linux command line. I think it's awesome that we've got the Linux command line up and running because that's going to give us so much more power to do these capsule flag scenes and finding these commands to do interesting tricks like that to reverse lines or cut them up, grep and sort through them, transform, delete characters, etc. That is what's going to make you the console cowboy and actually be able to carve through a lot of data. So thank you guys for watching. Really hope you enjoyed this. I want to give a shout out to my supporters here, everyone that thank you for giving me some love on Patreon. $1 a month will give you this extra shout out at the end of every video. $5 a more month will give you early access to my content. If you're willing to like this video, if you did like it, maybe leave me a comment, perhaps subscribe. And if you really want to support me, check me out on Patreon. Thanks again.