 What's up everybody? My name is John Hammond and welcome back to some more Pico CTF 2018. This challenge is called LearnGDB. It's 300 points in the general skills category. Not that difficult, kind of a simple task here, but the challenge prompt is using a debugging tool will be extremely useful on your missions. Can you run this program in GDB and find the flag? So we can go ahead and download this if we'd like to. I've got it open in a command line here. Let's just W get into our current directory. It is simply a executable, right? So we can mark it as executable chmod plus x. So we add the executable bit and then we can run it. So decrypting the flag into global variable flag underscore buff. Looks like it's just having some progress bar kind of thing in dots there. And okay, now that that's done, it's exiting the program. Okay, so our goal is to open this and work with it and run inside of a debugger. So GDB or the GNU debugger is a option for us. I've been using GDB, which is the Python exploit development assistance toolkit thing for GDB. If you want to roll with this, you totally can. It is not necessary for what we're doing and just simply how we solve this challenge, but super easy installation. If you're using Git, you can just clone the repository, grab the source file and put it in your GDB.init file. So that's all. It looks very cool though. It looks very, very hacker and very elite. All right, so let's GDB with dot slash run so we can open up the binary. It looks like it is reading symbols, like it's got some stuff. So when we actually examine at that flag underscore buff, we actually can see some of that information here. So let's just go ahead and run the program again. Now that we have opened it up, but we haven't set any specific like breakpoints or variables, but the benefit of a debugger is that we can set a breakpoint. So add a specific portion of the code or add a specific location or somewhere along the progression there. We can stop the program and examine things like the stack or the registers or any other variables, et cetera. So if we want to find out a location in the program for that to happen, we can disassemble it with disass. And that's so much fun to say. Let's disass main. So main being the main function of the program. It looks like it moves something, perhaps a string here onto center out or I guess I, I'm not even going to pretend to know what that's doing. It just runs puts with whatever string decrypts flag with that function here, decrypt flag and then the later puts. So after it's decrypted the flag, that's probably when we want to pause the program and try and look for it in memory as the program suggested. So that's happening at this location here at that location in the program. So we can copy that. I'm using control shift C on my terminal and let's say B to create a new breakpoint. I'm using a star or an asterisk to say I want at this location here and I'll just paste it in. Now that that's broken, we can hit run or R again to run the program. And after it has decrypted the flag, we'll get all of the nice output that GDB Peta kind of gives us. It gives us the stack. It gives us an idea of what the registers look like, et cetera. And you don't have to have that set up if you don't want. Again, that's just what I'm using in GDB Peta, but I think it looks good and gives us a little bit more visual as to what's happening where. So at this location, though, we have essentially ready to say finish reading the flag onto this global variable flag buff. So if you wanted to, you could like P flag buff or to print that out or something, or you can use X to examine that at flag buff. And if you wanted to, you could look up all those GDB instructions or really how to use GDB in a man page and there's plenty of documentation or guides for it online. So very, very awesome debugger and grateful for what we're looking at, especially with arguments, breakpoints, local variables, et cetera, et cetera. But what we can do while we're examining something with that X, we can specify how we want to examine something. We can specify the format or how we're looking at it. So X to print position memory and in our case that flag underscore buff is fine to be able to use for us and read it. Well, let's say we want to see it as a string, right? Or a text, some piece of like real data and something that we can read as a string and as text. So let's do X forward slash S just as we saw earlier examining that flag buff. And there we go. We get Pico CTF GDB is super useful with that specific hash for our account. So we can copy that, right? Exit of it, turn off caps lock and save this. And then we can go ahead and submit it for 300 points. Not a difficult challenge, kind of cool, but good to learn your way around GDB and certainly know it as a tool. All right, that is the end of the video. But before I go, I do want to give a quick shout out to my supporters. I cannot thank you enough. Thank you all of you that are willing to kind of share some of your love and generosity with me on Patreon. $1 a month on Patreon or more will give you a special shout out just like this at the end of every video. I know it's not a lot. Maybe it's just like some feel good feeling, warm and fuzzy in your heart, good Samaritan helping out a dude, put food on the table, thank you. $5 a month or more on Patreon will give you early access to everything that I release on YouTube before it goes live. So I like to record things in bulk or try to get a backlog of content ready and then let YouTube gradually or maybe at a data time or every other day slowly release it on a schedule. If you want the content right when it's ready, right when it's recorded and hot and ready to go, that's the best way to do it, $5 a month. And I'm grateful for you and your support. So thanks so much. If you did like this video, please do like, comment and subscribe. Join our Discord server, link in the description. It's a cool community. We're actually, sorry, excuse me, we're actually almost at 2,000 people right now, which would be really, really cool. So if you wanna help join that initiative, I'm grateful for that. So thanks again. Hope to see you in the next video. I love you guys. Take it easy.