 Hello, YouTube! My name is John Hammond. Welcome back to another CTF video. In this case, I'm going to be showcasing one of the challenges from the Rough Rider CTF game. There was a local live on-site competition that took place a couple days ago, and I figured I would showcase some challenges from it. So let's go ahead and get started. However, the challenge is no longer online. So I'm sorry. I can give you this file if you'd like to have it, but I have the prompt and the original file so I can showcase what it is we're going to be doing. So let's hop on over to a terminal and I'll show you what we've got to work with. We have this file of IP addresses and you can see it's not all IP addresses. There actually is a comma separating each IP address with a given subnet noted with its CIDR notation. So it's this blah blah blah forward slash and then the number of IP addresses that would be came from it. And you've seen this before. You've seen like a slash 24 network or 192168.1 or whatever the third auto is going to be and then dot zero slash 24. That'll mean all of the IP addresses from 255 accessible to fill in that subnet range. So the challenge prompt was, okay, we have this list of IP addresses and there are a ton of these. There are, let's scroll all the way down to the bottom, almost 2000. And we want to determine are they accessible or actually in the given subnet that's presented here. Well, this can be really easily determined with Python with some awesome module that I want to showcase to you called NetAdder. So it has some cool new functionality in Python 3. Let's go ahead and actually go ahead and Google that. Let's get some responses here. I don't know why my F11 is not working. I can't get out of full screen, whatever. Let's go to Google or just simply use that as your address bar search engine. Let's do Python, NetAdder, and then we'll check out the documentation. Let's see what we've got here. This has a pip install if it's not already accessible to you. So just sudo pip install or if you had a virtual environment going, which I super duper recommend now that I'm getting in love with virtual environments. Okay, I just want to see the API reference. A lot of stuff here. So you have an object that can represent an IP address. And that will just kind of be interpreted as a string, you can pass it in. And you also have IP network down here. Yeah. So that's another class that you can use. And that can be represented in just that CIDR format that we're already working with. So you can do some really, really cool things. I don't know if it'll show an example for me. Probably not. But you can just go ahead and test is this IP address in that IP network. So let's go ahead and do that. Let's just cut this up in Python. Super simple, super easy, right? Let's go ahead and create a like solve dot pi. And I'm going to get a shebang line started for us user bin environment Python three, because we're going to run out of Python two pretty soon 2020 is coming faster than we know it. Python two will completely remove supports. I actually heard they might be removing the documentation for Python two. And that that's that's quite a hammer, you know, so let's do from net add or import all just so I have all of those. And let's actually open up what we're going to be working with I'll use a context manager just so the internet's pretty happy with me. And it's IP address dot text as handle. So let's do IP addresses equals handle dot read line. Will that work for me? I might be able just for I think I think I can use the handle like as an iterator, which is really cool. So line in handle. Let's see if it will just print out line successfully for me. I've seen that happen. So use Python three. And this is called solve dot pi net adder. Oh, I don't even have it. Let's go ahead and install that pseudo pip three install net adder. Go ahead and pseudo that and there we go. Cool. If you were setting up a virtual environment, you can totally just use the pip that's imported into your virtual environment. So now we should our script should run theoretically cool. It has a new line character at the very end. So let's just go ahead and split this up. Let's say that IP address and IP network equals that line split by the comma, because that's as you saw. And let's just go ahead and print these out. And let's actually remove the new line, because I feel like that might be in there. I'll do some list comprehension to do that later. But first, let's just see if we have the output that we want here. Okay, same exact thing. No comma that time. But our new line is still in there. So let's go ahead and remove those. I'll just do a quick, that's probably doing some extra work, because it doesn't need to remove it on the IP address itself. But for x in, that's just a quick and easy list comprehension. So I don't have to worry about it later. I could. All right, fine, you convinced me, I won't. I'll just I won't do it on the IP address. I'll just do it on the IP network. And then the world will be a better place because of it. That's how programming works. Split. No, I don't even need that. I just need strip. Perfect. IP network equals that. So now we should be fixed. Alright, cool. So let's go ahead and create these objects for that. And then we can go ahead and print those out. And if you want to solve, just by getting the count, you can see how many lines that outputs, or we can just add it to a number in the Python list, whatever you want to do in our scripts here. So let's create IP address with simple or IP address, right? And then let's say IP network network with the right syntax for it and IP network as a variable. So if IP address is actually in that network, we can go ahead and print that IP address. And let's see what we got. That's significantly less, right? If you wanted to just get a quick count with our script, we can word count attack L. So we can get 48 lines. That is the answer. And that would be the flag that we would submit. If you want to do that in Python, you can just say like, count equals zero, and then counts can plus equals one, kind of simple stuff, right? And then at the very, very end, you can just go ahead and simply print out your account. If you don't completely erase half of your script on accident, Python three solve. And there's your number. So easy, right? But if you want to work with all those IP addresses or save them for later, you can also just do it that way. Got a lot of options with that. But super simple, right? Let's just a loop and that's that that module in Python makes everything easy for us. So maybe you don't believe me that that's not the flag. I'll go ahead and actually bring down the footage that I have because I was trying to record while I was playing here. So you can see, okay, I found this on Google. Little brought me to Stack Overflow. How do I do this? I've messed with a lot of other random modules in Python to see how I could accomplish this. You can see some gross code that I'd written on the side here. And that didn't work. So I figured, alright, let's just try this, ran through it. And I'll speed it up a little bit here. Just change the code so that would work here. And now I have a much, much smaller range. So I put in a new file. I noticed there are 48 lines. And I went ahead and tried to submit it 48. And that was correct. So perfect. That's how it was done. I think that's a really cool trick. And if you don't know, you can do that easily in Python. Now you know. So thanks for watching, everybody. I hope you enjoyed this. If you'd like to see more, please do like, comment, and subscribe. Love to see you on PayPal. Love to see you on Patreon. Other pay things. Man, that sounds awful. Thanks for watching, everybody. I'll see you in the next video.