 Hey YouTube, this is another video right up for the challenge webbook from Codefest CTF 2018. Challenge prompt here is it's expected to complete reading a book novel to pass the course but students being clever avoid reading the whole book by going through only the summary blah blah blah. The gimmick here is that you have a web page that has lots of pages that have to be accessed sequentially. It says it has a thousand pages, so you have to be quick and you can actually go to a web page and click through it manually, but that's stupid and dumb. It gives you a lot of random base 64 and you can keep hitting next and keep hitting next and doing that manually but doing that a thousand times would just be awful. So if you're checking out the link here at the very very top it says fp for first page and then whenever we move forward it that next has like np for next page and some random information. If you view the source you can see this form and button actually has the link included in the source so we could go ahead and write something just script some python code to be able to work through all these pages. So let's go ahead and do that. If I just grab this link and I start to create a get flag script we're actually going to end up creating some pretty messy code, but we will loop through all these pages with python. So I'm going to go ahead and set this URL to be just without the fp and then I'll say first page will be that string and let's actually not include the forward slash because I know the other pages will have that included. We want to use requests as our library to actually make these pages. Let's go ahead and create a session object so we can keep moving in an orderly fashion whatever whatever. Do we close it? No, whatever. Let's just s.get that URL plus the first page and then that can be an r variable for our response. Check out that response text and then we should be able to just scrape out this information here. I could use beautiful soup. I could use something a little bit more elegant but I suck and it's a simple CTF challenge. So I'm just going to use already regular expressions. Let's use find all and let's just get what what what did that look like again? I'm sorry. It was action equal. Yep. Okay. So raw string where action equals let's use single quotes here so I can use double quotes in the string anything inside of those and we'll make it lazy. So we actually don't reach all the way to the gets and let's use r.text as the prompt there and then let's see if we get anything. Okay, we get that page. So we can say next page can equal this and then we can go ahead and try and move on to the next page just like that s.get next page. So let's actually print out that r.text while we're viewing it print r.text. Okay, so it is getting that next page just fine for us. Now let's run the crank on this. Let's go like wow one and do this over and over and over again because r will just repeat that value. Let's go ahead and create a counter for us. Let's say counter equals one and then let's do counter plus equals one and let's include that in our print statement. So I'm going to go in the terminal here and I'm going to run the script. So over and over and over again I forgot to call that counter. It will move and iterate and we can just barely see it at the very top here. It's changing 21, 34, 38, etc., etc., and requests are slowly going through. So I will pause this and wait till we get to a thousand and see how it looks. Okay, so the script finished and it looks like we got the end over at a thousand pages or whatever. It just looks like you completed the book, still haven't found what you were looking for. However, it looks like in this request we have at the very end it says the flag is basic scripting, isn't it? Not in the classic flag format that we'd seen earlier in some of the CodeFest flags, but that's okay. We'll take note of that, put it, wrap it around in the CodeFest CTF braces here, and notice that this has an ampersand noted in the HTML encoded value. So it should just be a real ampersand. Let's go ahead and remove that amp following it in the semicolon and just take note. Okay, ampersand. That is the flag. We were able to complete the challenge. Just not really an easy one-liner get flag script. It's just got to actually run through a bunch of crap. So not the most elegant thing. We could have something wait for it until we found it, but it's going to take a little bit of time. So let's just kind of leave it at that. We'll mark that get flag script as executable, and then we can mark this challenge as complete. So simple thing here. Quick shout out to the people that support me on Patreon. Thank you guys so much. You're phenomenal. I love you. $1 a month or more on Patreon will give you a special shout out just like this in the number of your video. $5 a month on Patreon will give you early access to everything they release on YouTube. If you did like this video, please do like, comment, and subscribe. Join our Discord server, link in the description. It's an awesome community full of CTO players, programmers, and hackers. You can hang out with me and other cool people. We'll be playing ICTF, NoxCTF, and any other competitions and capture the flag games that are coming up as a team. It's super cool. Love to see you guys on Patreon. Love to see you guys in the next video. Thanks.