 What's up YouTube? This is John Hammond. I want to showcase a little bit more, make some YouTube videos. I have already released some write-ups for CodeFest 2018, actually in a Medium post, so forgive me for recycling content, but I figured I still wanted to make some video write-ups about it too, whatever keeps the YouTube stuff growing. So here we go, let's just jump in. This challenge, Freebies, is the classic support welcome challenge, so all you really do is go to their Slack channel. I don't know why someone decided to host a safety f on hacker rank because every time you try and go to a separate page it gives you that leaving hacker rank warning, whatever. So in the Slack page, in the Slack team, if you go ahead and create an account and log in, it's an invite link they give you, so you can just register an account and log in. In the general channel, you check the pin messages here and then one of the very, very bottom and contains the flag for the Freebies challenge. So that's pretty easy, pretty simple, right? Let's just mark that as a flag, so we can save this challenge, call it complete, submit it if we wanted to, but the game is already done, so that challenge we can knock out pretty easy. The next one I want to get to is Typing Master, which is a pretty similar challenge to what I've seen before with For All Secure. I think they did this in their Enigma CTF on their Hack Center platform, which you can probably track down, but it's kind of a simple service that will test your speed to type a certain letter. Let's just create a simple connect script. Not that we're really going to end up using this because we are going to simply write a get flag script and Python for it, but whatever. Good practice. That's what I'm all about. Give me the g letter however many times followed by another letter however many times and the sum of their ASCII values. The connection will close in 10 seconds, so if we were to even hold down this g character, well, we wouldn't be able to do that. We have to go ahead and automate this process. Let's go ahead and do that. I'm just going to name this get flagged up high because let's be ballsy, whatever. People told me I should start to use just regular user bin Python, not the environment variable, so let's do that. We can check out the connect script just to get the hostname import pretty easy. Let's paste it in there. That way we can have a host variable as a string, a port number here, and we do want to import PON tools. Let's just do from PON import all and let's turn the stupid messages off with context log level equals critical. Let's say s can equal remote, so we can go ahead and connect to it on the host in that port s.close. Check out what we're working with here. Let's just do print s receive, get our terminal and Python get flag. Please provide me with the letters however many times. We can actually determine, okay, since we're wrapping these in single quotes and using a number here, we could probably just scrape that out with regular expressions. I'll do that with import re. Let's say make that thing a prompt, just a variable we can control. Let's do re.findall, a string of any character preferably a word and those single quotes with multiple numerals following it. Then we'll use the prompt right there, the string that we actually want to work with. Then let's print out what we find, what we determine here. It gives us e and these things. This letter will obviously change every time we connect along with the numbers. That's why we wanted to automate this process. Let's go ahead and scrape these into their own individual groups. When we run .findall, we'll be able to access the variables just like that. We can actually just save these as numbers or whatever variable that we want. Then we can say our string can equal an empty string and we'll go ahead and string .append, numbers index zero to get the first result. Let's get the letter multiplied by the integer here that's given and we'll have to cast that to an integer because it does expect it as a string once we use regular expressions to scrape it out. We'll do the same for the other index that we get and then we'll go ahead and end the character values together. We can just take ord, the ordinal value like that letter in the ASCII table plus the same thing with one zero. Then if we were to print out string, we can see as an array the value that we have. A lot of nonsense there. Let's go ahead and put these together with empty string.join and we will want to wrap this number that we get as a string as well. Cool. So we can create our answer to be that and then let's go ahead and send that answer. Then we can print s.receive, check out what we get and they give us the flag here. Cool. Let's go ahead and split this up. Let's get the very last portion and that can be the flag that we retrieve and since this is now our get flag script, we can mark that executable, go ahead and run it one more time, redirect that flag to a static file and mark this challenge as complete. I just banged through that. I hope that wasn't too fast. The code here I think is a little self-explanatory. I do things a little bit more explicitly which may not be good practice but we know the port is always going to be the service that we connect to is always going to be the same each time. Just the letters they provide us and the numbers is different so scraping these with regular expressions works just fine for us putting them together and then sending back that answer. We'll do the thing. It'll solve the problem. Quick shout out to my Patreon supporters. You guys are fantastic. I can't thank you enough. One dollar a month or more on Patreon will give you a special shout out just like this and they never review five dollars or more on Patreon will give you early access to everything that really is on YouTube before it goes live. So if you like having the content right when it's ready when it's hot not when you have to wait for me to gradually upload them and have YouTube schedule them blah blah blah you can do that just five dollars a month on Patreon. Please do join our Discord server link in the description. It's a cool community of CTF players, programmers and hackers. If you want to hang it with me and some other cool people will be playing ICTF and Nox CTF as they're coming up this coming week. We just finished up with Tokyo Westerns. Actually I was away and the whole Discord server rocked it so props to you guys and please do join the community if you want to play like that. Love to see you guys on Patreon. Hope to see you in the next video. Thanks!