 All right. Hey everyone, welcome back to the YouTube video. My name is John Hammond and this time we're checking out the Kaisen CTF Still going through the web challenges this time I want to showcase the fun with flags one challenge. This was 200 points Was really kind of interesting and fun Wasn't too difficult once I saw what we needed to do here So here's the challenge prompt a doctor Sheldon Cooper is bringing back psychology back with his fun with flags podcast As was a brand new website, which is a ton of flags how meta check out his page here and find the flag in the PHP source code for Members dot PHP. Okay, so we need to find source code PHP source code source code We can check out the web page And it's a it's funny Sheldon Cooper thing looks like there are some buttons here that Don't go anywhere other than the exact same page despite they are advertising other things latest video Okay, that looks like a real video. I'm not gonna play that because of copyright stuff And looks like there are links to sign up and log in. So can I log in? Do the instant reflex number of hackers? We've added the Captcha, so I don't obviously obviously don't have an account So I guess I can try with simple basic ones five and four. That's nine Okay, that is not a real thing obviously How about can I register an account sign up? Credit card process currently unavailable and we cannot process new signups. Okay, so I'm assuming this is a dead end At least just for thoughts wise I tried throwing it at some low hanging fruit. I've thrown it Nikto the command line thing to scan it I also checked out the robots dot text and that was what initially threw me at the interesting things I see not a flag dot PNG. I'm sorry dot PHP, which just for putting words and giggles. I went to oh god I don't want to get any copyrights for that But that was funny and there's a git repo here. So whoa That's immediately what we need to do now because I I can tell it's a git repo So I can finally I could hopefully find the source code of the web page, right? So the tools that I ended up using to do this because I've seen this kind of challenge before is a git dumper and I think internet waysh. Yeah internet vashir. However, you say this they have a script to do this They have git tools and git dumper is the one you can use to get Repository, so let's crank this out. Let's go ahead and take the web page And we'll hop over to terminal. Let's make directory for this fun with flags One CD over there and get dumper is the name of the script. It's in my utilities folder Gits tools dumper Git dumper sh and it wants the URL with the dot git attached and it wants the destination directory So we'll just call it source and then it downloads everything so awesome We can change directory in there and there's currently nothing in there But we know it's a git repository so we can git log and we okay We see the history initial commit of the logs and we get this shot one ID number the shot one hash to be the commit ID number so I can show that and There we go. Now. We have all the source code for the web page supposedly so you can scroll through this as much as you want what I tried to do was to git show and Grep for the flag format so Kaizen and there we go. We get our flag. So that's what we can go ahead and submit We'll copy that and then we're done right. That's our flag That solves this challenge That's all the reason we need to do if we wanted to you could keep scrolling through this This does get into how you can break into the next challenge Which I will showcase in the next video, but that's what you do You download the git repository and look through the source code files that he kept for whatever reason on the web page That's a pretty common CTF web challenge these days at least I've seen it around many many times now is seeing a git repository and just dumping it and Then being able to look through the code that he doesn't want you to see so keep that in mind and get to know that Git dumper tool that I tried to show off from internet way sure or whatever you can find this online And it's totally free to use so that's the first challenge cool for fun with flags one on Kaizen CTF Thank you for watching guys. Hope you enjoyed this one Showing off some cool tools I think and I hope you're enjoying these these videos for Kaizen CTF. Hope to see you in the next one. Bye