 What's going on everybody? My name is John Hammond and this is some HSCTF 2019. I'm pretty excited. I'm pretty stoked. This game has been a ton of fun, so I'm really excited to showcase some of the challenges here. It's an international online hacking competition designed to educate high schoolers in computer science. However, you don't have to be a high schooler to play. Only high schoolers can win prizes, and to win the prizes you have to check back next year. It's a good thing you can play without being a high schooler because I am unfortunately not a high schooler. I'm still stuck in elementary school. That's a joke. The page for the CTF is actually at ctf.hsctf.com. This is where you can log in and register a team. I am going to log into the JH Discord account that I have been using and as part of the Discord team. If you guys want to be a part of that, join the Discord server. You totally should be. It's a ton of fun. Let's dive into the miscellaneous category to start with. The Discord flag is just joining Discord server, which is just means of communication, so it's not a particularly hard task. That's why it's only worth 10 points. It's just saying, hey, this is a support form in case you need any information or questions answered. Hang out, talk to the organizers, admins, and meet other cool people. The next challenge is verbose, and it has 125 points assigned to it. They're also using dynamic scoring, which means that the score value for a challenge or a point value goes down as more people solve it. As 444 people have solved verbose, it's now down to 125 points. Challenge prompt here is my friend sent me this file, but I don't understand what I can do with just these six characters. So this is verbose.text. We can open it up, take a look at it. I'm opening it in Jettits, and you might be able to see or you might not be able to see because this is some kind of small font. This is just square braces and parentheses and plus signs and exclamation points. If I open it up in Sublime Text, I'll paste it in here. It's just nonsense. So some of you trained, captured the flag veterans and warriors might already know and recognize that is a one specific unique esoteric language. If you wanted to check out the Hello World dictionary, which someone actually linked to me, I thought it was really cool. If I can track down, it's like helloworld.de or something. Programming. Hello World in all these different languages. Hello World in different programming languages. Maybe I can find it. Yeah, helloworldcollection.de. That will actually showcase it. If you actually searched around for those and wanted to keep looking, you would eventually find that this is in fact JSfuck or JavaScriptfuck. It is a rendition of brainfuck. I mean, not really. It's derived from brainfuck, an esoteric programming language. It also uses a minimalistic alphabet of only punctuation characters. It's literally JavaScript code. It's JavaScript put together in just these symbols. So it has some interesting interpretation. You can really do anything that you would otherwise do seemingly in JavaScript with this kind of thing. If you wanted to go ahead and play with some of these, you can go to a decoder and work with some of those. So this website will actually let you go ahead and use it or encode or run some of these. So let me get the file again. I think I lost it. Open it and I'll copy and paste all of that contents and we'll paste it in here and we'll say run this, right? But all that it seemingly does is redirect me to the HSCTF website. I thought, okay, maybe it's running some things that would be printed out to the console. So I thought, let's just open up our developer tools. I'm in Firefox, so I hit F12. I hit open the console tab and I pasted this all in. I know that looks like monstrosity, but no seemingly visible output. It just says navigated to the new page. So when I had done this and I actually solved it, how I had done this after I knew that it was JSFuck was I brought it to tio.run, which is a try it online, online interpreters that are accessible online. So that actually has a JSFuck or just straight JavaScript and that's the one I ended up using because it is JavaScript, right? It is a JavaScript interpreter. So I pasted it all in, hit the go button up there. And after some time, I scrolled down and said var flag is HSCTF esoteric JavaScript is very verbose. And it brings you to that HSCTF.com website. So that does the redirect. That's the flag we would go ahead and submit. We could paste that in there and get whatever points looks like we we went down some points. It was 125 last I saw, right? Sorry, I'm hyper. And that would be the flag that we're looking for. If I wanted to, and now I added some prowess to be able to do this, there's actually a note that showcases this. And it redirects you or references you to that tio.run utility in CTF hyphen katana, which is the document rendition of all of my, or not all of them, but a lot of things that I try to like to learn and piece together within capture the flag and playing all these games and competitions and events. It's supposed to archive stuff that I've learned and there's a lot there. So if you want to scroll through that, you certainly can. And you saw that I mentioned tio.run, just the very top there for some esoteric languages. Another option, very, very soon, I want to showcase how you can do this with the actual katana tool that I've been putting together. So I know people hate me when I showcase this because it's not entirely available yet, but I want to showcase how simple and clean it is. I have in my test directory, because I added here, if you want to download it, we can give it that file if we want it to, but it's HSCTF. And then it is jsfuck. So this is the exact same file. This is this is just the file that the website gave us. I might be able to get Cementar running. Maybe I'll showcase that. So if we wanted to run katana, we would simply remove the current results directory. And you can see zshell is trying to help me out for a second, they're giving my auto suggestions, we can use tack a on it because it'll just means auto run all the units that we know, and tests HSCTF will use jsfuck.txt. We need to specify the flag format as HSCTF, and my regular expressions here, period to mean any character, asterisk to mean as many of them as you can get, and a question mark to make that lazy. So when I spit through that, hey, we crank through it. And it finds this potential flag, HSCTF esoteric JavaScript is very verbose. So shout out and thank you to Zweji and the Discord server who has made a ton of these katana units for us. And I'm super duper grateful. Thank you so much. You certainly have a lot of lines in that contributions block. But that is how you track down that flag, that is how you solve verbose kind of a short video, just wanted to showcase the odds and ends that I ran down and how you could do that with katana if you ever would like to and find that information. So hey, thank you guys for watching. Hope you guys enjoyed this. If you did, please do like comment and subscribe. That really helps out the channel, you know, helps grow the community and feeds the YouTube algorithm I'd love to see you guys in the Discord server. There is a link in the description and we can tackle a lot of really cool capture the flag competitions events and games like this. There are also a ton of incredible people there. I think we're almost close to 5000 members. So if you want to jump in that party, please do. I'd love to see you on Patreon. I'd love to see you on PayPal. I'm so so thankful for all your support. Thank you so much, guys. I love you.