 What's up everybody welcome back to another YouTube video. I'm again John Hammond And I want to show off the grep quest challenge in the last the CTF I was still going on that that hype of like creating a get flag script for every challenge and everything you actually complete in a CTF so in my grep quest folder and all the folders that I have for the challenges I've always been creating this get flag script that will at least try to show the flag in an automated fashion of every challenge You complete with grep quest is a little bit different because for one thing we're connecting to an SSH We're connecting to a remote shell and running commands on their server We can still do this and automate it And that's what I wanted to show off to you in the way that I got that to work because for one thing we're gonna have to pass in a username and password to the SSH shell like to be able to connect and then we're gonna have to run our commands as If we were SSH in so the way that I do this is of course I use SSH and I would log in into the area over there. I think it's shell dot lasso CTF And it is yeah, so we'd be able to enter our passwords and we'd be able to enter all of our commands and stuff But it's interesting because they always give us this banner So with SSH we can remove that if whatever reason we want to when I try to do in my script with dash Q I guess for dash quiet and then we still have to enter our password But how can we run these commands after we've entered our passwords? Well We can pass them in as arguments like I can change directory into here I Can pass that in and then I can run a Ampersand or like a colon to run a represent. I'm running another command in here And I'll use the same tactic I did to find the flag So now after we enter our password we should Get our flag for us. Awesome. Now. We just have to be able to pass in our password and run it So I would use SSH pass Which is a tool for Ubuntu and you can pass in dash P as the argument and then your password would be the argument You pass in and you just continue your syntax. Otherwise just like this This doesn't work for me because that's the incorrect password And I'm not actually going to show you my password, but that's how you would be able to do it That's how I do it in my get flag script I just pass in my password right here and this same syntax will Remove the banner with dash Q run all the commands as if I'm connected to it actually Should be able to do that Yeah, but again, I have the wrong password. I have the correct password in my get flag script So when I run my get flag script, I get the flag I'm also I actually just doing a little bit of cut stuff. I cut with the delimiter of the Yeah, the friends the colon there and I use F2 to cut out what I had earlier with the Where is it? Yeah, I cut out the potato dot text prep stuff just so I get only the flag, but that's pretty much it I Will just pass in my password use a dash Q to remove the banner and then run the command after it Easy stuff. All that is is just that one liner in my get flag script But it makes for one simple command to run and immediately get a flag so again I feel like it's a good practice to create those things in whenever you're inside of a CTF or competing and Cool challenges like this. So thanks for watching guys simple stuff on how I did it in SSH And if you don't have SSH pass installed You should be able to just run pseudo apt-get install SSH pass and install it in Ubuntu. So yeah Again, I already have it installed, but thanks again. I'll see you in a later video You