 Hello and welcome again. We are working on Google 2018 capture the flags the CTF and Again, I came across this because I subscribed to both live overflow and John Hammond and be sure to check out their channels And as you can see we're gonna be going over this Mora or however you say that CTF and and I did watch John Hammond's video before Getting to this Project, so I actually learned something and which is the biggest thing for this project from him, which is awesome and it's helpful It's just helpful in general, you know, that's one of the great things about using doing these capture flags It's not just doing them, but what you learn from doing them So although I already knew what he did I am going to do a video on it I'm sure check out his video and I also wrote a script that fully automates it Because I thought that was a great idea That's what John here was doing. He's writing scripts to automate stuff and I go about things a little different with my scripts But you can go to my github or sorry switch to get lab get lab comm Ford slash middle X one thousand Ford slash capital CTF download that project all the scripts are there Let's go ahead and move into I'm in the folder for this capture flag And again all these there's a zip file you download you unzip it There's something in it will not all but anyone that has an attachment you download the zip file And actually this one doesn't have a zip file not what I'm saying that If I just run the script in here because right now the there's only one file in this folder And if I run that it's going to give me the flag boom right there So let's look at what I did in this script Very very short very very simple Big thing here is we're using netcat although you could probably use telnet as well And we're connecting to this server at this port now. That's what they tell us to do right here, you know So let's go ahead and do that. I have the W1 there to time it out Otherwise the script just kind of hangs until you get disconnected this will automatically disconnect you after one second It takes less time For us to grab the information that so I'm gonna go ahead and do that I'm gonna remove the one second disconnect. So we're using netcat Which you can install with apt aptitude apt to get install and see or netcat And or if you have busybox built-in It's probably a stream a stripped-down version is in there or again any telnet type program or socket program Should work anyway go here and what does is it gives you the man page For a program called Excuse me, so cat which is actually for connecting computers and serial ports and stuff like that And actually I'm glad I came across this because I've seen that before but I never really paid attention to it And it actually seems like something I might be interested in learning more about So what do you do from here? I mean you hit H, you know, and it brings up help here for the man pages And I can hit Q to get out of that and That's about it if I if I try to exit out of this I Just get disconnected so I can't get to a shell on this machine that way again if you hit H for help I actually haven't looked through this But I'm just Searching patterns. I'm betting what we need to do is actually probably in the help file here I don't know but what I learned from John Is when you're in a man page like this you can hit exclamation mark and you can run shell commands So you can see I just hit exclamation mark LS and it just listed out the root directory of the server were connected to Which is awesome So there now we can start looking through The command so let me actually manually go through this a little bit actually right now can't really remember Where the flag is so that'd be a good chance for me to play around here Any files there again? We're looking for flags so we check there next we'll probably want to check the Next thing I probably do in real life is exclamation mark SH see if I can get a shell But it's not gonna let me do that or bash. Yeah, no, so it's not gonna let us do that Actually, there's a few of these capture flags where I tried to get a shell like that and it never works But on a they might be restricting that in real life. You might be able to do something like that But let's go and we will list the home directory. We can see there's a home user called More If that's how you say that so let's go ahead and list out thing is you can't tab complete in this So you just have to go step by step list that out and right there you can see in their home directory There's one file. It's a Disable the DMZ up if you get this connected after a little while, but let's go ahead and cat out that shell script and No, dude. Okay. Whoops exclamation mark Cat home Or and our script here and right there, you know a little bit of information and there is our flag so Let's go ahead and Hit Q to get out of that We have our flag. Let's go back into my script here So all my script is doing is saying to echo exclamation mark cat and This and we're piping that internet cat at that port And we'll disconnect after one second, but we're piping any text that outputs into Ock again We're searching for CTF or printing the second column in this case And then I'm grepping for Ock because I think it gave me more than one line that says CTF So I was grepping for it a second time after I split the column off So There you go. Again, I can Run that and it gives me that code Pretty straightforward the lag there that one second is it actually doesn't output the text until we're Disconnected from the server. So that's why I have that wait one second and disconnect I could probably make that a shorter number if net cat takes less than one second, but Why at this point, you know? so again Films by chris.com. That's Chris the cage link in the description there. You can search through all my videos You can learn more about me See where my software is You can also support me Patreon.com for such millix 1000 also in the description of this video or if you can't do patreon I have PayPal link here. You can do one-time payments recurrent payments. Contact me through our IRC or if you're patreon You can contact me through patreon And again shoutouts to live overflow John Hammond Because again, I don't know if I would have figured this one out on my own because I didn't know about the exclamation mark in the man program there and That was the key to this one really after that just snooping around and That's it. I do. Thank you for watching. Please again visit films like Chris calm That's Chris the K link in the description search for my videos there like share subscribe comment below if you like these videos Again, I'm a little late to the game on getting these done, but I hope I'm going into more detail and and explaining things and I hope that you have a great day