 Hey guys, I wanted to showcase another challenge from some of my old homemade challenges From the original capture flag competition that I created for practice over at my old school. So This challenge I think that left off on was called a brisk stroll and the prompt here is have you ever seen this image before? So if I can click on this it should show it to us really nothing to Really really pointing or you're telling anyone where to go with this. So I'm gonna go ahead and download this W gets This guy tack tack no check certificate because I am running a self-signed certificate in that Now I had intended or was hoping that an individual would go ahead and try to do some Google image search or like a reverse image search on that I don't think anyone actually did But I want you at least as viewers to know that that exists if you wanted to you could use an image as Your search query in Google and it'll try and showcase. Okay, where are the other places on the internet that this image is actually used? That would point towards at bin walk at least on github or articles etc etc or other pages that include this stuff And that's where that image particularly came from so bin walk is the solution that I wanted to encourage people to use Right here as I'm finding out now looks like you can just solve this challenge with strings Which is pretty boring if you wanted to run strings on that image You could find the flag like that, but I was hoping to showcase the bin walk tool in this challenge Hence the note with a brisk stroll. I wanted to stroll to kind of associate with a walk. So whatever Bin walk is the tool. It is a file carving utility. I've used it in some other videos If you don't have it installed or in your prompt or Accessible from your command line, you can just sudo apt install bin walk or apt get or yum or pacman Whatever your package manager is And you can check out the man page for bin walk if you really wanted to look for other things that it can do Some of the Google CTF videos people had told me like wow you can do like recursive stuff with this specify a depth Length etc etc But bin walk tack II just real basic pointed out a file and it will extract things out of it So in this case this sees a strange image or a strange file in this Inside this image an elf file an executable or a binary so since it has been extracted We see a new directory underscore the file name dot extracted So let's go into that and this has all the files that it said it just determined If you wanted to not trust the binary and just run strings on it You certainly can that's probably smart move and you can see the flag in here If we were to trust this just mark it as executable and go ahead and run the file All it does is spit out the flag. So that's it That's the really easy notion here if you wanted to you could save the flag and then mark this as complete But I want to showcase how this is really built because it's nothing too fancy but Hopefully it looks a little deceiving once you just look at this image and that adult all it seems to be as an image You can run exit tool on it if you wanted to there's nothing in there No, no comment tag, etc But again, even if you were to run strings on this it would probably see That flag in there because it's still inside the binary which still has it as a string So not that neat but peculiar. I want to showcase how this was built anyway Because it is just a binary It is just a C program honestly that I had compiled and put inside or not really put inside Because again, I didn't do anything fancy with it The source.c file is just a simple C source code that okay prints the flag and that's just a String inside the source code. So that's embedded in the binary. I don't include a new line here So my OCD kicks in and I see that looks weird now But that is eventually created with the create dot script create that sh that is a simple bascript. It compiles it 32-bit and it uses cat to add the original image original png With the binary that I created and it adds it to a walk with the numbers So the reason the image viewer doesn't trip up on this when you look see the original file is because It reaches the end of that image like the in or whatever the File marker may be for that image and then it's kind of done processing. It won't do anything more So the image like image viewer program won't hiccup on the binary that's in there But it's also just kind of tacked on at the end I couldn't get any success with just putting it at a random position in the image because then the image viewer would break It wouldn't particularly see that pretty well But that's all and if you wanted to get flag scripts really again, you're just using bin walk on it Uh, and then using the binary to get it or you could just run strings as we found out at this point So not a crazy cool challenge But um, if you haven't shown your cyber team or the people that do security ctf stuff with you bin walk You absolutely have to because that is definitely a go-to tool for a lot of easy capture flag competitions and challenges. So All right. Hey, I want to send a shout out and a special special. Thank you and love to my recent patreon supporters Spencer Clark gal Horowitz and Please forgive me if I'm butchering people's names is okay atilla. Whatever And this guy is hysterical. Uh, he probably I don't know if his name is just there so I can say it Orgoloth the unruly destroyer of world's bastion of terror Thank you guys. Uh, I appreciate you guys, uh, spreading some love and help and support the channel Thank you for being willing to uh go on this adventure with me. So hey, um, if you do support me on patreon It's a one dollar supporter more. Um, you get a shout out in the video just like this Five dollars or more. I can get you really access to the stuff that I normally record in bulk or in mass videos And things will get scheduled daily But if you don't want to wait for when the day comes the for youtube to schedule and upload the videos I can send you them early access quote unquote But hey, please do like the video if you like it. Maybe leave me a comment Let me know what you think what else I can do better. What else I suck at etc Uh, and if you're willing to subscribe and if you want support me on patreon, please and thank you See you later guys