 How's it going everybody? This is another video right up for the challenge hard shells from ICTF 2018 again It's still the website infrastructure is down So unfortunately, I cannot show you challenge prompt and stuff like that But we do have the file that we originally start with and download It's just called hard shells and it has no file extension So if you want to kind of get a better idea of what this thing is run file on it Do some reconnaissance and it turns out it is a zip archive So we can go ahead and extract it But it needs to have the zip file extension for unzipped actually want to handle it So just move it and rename it to hard shells dot zip and again we can run file on it It's still the same thing unzip it and it says hey, we want to know a password. So Okay, great. Let's go through some typical low hanging fruit Let's just try and run like a brute force dictionary attack on this thing to try and uncover the password I'm going to end up using rock you dot text. If you don't have rock you dot text You can probably just go ahead and download it literally googling rock you dot text Yeah, that should get you to a URL and a place to download it and It's a ginormous like kind of the de facto standard for going going towards a dictionary attack So let's locate rock you. I know I've got it somewhere on my file system And whoa, sorry. That's a lot of stuff Bring it to this directory and now we've got it cool And I'll go ahead and use my favorite tool for cracking zip passwords I know you could use zip to john, but I like to use fcrack zip And again, I think you should be able to just like sudo app install this one if it's in your repositories I repeatedly forget the syntax for it and I always have to just go ahead and grab this link This syntax from this thing online again, just googling fcrack zip doing your own thing We can paste that in here and we're going to change the Word file or the dictionary file that we're using to rock you dot text And we're going to change this to hard shells dot zip So it knows what we're working with and it gets the password in just a couple seconds less than Tacos, let's go ahead and unzip hard shells dot zip and we'll use Tacos as our password and it goes ahead and extracts it for us So it creates a new directory hard shells we can move over there and we get this file d which uh We don't know what particularly is so again, let's run the file command on it turns out. It's a minix file system So if it's a file system cool, maybe we can mount it. We can explore whatever files are particularly in there So you need a directory to be able to do that So I'm going to go ahead and create one just here locally call it mount point and then I will mount d at that mount point However, I will need to run sudo to run that command as root type in your password Not echoed on the screen once that's done. You see mount point We can head over to that and we have a new file called dat But it just is supposedly data. So what the heck no real inkling of what it could be Let's go ahead and open it up in a hex editor and if you don't have hex edit It's one of my favorite ones is just command line You can probably use like a g hex or bless or some other hex editor But sudo apt and saw hex edit if you want it and then hex edit dat So hex on the little middle side here in the big column Ascii interpretation on the right and as you look explore explore this and look through it You can probably see immediately some things like i hdr or i dat so i header and i data Typically these these are section headers for a png file or a portable network graphics image file So if you wanted to you could go ahead and determine like png Magic header or if you wanted to just if you didn't know what I was talking about you could go ahead and google i hdr Or i dat it'll tell you okay. This is a png It says the portable network graphics file has all this information on it And if we wanted to know like the png magic header the magic bytes the first couple of bytes for it It does start with these hexadecimal numbers or essentially png written in ascii So if you saw ours does not say png. It says pug. So let's go ahead and change this u to an n I moved between uh hex and ascii just by hitting the tab key So then we can hit control o save changes Uh just hit enter for the file name. It should save it a okay I use control x to break out and then if I run file on dat now it thinks it's a png image file And we can i've known that just open it up dat And we get this file Which does have our flag for us right down here ic tf look away. I'm hacking so Let's go ahead and jot that down We could submit it for points if the competition we're still rolling, but Let's actually move that flag out of the mount point And mark this challenge as complete pretty awesome That's uh a big one just about knowing your tools knowing your toolkit knowing how you can you can brute force the password for a zip archive Rock you is kind of again de facto standard for like dictionary lists and f-cracks It's pretty awesome and doing that stuff Then just doing some reconnaissance like learning what to do with a file system How can I mount it how can I explore it and take a look at what the files it really has What's up everybody? Thank you I was going to do my intro for the video again, but I realized that that was not I like I always pause my recording to get back to the patreon supporter slide And I don't know when like why in my mind. I thought I was like restarting the video I was going to do another intro you guys are fantastic. I love you. Thank you so much for your support donation It really means the world to me one dollar a month or more on patreon will give you a special shout out Just like this uh every five dollars you give every month is early access That's a specialty where you can uh get shared to a google drive folder that includes all the files and videos and Stuff that I'll make and put on youtube Immediately once I've got it like done and recorded you don't have to wait for it to go live on youtube once it's scheduled and gradually releasing You can get it right away. So if you did like this video, please do like comment and subscribe um Join our discord server link a description It's awesome really cool place to hang out with cool people that play ctf's that program that hack do cool stuff You can hang out with me and others that are ctf players programmers hackers and all the words that I just said I hate doing this outro guys. I love you. See you later Hope to see you on patreon. Hope to see you in the next video. Bye