 Hello, and welcome. This is Chris films by Chris.com. That's Chris the K and we've been looking at capture the flag the Google capture flag 2018 I'm again a little behind most other people who have been working on these projects and This security by obscurity one It was annoying because I knew what needed to be done and actually I was able to solve it fairly quick But trying to automate it because I'm making scripts for each one of these that completely automate And I want to have them complete you run the script and it automates it So for example for this one this gives me through up to security. I run this and After a few seconds you get your flag right there. Okay, it took me forever to figure out how to To do that so again, I want to shout out to live overflow and John Hammond just because they have awesome channels check them out. They're the ones that brought this capture flag project to my attention and Just because they were doing awesome videos. So let's go ahead and look at so what was What was such a pain in the buck about this one? So you download this attachment, which is a zip file and and again Read these what they say here because they say things like John They're telling you to to brute force it. They're recommending John the the Ripper, which I didn't use in this particular case and Basically what you happen and they also you know by name security through obscurity You know that this person tried to do something crazy to hide something rather than securing it So you download a zip file and inside that zip file is another zip file Which is another zip file another zip file another zip file and it goes like ten levels down and then the zip files change from being zip files To being XZ files, which are another compression format. So What I originally did was I tried using unzip now the annoying part is unzip is Very particular about extensions it wants your file to be dot zip instead of just looking at the header of the file Which is how in my opinion it should work it should go Oh, yeah, this is a zip file even if it doesn't have that extension Well, when you extract these files like we have the original zip file we extract file inside it It is a zip file, but it isn't dot zip. So I had I was trying to write a script that extracted it renamed it dot zip Deleted the old one it did that and then finally got that but then again. I got ten levels down all sudden now it's their XZ files So now I had to figure out how to write my script to to check the file type and wait for you know If it's a zip file do this if it's an XZ file was this and it was just becoming a pain button and and the files It's like it starts. It's like the alphabet. It says password alphabet And starts adding and removing letters as you extract stuff So I started getting conflicts of files already existing and then I was like, uh, let me try a different zip program I was like seven zip seven zip will extract both XZ files and zip files, so I don't need to change program using and luckily it doesn't care what the extension is So I don't have to worry about adding the extension So let's go ahead and look at my script here real quick again The first line here is just downloading the original zip file and I'm calling it pass one dot zip And then we do a while loop and what it's going to do is it's going to extract each file So while one What I do is I'm right here to get the name of the zip file because it's going to change for each one That's extracted and I can't say you know You know for each file list because they aren't they don't exist yet So I'm looping and then I'm going to list all the files and directory dash t is by time So they're sorted by times the newest should be at the bottom So then I'm saying tail and mean grab the last line Which is the name of the newest file that directory which in theory should be our latest extracted file And we're putting that into a variable called f Okay, and then to extract a file with seven zip you just use seven Z E and the file name So what I did here was I'd added dash a away to say override So if the file you're extracting already exists override it because I was getting too much of this file already exists And then here the dash p is for a password Okay, and I'm giving it password test, which is not the password So what's happening is going to extract every single one of these files And it gets the last one which actually has a password so all the ones that don't have passwords It just kind of ignores this and continues we get the last one which asks for a password Well before I put this the script run run run and they get that last one And it would wait for me to enter a password and I just hit enter and then it would continue Well, I realized if I give it the wrong password it will continue and the pipe pipe means the last command failed So basically it's going to extract file extract file extract file and then we get to the last one which is password protected It's going to pass at the password of test, which is wrong. So it's going to go up. It failed So it will break out of this loop. Okay, and I also have it remove the previous file So after it extracts a file that removes it, but It continues extracting files until it passes the wrong password to that last one that breaks out of the while loop and Continues on now. I want to get I want to crack the password on that last file Which after being extracted this way you get a file called password x which is a zip file So I installed using aptitude or apt getter apt I installed fcrack zip which is for cracking zip files and I assume with these beginner Google capture the flags when they ask for a password. It's usually something pretty simple. So I just told it to start with There's an extra space in here. That's bothering me boom, okay We're saying to go through and I'm basically saying brute force this, you know start at a a a a a a a b a a c and we're saying start at four characters and go through up to eight characters and hopefully it will go pretty fast because Brute forcing takes a long time And luckily it did the password ended up being ASDF so it's it's you know starts with an a so it's caught pretty fast only takes a couple seconds So then I just rep for equal equal because that's the line that will have our password on it And then I use oct to grab just the password and we're putting all that so after it cracks the password It outputs just the password and it puts into a variable called password And then I say using password this and then we extract it that happens so fast that you actually don't even really ever see This up on the screen but it extracts it clears the screen and then it says your flag is and it cats out the file That has your flag and then it removes all our temporary, you know files that we've created. So again Let's go ahead and run that So that's all the The sevens it output and theoretically I could probably suppress that but I figured why You know and as you can see the last one it says error because the password didn't match And then we brute force it and because it starts with an a and it's only four digits and that's where I started with cracking it It only takes like half a second for it to get to ASDF So anyway, I didn't use John the Ripper. I use that f crack and actually I looked at the f crack zip man page and in it I'm pretty sure if you go down to the bottom there is a Sworn somewhere out here Here they're talking about a program that says it's an underperformance FZC Which seems to be a widely used fast password cracker claims to make this made checks per second on my machine measures under plain DOS with memory manager It's saying that this program this f crack zip file zip program It's been written in C and not a similar site so naturally it is slower So they're saying there's another program out there that might be faster. I Don't I didn't look into this one worked fine You know, it's slightly slower 12 percent slower, you know, I don't know if this program Runs on anything but DOS because I did read somewhere just a second ago. It said it was in DOS anyway You might get faster results if you really had to crack a password because brute-forcing really takes forever I went with brute-forcing because The nature of this game was telling me that it was going to be a simple password. Anyway, again go to Git lab.com for slash metal x1000 Ford slash capital CTF You can get all my scripts for the automation of this that you can pick through again check out John Hammons YouTube channel and live or flow just because they're awesome You know, they didn't ask me to give them a shout out, but I am because their channels are awesome I hope you learn something new again This one was just a headache this one was simple to do by hand But then automating it became a headache until I just switched the tools I was using so You know if you're stuck in in the rut try changing what you're doing. Anyway, I thank you for watching again Does it films are Chris calm? That's Chris the kids link in the description. Check me out on patreon patreon.com Ford slash metal x1000 link in the description to that as well also on my Page under support got patreon.com or PayPal if you want to support me that Wave you can't be sure to like share and subscribe Comment all that stuff because it does help with the views a little bit and I'll cross out my website You can search through both my channels for search No, yeah, whatever There we go The my second channel is mainly on hardware stuff and my website searches through both channels So you can learn a lot there. Thanks for watching and as always I hope that you have a great day you