 How's it going everybody? My name is John Hammond. Welcome back to the Ripeco CTF video. This challenge is called Client Side Again for 200 points in the web exploitation category. So this must be more on the line of JavaScript and client side code. It says, can you break into the super secure portal? We're giving a link here which we can go check out. I will open that up in a new tab. It says, new and improved login. Enter valid credentials to proceed. Again, please subscribe, which is not the password. Weird. So if we're going to view the source for this, we can see that there is a little bit of JavaScript code, but it seems to be obfuscated. There's a lot of random numbers and hexadecimal values used for the different variables, et cetera, et cetera, et cetera, et cetera. Interesting things to note though is that it does include some segments of the flag, just noted as strings at the very, very top. You can track down a JavaScript deobfuscator if you wanted to. I have not had a whole lot of success with JavaScript deobfuscators. If someone tracks one down that does a good job of taking this apart, I would be very, very grateful. This one I haven't seen work just nice. Does that one do it? Okay. Yeah. We can pump that in here and it will try and niceify that JavaScript. It does it a little bit, but it's not like it's going to just give us things as easily as it could right off the bat. We do get to see at least a better output for what these values are listed at the very top of this array here. And an interesting thing though when we mentioned, hey, we see our Pico CTF flag form out there. We can also kind of figure out and decipher just by some deductive reasoning that, okay, it must be Pico CTF, not this again. And that ends with a one there. And I can assume that there's other numbers kind of leading to a closing parentheses or closing curly brace. That must be the very end of the flag. So let me put that together. That should really be what we need for our flag. Let's move into Pico. Let's make directory client side again. And let's create just a simple flag dot text so we can paste the stuff in here and slowly have it grow Pico CTF, the curly brace, not this again. And these underscores helping kind of give it away. That's what's actually building out the flag is really part of it. You can see other strings that are probably useful for the application, like incorrect password or password verified. But really, I know a cheap hack, but a flag is a flag. And we can go in and submit this for 200 points. That's correct. And that's all that I ended up doing for that challenge. The next one is called flags. It says what do the flags mean? And we're given a PNG file to download. Let me mark this as executable. And let's make directory flags, CD flags. W get this guy. And we'll check it out what we're working with here. There's a lot of white space for some reason. Only there's really information at the very, very top left of this. And if you haven't seen this before, maybe you could do some Google like reverse image searching if that's your bag, or maybe you might recognize this right off the bat. These are the nautical flags that are kind of used to note some signals or messages on ships at sea. So we can just translate what each of these nautical flags are and determine what letter in the alphabet they might represent. A good thing to note, however, is that, remember, Pico CTF has been doing a lot of flags with, like, lead speak and numbers that are going to represent or replicate another letter. So we should probably look for maybe some mapping for these nautical flags, including their number representatives. So let's do that. We can Google that real quick. I'll go to nautical flags and numbers. You can see it's in my Google search already. So this looks like maybe a little product we can buy. I don't know. A maritime signals photographic prints, but it is going to act as a key for us. So this is nice and handy. I'll zoom in on that. I'll try and bring this up to the top of the screen, or at least I'll make this visible so that I can see it. Maybe you guys can't just yet. But let's start writing out this flag. So we know we're going to be working with Pico CTF and the hints there told us that, okay, this is actually going to be all capital letters. So let's try that. We need Pico CTF and that is F. And then that looks like the number one alpha golf. Following that, we have five. You can tell because of that number matching just with the color. I'm kind of looking off to my other screen here. And then the Delta, another five. T for tango, U for uniform. And what is that last one F? So flags and stuff. Good enough. Let's go ahead and submit that. That was our reference and that was correct. So if you see those, if you happen to catch those again in another competition, maybe a later game, CTF you're playing, no, be able to identify those squares with a good amount of color and different representations that that's the nautical flags. That is that. Thank you guys for watching. Hope you enjoy this one. Another quick, super simple, quick and easy Pico CTF challenge in video. So thank you guys for watching. Please do like, comment, subscribe. I'll see you in the next one.