 What's up guys, John Hammond here showcasing more Pico CTF and in the last video I actually kind of forgot to remind us or remind you or even myself to take note of the flag that we got from a challenge Leave for the forest and mark that challenge is complete in our own like directory Backlog of what we've been doing in the capture to flag game So I wanted to do that and I actually thought this would be an awesome opportunity To showcase how we can write our own get flag script and automate not just like we don't want to save a static copy of the flag But we want to like actively retrieve the flag in our own encapsulated process in our own script or program So since we've already written a small script with the shebang line and just the SSH command That allowed us to get into the shell skirt the shell server But we can do stuff while we're connected in that as just a single like One trigger fire execution in that SSH command. So I want to show you how you can do that Let's go ahead and check out that shell script one more time If I cat that out you can notice that it is simply the command to connect to the Pico CTF like shell server But if I tried to run that on its own We log in right but SSH will let us run a command at the very very end of its like actual argument here at the end of the entire Command that we run. So if I wanted to I could run who am I? Just tacked on at the end and it'll explain okay, I've connected to the server I've evaluated and ran the command who am I here's the result I'll give that back to you and I'll drop you back to your original computer You won't you won't maintain the connection. So if I wanted to run like PWD or what what directory? I'm in my in present working directory. It will explain that cool So we can get output of commands and we can take advantage of this Our shell script won't easily do this because we can't run like shell Like who am I because it doesn't know to give that to our SSH command We can tell it to do that by having our shell script support a command line argument Or like we've been using arguments before and all these other commands But we need to tell our shit our script to do that actually as well So let's modify our shell script and then at the very very end we can actually pass in just like a String but with a variable with the variable denoted in bash That will actually have value to it that can change just like you may see that in other programming languages Or if you haven't experienced that at all It's something that has data, but can change it can vary hence a variable so Command line arguments are kind of special because they have like specific syntax to be able to use them every variable in bash starts with a dollar sign but The command line arguments are numbered at zero through nine etc. Or things that you pass to it Zero is actually the name of the script or how you invoke it so dot slash Shell dot sh but dollar sign one is going to refer to the actual first argument We give it so let's leave that here. Let's control. Oh save this and now I can run that same command Dot slash shell dot sh with who am I as an argument and it's passing it along to that SSH command Just like we did originally when we simply ran it with the entire SSH command, but it's just encapsulated in our shell So now if I go into our leaf of the forest Folder we can write a get flag script Nano get flag dot sh again. We have to use our shebang line We can evaluate that Shell command that shell script that will make a connection to the shell server and then it will take the location of this guy we want to find this and We're gonna have to piece this together because we did actually remember to ch mod all of your scripts make sure they're executable Because we need to know that directory or that actual notion here where the flag actually exists Scroll up. Scroll up. Scroll up. I know we found it eventually. Okay. I see it right here and This is the absolute path, but it gives us everything that is the entire path of the flag So we can change in our script Now that we know that that is a solution simply cat That and that essentially will just cat the flag for us right in our own get flag script It's connecting the server all in one go Displaying the flag for us and it acts at its own get flag script. Cool So now if we wanted to we could just redirect that or save that output to another file this arrow We'll redirect it the shift form of the period No output will be displayed in the console, but we can check out flag dot text. It was just created and now we have that I like to do both. I like to create a get flag script Save a local copy of the flag just in case something breaks or the CTF goes down so I know what that flag actually was and We'll have a lot of these get flag scripts either in bash like a shell command that we do or piping things into a netcat connection or running these through SSH and SSH pass etc or get flag in Python So we'll mark this as complete and We are all done But that's a good practice that I really like and I try to encourage is Documenting your solutions if not in a get flag script Just make a small note solution dot text how you did it If you can write a get flag script if you can automate it in some way I do encourage doing that just so you can okay see the steps and like actually execute them So your flag is returned back to you. Cool. Thank you guys so much for watching Hope you enjoyed this. Hope you're enjoying the series. I want to give a special shout-out to the people that support me This list is getting longer and I'm so so grateful for it I say it all the time, but I cannot say it enough So $1 a month on patreon will give you a special shout-out just like this at the very end of the video I'm waiting on number 10 If you're willing to $1 a month will give you that shout-out $5 a month will give you early access to all of my videos that are record Normally I record in bulk, but I let YouTube upload gradually kind of daily So if you want all the content right away, you can do that Please like the video if you did like the video Comment if you're willing to maybe give me a subscription and if you really want to support me check me out on patreon Thanks so much guys later