 What's up YouTube? My name is John Hammond. Welcome back to another video right up for the Pico CTF 2018 capture the flag competition. So this challenge is called log on for 150 points in the web exploitation category Challenge prompt says I made a website. So now you can log on to I don't seem to have the admin password See if you can't get to the flag and we have a link We can go ahead and connect to it looks like we have a login page It wouldn't have any we don't have any functionality or accessibility to actually like a register an account But we can like try things and it said admin password and just kind of as it says I'm sorry the admin password is super secure. You're not getting in that way So you could literally just try like anything anything and get in so let's just go with the the classic and We should be logged in perfect. It says success you logged in not sure you'll be able to see the flag though No flag for you. Okay, so that's fine. Supposedly we logged in. Let's check that out The way we can probably do that is by examining HTTP cookies or the pieces of information and data that you're the Web server will store on your computer like through your browser to kind of authenticate you or keep your session intact by some cookies So I'm in Google Chrome and just using this web browser plugin called edit this cookie If you wanted to just go ahead install that you can you know Just Google edit this cookie and add it to Chrome in the Chrome web store or whatever Or you can use cookie manager plus if you're on Firefox It's that were whatever the case may be so let's check this out. I'm gonna open up edit this cookie I have a username cookie based off what I answered my the password that I answered and an admin cookie Which is set to capital F false So maybe this is some kind of boolean test as to whether or not this account is an admin or not So just off of a hunch. Let's try and change it to true Go ahead and save this and I'm gonna hit f5 to refresh and now we get the flag just like that so Silly cheesy boring, whatever. Let's jot that down as the flag nano flag dot text piece it in there and If you wanted to we could go ahead and I suppose make it get flag script with this I'm just going to refresh this page and then we'll go ahead and see. Oh, no, it doesn't give me the I Want to see if I can actually get the request that the web browser makes and just steal it as the curl command If I were to retrieve this cookie with admin being true If I if I set this request now try and refresh the page it doesn't happen weirdness Okay, I tried it again, and I think I had a little bit more success here now. It does give the flag So let's go ahead and copy this as curl And I think I just had an extra new line in the cookie editor that I was using So if I paste this in the browser now It should give me the entire response and I can just go ahead and just crap out greptack. Oh e Pico CTF with our curly braces as usual as we're expecting Set that color to none And make that girl silent. So just like that We should have a get flag script kind of a quick and easy way just grabbing off the dev tools If you didn't see how I open that f12. I think in chrome. I know for sure we'll do it I don't know about firefox, but I'll open up the development tools and you can just go to the network tab and it'll monitor all the Request that you make and as you're talking to a web server. So let's just throw that in a get flag script get flag.sh get a chevangeline going and Money cool. Let's mark that as complete Whoa, I can't type. It's cool Still can't type Not actually cool All right, get me back to the game. Whoa, not that far Let's go ahead and submit that and get 150 points Cool, my internet connection is still super duper slow next challenge is called reading between the eyes 150 points It says stegosaurus hit a message for you in this image. Can you retrieve it? So this is interestingly enough a forensics category challenge But the text here and the challenge prompt were like references to iconography. So we have the image I went ahead and downloaded it already because My internet is awful where I am at the moment. So let's just see what this image is It's husky.png and we have a picture of a husky cute little puppy dog little doge I would love to get a husky as a dog But I think me and my girlfriend are to get like the actual doge, you know, the shiba Inu. That'd be awesome couple years out So we could do forensic stuff on this right we can run foremost on this if you really wanted to go down the rabbit hole and Think that it was a forensics challenge. However, it is not just getting a png out of it is that png file itself You could run bin walk on it if you wanted to you could Dig through it. However, you particularly wanted to uh, you could run steg solve on it That would be kind of something that I would recommend. I'm gonna go ahead and copy it here. Just java tech jar if you don't have steg solve Totally go get it. It's on the internet. It's on github Just google steg solve Open up the husky image. It's a big picture. So we're just seeing more and more of the puppy dog But there is nothing in here alpha plane is not in there. So that's wrong The tool that I ended up using with uh, or going with and using uh, was z-steg And I thought this was peculiar because you can check out the the hint here It says maybe you can find an online decoder and I'm sure there is One online tool to do this. It's probably pretty obscure or something. Um, but I just did it with z-steg So if you don't have z-steg you can install it. I think it requires ruby and gem Yeah, there's a github repository and you can Explore a little bit, but I use it all the time because it it determines like Lsp your least significant bit stuff very very quickly and in an awesome way So let's run z-steg on husky.png and it cranks it out. It immediately finds. Hey, here's pico ctf Here's your flag nido. Let's go ahead and just steal that. I'm gonna get the first two lines Let's I didn't even need to do that. I could just rep for pico like an idiot And let's get The field that we want for our flag neat Easy get flag script, right? I do like to write simple get flag scripts no matter how Stupid or trivial or worthless they seem. I think it still documents the solution or documents The work that we did and kind of just the understanding of the challenge that uh, I don't know Just Memorialize our work, you know How can I say I don't know and then I say, you know like as if As if I've actually made a point. It's weird. I should stop. All right, cool got that challenge done Hope that was pretty interesting. Hope that was kind of fun. Hope that was kind of cool Hope you're enjoying these videos. Uh, I certainly am we can mark this challenge as complete and just keep rocking for more on pico ctf 2018 Hey, just wanted to do a quick shout out and special love time Oh, that sounds kind of weird Let's just go with shout out special shout out to the people that support me on patreon. Thank you guys so much Uh, one dollar a month on patreon will give you a special shout out just like this at the end of every video I know it's not a lot But hopefully it's just a little warm fuzzy feelings for your heart and for your soul helping out a dude Just trying to put food in the table. I'm grateful. Thank you $5 a month on patreon will give you early access to all the videos that are released on youtube before they go live Because I like to try and record a lot of content and kind of backlog it so it's ready But uh, I you know that just kind of varies on my life schedule So maybe it's not always the best thing, but I am grateful for it And hopefully it'll come in handy for you eventually if I create a lot a lot of content And I have youtube gradually release it later on if you did like this video Please do like comment and subscribe helps the channel grow youtube algorithm magic voodoo stuff Please do join our discord server link in the description cool community full of ctf players programmers and hackers You can hang out with me and other awesome people super duper smart dudes that are certainly smarter than me And other things All right, thanks for watching guys. Hope to see in the next video. Hope to see you on patreon. Love you. Bye I tried it. I tried to just like smash the stop record button