 Hey, what's up everybody? Welcome back in the YouTube video. My name is John Hammond, and I'm back looking at the Python challenge I think we left off on level 20 now So if we just kind of jump into it the link was PC Hex Idiot 2.html and the password that we've got so far our username is butter and password is fly for butterfly Okay, so this is level 20 Private property beyond this fence Okay, but inspecting it is carefully allowed. Nothing else on this page. Nothing else I can select Checking out the source. I hit control you there. Just view it in the web browser title is go away Probably nothing in the CSS style sheet. No as usual Font color nothing there unreal.jpg, but inspecting it is carefully allowed. So all we've got is this picture. There's nothing else here All right, well, let's play with this picture, I guess Maybe there's something special in that I'm gonna put this in the pie challenge folder that I have Let's make a directory for it and let's move everything that's not That everything we did for level 19 into 19 And Let's get 20 back out of there So now we can get into 20 cool Let's just take this image and W get it. So it's downloaded here. Oh, we need to specify Authentication is there we do that with W get oh off This is a rabbit hole. Let's just View the image and save it Sorry about that guys All right, we put this in pie challenge level 20 unreal.jpg All right, so now we've got it, but I'm not before I jump into like real Python stuff I want to just do some basic analysis on it. I ran strings pipe it into less Nothing peculiar here Exif tool No comments nothing interesting Nothing nothing hidden in it and hex edit leave hex edit. Is it just like Q? All right control I can work to whatever Nothing in there but itself Pretty boring Man, I feel like you got nothing here. What else can I do? Z-Stag oh, it's a jpeg image so I can't work with that What about stag solve? Maybe it's a classic steganography thing. What is that at the top? I'd like the zero and one pans It's not like it's trying to Put any flag or anything's any secret or password in there Okay, I don't know because that doesn't look like it doesn't look like text or anything It doesn't look it's trying to like binary or any other encoding. It just looks like nothing cheese What else do we got? Whoops Sorry, I hit the Control shift K. I hit the network tab on accident or the developer console. Oh the network tab That if these are the developer tools like the stuff that you can use in your browser to like explore things But the network tab is a good idea actually, I didn't mean to Accidentally stumble upon that so this is the image. Let's blow this up a little bit check it out Cookies obviously nothing parameters nothing obviously we're just getting the image returned but headers content type jpeg Quests Why is the response coming with a content range header? It's like bytes are zero to Is it giving me like a fraction of this of this file? content range bytes zero to 30202 Am I only getting a piece of it? Can I mess with that? Can I change that? Edit and resend. All right, it's not in there HTTP content range request Can I modify that? Okay, but range With the same kind of style the same like syntax or the semantics for asking for so not content range But just range when we make the request Can I do that? Yeah, okay. No, it's still in this thing range Bites equal low. What did it just do? Bites what the f bytes equals? How many how many did we get to begin with it was like two zero three zero two or two or something What if we give it just one above? can I like Not terminate it Or how much how much was there originally is three zero two zero two from this amount. Oh, I want to copy and paste this Let me edit this Copy edit and send That doesn't help. I mean, I guess that kind of helps. That is what I wanted. Why does it keep like jumping me my cursor? Bites equals three oh two oh three. So we move a bit on and I will send that 206 That's a different response What is that? Some base 64 string. All right, let's use Python to decode that Import base 64. I'm gonna say as B. So I don't have to type as much beat up B 64 decode Why don't you respect my privacy? What? Okay, and that's something right we're making progress Three zero two three six now. It's only give me like another fraction what I asked for a whole ton. How come it didn't give me all that? Well, let's do the same thing That we just did three zero two six Three two two three six So we were two three seven now Send that Get another two oh six. What is that HTTP? 206 partial content. Oh, that's cool Only it has requested a range of data And got a range back. That's kind of neat All right, what is the response here more base 64 Let's get idle to decode that B64 decode We can go on in this way for oh gosh, okay So this is gonna be something we have to loop right probably would have to do this in Python It being the Python challenge that makes sense Grr, okay Let's Subtle level 20.py and let's just get into it rid of all the old stuff and Let's just jump in get our shebang line going get the request module Let's steal the URL So I can request dot get URL call this Response stores an object print response Not text this should air out. Oh, is it giving me? Oh, it's bill view is on right now. I don't want bill view no Disable build view, please Now I don't have a build menu whatsoever. What the heck Okay, great. We're just gonna work with bill view. I should do this in like sublime text three Let's do that. Let's do that instead. Let's do sublime text three. Sorry guys Doing crazy stuff Okay, now I have a regular bill display. Thank you. Sorry. Okay, let's pass the pass in this this off tuple butter and fly so we get the passwords that we need authenticate and Not getting anything because it's not plain text. It is a binary file Is it it is getting the content, right? repper repper Okay. Yeah, so it's getting definitely in the file It's just not going to display an image or a jpeg image in my bill view. Whatever. Let's see what headers we've got to begin with You can access your request object in your response object So you can see like, okay, what were the original headers that went for this? I'm just going to steal this so I can work with them Original headers equals this guy. Let's put this above and let's just call this headers so we can work with it so headers equals headers good and When we have our response, what is the response headers? The content range is this thing Okay, so let's just get content range Okay, so this is like What we are working with to begin with but we want to just get the start Get like the next step in what we can access And can we give it all of this so end equals this and because that won't change like that's the whole length of the file Right at least supposedly so next piece I guess equals The headers let's just cut this up with some disgusting split stuff because Regular expressions just aren't going to work out for me because they never tend to so next piece Print the next piece now that we've cut that up. Okay Let's cast that to an integer and add one to it cool. So now we can say our headers can Have a new key range equals bytes Equals our sign I all the way to dollar sign I end So so we can I'm sorry not dollar sign percent sign format specifiers here so we get next piece going to the end and Now let's make the same request And Just print it out. I guess see what we get Why don't you respect my privacy cool? So that is happening through every single time Let's print out what we're looking at Or what range we're at every single time so we can watch it grow. Let's iterate through this Just turn the crank on this since it'll happen one after the other supposedly Nice nice nice good stuff Looks like it ran through it Why don't you respect my privacy? We can go on in this way for a really long time. Stop this invader invader Okay invader you are inside now Okay invader invader. That's the only thing that is being Broadcasted here. I Guess we can try And see Can I get to invader? HTML Yes, that's you great. That doesn't help me whatsoever What about? About like privacy That HTML. Nope not a thing Inside Nope not a thing. Okay. It must be invader then but that There was nothing there. There was nothing in that web page. It's literally blank text Great What else can we do? these The bytes that like change how much how much what is this difference? 36 bytes in that 46 bytes in that Or something like that. I don't know not doing this quick math. Okay, so that doesn't help. It's just it's literally just a segment Can I? Work with any of these other things we started from zero got to this thing. What about about after the length Is that a thing that we can do? Let's go from And plus one Will it will it go to the end? Well, what will it do? We only have to do try this once Whoa, what the heck? Bytes two one two three four five six, so we did one from the end We took another step from the very very and not the long one it says S-rever me what is this is this backwards the password is your new nickname in reverse The password for what password for the next level invader is invader my Is invader my nickname red davni That's invader backwards. No, not a thing. Okay Is that like for Another authentication, but we're accessing the page. It's not another not an authentication thing. There's no password. That's asking me for a new Like authentication thing the password is your new nickname in reverse Okay What do we do now can we Go reverse because where are we now two one two three four Maybe there are other requests after this one. Let's send this No Goodness gracious. Okay. Now. We're just spamming The server thing backwards pql python stop Stop it. Okay. Good. Can I go reverse of the end where we were or something? Oh, that brings me next to the next one. What about about this guy? See that's different than the end Yeah, that's a different number the next piece. What if we go Backwards from that how we look. Oh, whoa, okay, and it is hiding at this number Can we just go to this number? Let's use that at the end Bites whoa, okay. It's hanging. What is all that? Okay some binary stuff. Those are some those are some bites Those are some real bites pk. What is that? This is okay. Clearly a file. Let's go ahead and steal all of this Let's download this whole thing and just find out what this thing is We don't need to know the range anymore. Let's just take this response dot text and put it in something writes and Let's write the response dot text run It's thinking error. Okay Cannot encode ASCII code. Oh Do I Well, you just can't put the text in there. Oh It might just need the content. So the raw Yeah, the raw stuff. Okay, cool. That looked like it worked What do we got? Have we got something? We got something. All right. Cool. What is this thing? Oh, what's a zip archive? Something dot zip. Oh I actually need that to be the destination Let's unzip something dot zip read me dot text pass. Oh, okay. This must be the password that it was talking about Redavny, right? Redavny invader backwards Nice, what is this read me dot text? Yes Nice. What is this? This is really level 21 in here and yes after you solve it. You'll be in level 22 Okay, so I guess that's That's the end of level 20 That's it. Okay cool That was fun a little bit of a puzzle here with the content range. I've never seen that stuff before That was a funny Complete accident when I accidentally hit that Network tools that was some cool reconnaissance. I've never seen that header before I've never seen that HTTP thing and being able to mess with that was pretty neat and Python I'm glad we were able to crank it through with that Wow loop And keep experimenting with it. So wow. Jeez guys. Thanks for sticking with me. Hope you enjoyed this video Looks like we're jumping into level 21 in the next video, but thanks for sticking with me for level 20 All right, hope you're enjoying the Python challenge series. See you soon