 Hello YouTube! My name is John Hammond and this is another video regarding the Parson CTF from just the other month. So I'm showcasing a little bit of the footage that I recorded while I was playing. I wanted to pull up this category in question for forensics analysis. This was question 301. It says how many binaries marked executable in the user bin directory and all of its subdirectories have a dependency on the modified shared object. And at the very very top here it's explaining. They're using the shared object libcrypto.so.10. And there's some other stuff regarding PDF documents that we might be able to touch on in another video, but I wanted to showcase this one real quick. I can show you this in bash. It does not take a whole lot really to solve the challenge, but I wanted to bring along and... All right, I'm fumbling here. Let's go back to the real thing. Let's do it in the terminal and showcase what we have here. It gives us this file system thing to download. This root directory won't delete or go away, so I just left it there. If you wanted to go ahead and extract this, it is just tarxvfz, x to extract, v for verbose, f for file, and z for some gzip. I think you know how you always don't know all of the arguments and parameters to tar, but then it was able to go ahead and create all of those things. So it's looking for all of these things in the user bin directory and subdirectory. If we wanted to change directory in there, we totally could, and we have a bunch of binaries. I don't think there are any subdirectories in this, regardless I guess we can poke around. So what I wanted to be able to do and what I want to look for and how I want to do this is by using the LDD command line tool, and that is a Linux program or simple command that will go ahead and print the shared object dependencies or the other libraries that are loaded by another command or another program. So you see this sometimes when you're doing some reverse engineering or if you're trying to figure out where all the libraries, if it's a statically compiled thing or dynamically loaded stuff, blah, blah, blah. In this case, it will probably be trying to dynamically load things and that would be the libcrypto.so.10 that we saw in the prompt. So what I'll do is I'll go ahead and loop through all of the executable files that I might find, kind of give them to LDD and then see which of them are actually using that or how many of them just by trying to count the total number are actually finding and using that libcrypto.so.10. So if we wanted to kind of be really formal with this, you can go ahead and Google, hey, in Linux, how do we find executable files? We know we're going to, we want to be recursive, right? So we're probably going to end up using the find command. And if we actually go ahead and check out our Google results here or on the research, it says this can be done by using the perm option for find or the executable option. They actually recommend using the executable perm is not recommended. If you want to look for only files and not directories, which would make sense in our case, you can use type F. So let's go ahead and try that. If you wanted to, we can just go ahead and use simply find hyphen executable type F, excuse me, NZ shell is again already showcasing it all for me. So you guys don't even need to have me walk through it. But let's do it. Let's go ahead and look through all of these executables. And then I had done this outside of user bin. I've been testing, but I want to rely on it and trust that it will work for us. So we have all these binaries that we're looking at. Let's go ahead and loop through each of them with a simple inline while loop. So we can do and simply echo the line that we're looking at line is the variable that we're using as we iterate through these. So we can go ahead and LDD rather than echo to make sure that we're actually getting the results we want to see with the shared objects. And that's a lot of information, but we only care about when we're using that lib crypto.so.10. So let's grep for that. Let's grep lib crypto.so.10. And you can see I've already ran this in a previous command. And that's finding a lot of results for us. We want to know how many of them we're going to have so we can go ahead and count those number of lines. That is as you saw earlier. Again, Z shell is showcasing it all for me. Word count tack L. So wc tack L. If we run this, it takes a little bit of time because it has to buffer all that output. And eventually we will be returned to the number 41. So the game is not on at the moment. This was kind of just a temporary thing. So I will show again showcase what we have seen in the video. I'll speed this up a little bit because I'll go through and do that exact same command that we just did. I actually do the exact same research. So that's how I like to do these. If anyone of you haven't have caught on, I will try and solve the challenge prior and then showcase it to you in hopefully a little bit more linear and clean mental trajectory, I guess. But there you go. I tracked down 41 and I submit it. And as you can see that is the correct flag. So very cool. Then we'll start to rip through some of the other challenges and I would love to showcase those to you in an upcoming video. So thank you guys for watching. Hope you guys enjoyed. If you did like this video, please do like comment and subscribe really helps out the channel, the YouTube algorithm, you know how it all works. I don't know how it all works. Please do join the Discord server. There is a link in the description. It's an awesome community full of CTF players, programmers, hackers and incredibly smart people so much smarter than me. So if you would be willing to support the channel, if that's something that you would like to do patron on PayPal, I'm so grateful and appreciative of whatever you're willing to offer. And thank you. Thank you. Thank you. I love you guys. I'll see you in the next video.