 Okay, and welcome again. So if you have been paying attention The Google capture the flag has recently been happening. I'm all behind everybody else. I actually Got into this by watching live overflow. Sure. Check out his channel. It's pretty awesome Which also brought me to John Hammond's videos, which were awesome as well check out both their channels I highly recommend it you can get My automated scripts and my get get lab So get lab.com forward slash mil X 1000 forward slash CTF that's all capital and there you can download My project that has automated scripts for all these Capture the flags that I'm going to be going over. So here we go We're going to go to the second one last time look at the letter one, which is pretty simple We're gonna look at the floppy one, which is also fairly simple if you've played around with binary files at all We're gonna be using bin walk, which I have gone over in previous videos It's a great tool for pulling apart binary, especially firmware of routers and other devices So let's go ahead and jump into the terminal here. I am going to go into CTF Google and we're doing the floppy one more case. There we go so again in here I have a script going to run that script it's going to run and It just gives you the output of the flag So you copy and paste that into the Google website and yeah, you did it But let's look at how all this works. So again when you click on this project, there's gonna be an attachment you pull it down and Then you start playing with it. So Let's quickly look at my script and what it does So it downloads the zip file the attachment you get puts it in a file called floppy dot zip and unzips it in there There's a file called foo dot Ico which is an icon file for Windows systems. So we're here. We're saying bin walk Extract and it's going to extract all the files from from this because there's other files embedded into this Ico file And this is the first thing I do anytime. I'm trying to well It's the second thing I do So normally if I'm playing around with the binary file and I don't know what's firmware or something The first thing I usually do is strings string should be installed on pretty much every Linux System it's a pretty standard tool. I'm pretty sure like even routers and other small devices have it and Let me real quick here my script cleans itself up after it's done So let's just make sure that we can get a copy here So I'm going to download that zip file and unzip it again And there's our our file or icon file So normally the first thing I do with binary files is a string It's kind of like cat, but it's going to remove anything. That's not an ASCII character so all the gibberish that you can't read anyway and Oh, sorry, and we just get the name of the file and there we go And then you know, usually I'll I'll try to sort that unique that and that gives us a limited amount of stuff So you can see a few things here. You can see if I that there's something called driver dot text and WWW.com and then this UT is probably not part of the name of that just as it's probably not the part name of this now We're going to be doing here is we want we can see that there is a file in there But if there was actually text just laying right there It would be displayed here and we're not seeing anything that says flag or CTF Which are usually the keys you look for so next step I would do is I would run bin walk Which you have to install so you know pseudo apt install bin walk I have it installed if you just run bin walk on the file. This is a pretty small file should go pretty quick It's going to tell you what it sees it says that it sees two zip archives actually and then end of a zip archive So you'd see you see that there's actually two files in there within the icon file a Driver dot text and a WWW.com. So they're compressed That's why we're not seeing the text from the text file because it's been compressed and it's binary data in our strip Or our strings a command is removing all that binary data, but the name of the file still exists in like the header of the zip file So again, we run that same command, but with the E is it dashy or just E I think it's dashy The same thing but it creates a file usually it's the it's an underscore the name of the file that you're extracting dot extracted And if we list what's in there you can see that we have it Bin walk does this and I'm not sure why it's always almost always if not always creates a zip file That is the original file in the extract So it's like if you were to look at this if I was to bin walk That that file right there You can see it's the same information that's out there. In fact, I bet if we md5 some our food icon file and This is just a guess this would work. No, they do actually have Different there. They are technically different binary files But it's basically as you can see that it contains the same things probably just stripped away some stuff So Going back to our project at hand in that file you can see there's a driver dot txt and it gives you your flag right there and What we can do is we can instead of catting it we can grep for ctf oops and Then we can say Ock and what I do is Print dollar sign to which we print the second column and that should give us Or dollar sign one because it's actually the first column even though spaces before it there we go And actually you could probably do this without grep, which let's see if I did that in the Script here. I did so I'm here I'm saying Ock search for ctf and then print the first column of this file So I I just combined it I shortened it up So I didn't have to pipe and then the script cleans up after itself here at the end. So again our script Running it like so Here it's this time. It's telling me that files already exist because I didn't clean up So there we go if we run it again, it shouldn't give us that so That is the script that is how you use bin walk very basics of it again You just run bin walk dash e and your binary file and if there's other embedded file system zip files icons other things in there they are You know extracted and then you can look through them and like in this case There was a compressed copy of a text file and it extracted that for us and we were able to get the text out of it So again my website films by chris.com. That's chris the k. There's a link in the description You can also go to my git lab page Which I actually need to link on my home page because my home page still links to git hub But my git lab git lab forward slash metal x 1000 and the scripts for these This video series is git lab dot com forward slash metal x 1000 forward slash ctf all capital You can clone that repository and run the scripts and look through them and get a better idea of how things work Also again, uh, check out live over flow. They didn't ask me to give a shout out, but He does great videos and I just recently through him found john hamlin or uh, hamlin and uh, I've only had to watch a few of his videos, but they're awesome as well and uh, apparently, uh, he Has watched some of my videos as well, which is awesome. I appreciate everyone who watches my videos So again films by chris.com. That's chris the k. There's a link in the description as well as a link to my patreon page Which I appreciate any support that you guys can give me so films by chris.com And if we go to support, uh, you can support me either donate through paypal Or support through patreon.com or the two options now um As always, I hope that you have a great day