 Hello everyone and welcome back to the YouTube video. My name is John Hammond. We're still looking at the junior CTF Capture the flag game and competition that went on the last weekend All right, so I want to showcase this other challenge in forensics. It's a 500 point one called the good the bad and the junkman so No real prompt here. I cleaned up the stories thing and now some stuff is missing. I think it must be somewhere here, so I'll show gives it to you here. You can download this thing. It's just a raw file Now in my case when I was working with this I actually had some trouble being able to like download it and get it to extract So we'll see if I can get it again Once you have it downloaded. I'll just I use the archive manager to be able to extract these and It's like a little bit of time to download 14 seconds 13 seconds blah blah blah So what I ended up doing because I couldn't get it to extract I honestly even just tried using some like online converters and I convert it to another file format And then I was able to extract that way So if I can extract it, I'll just again showcase what I what I had done but you can try to extract it here and Okay, so yeah a part an error curl extracting files a parser filters is unsupported. So I Probably haven't jotted down What I actually used CD cyber write-ups Online CTF juniors the good to bad day judgment. So I Had used an online converter here Which you're totally reading the solution, which is just fine, but I'll showcase it to you anyway. I Use an online converter to convert files here, and I think I was able to download it there Okay, so no they deleted it, but yeah, I just used this DW convert files calm Seriously, and I could just convert it to a tar and I was able to ARCA extract that so so it saves into this thing So I would see the end of that and that has Google so There is a bunch of files in here. I'm assuming the like Chrome configurations Bunch of user data and stuff from here, which you can look through by hand if you really wanted to Chrome cleanup tool Crash reports. There wasn't anything in there Cleanup tool from Cleanup tool and there's some stuff here if you really want to look through that But what I ended up doing was because I was too lazy to look through all this stuff was I created a simple while loop First I just ran fine. So I had the list of all the files in here If an absolute path or like I'm sorry with a relative path with a dot slash and Then I would I would loop through every single one of them So while read line as I loop through all those outputs each individual line I would do strings on that line And just would literally take the strings of every single file that I saw so it looks like a bunch of nonsense when it's scrolling by But what I wanted to do now is I can grep before flag and I use dash I to make it like case insensitive And there's a bunch of stuff here again So what I ended up doing in that case was I can catnate it or I sorry I appended it to a file That I ended up calling like all flags dot text. That's what you saw In the folder above me the directory that I did it that is above me so You can see it there what I ended up doing was now opening that up and taking a look at it more definitively So I'd look for flag and there were about 221 matches I could see down at the very bottom so I honestly just look through these one by one and I Just hit the enter key to kept scrolling by and scroll through it to see if there was anything interesting that popped up and I see like some JavaScript code I see some other things that don't look particularly interesting other than yandex searches that looked interesting and I kept going through here and One of the ones that I saw eventually Also other than all these JSON objects that look peculiar But they're probably just for a technical thing the creation underscore flags variable was probably used for some code It does But I kept rolling through here all these JPEG. Oh, I'm sorry these PNG images and now I find this interesting thing and that they search YouTube, but they see a YouTube comm search query flag CTF some interesting some interesting here a go-go be bolder The fact that it has CTF. I'm like, oh, okay, this looks very very clear This looks like I clearly have the right thing So they had searched that through YouTube and I tried to I tried this as the flag and that didn't work So but since they had searched it on YouTube. I was like, okay, can I can I recreate that? Can I do that exact same thing? So I do I googled it? I Think finding it on YouTube is just as equally as fine, but I had to just ran it through Google Flag CTF some interesting go here and we get this YouTube video which is six seconds long and This must be it Says description is well done. You are find me and the video Has this this image here. It says flag a little bit of magic. So that's it That is our flag that we can submit and You saw that in the text that I had the solution that I jotted down But that's really all I did. I didn't do anything like extreme I didn't use any cool or fancy Forensics tools to be able to look at Google Chrome and recover Google Chrome's like data settings and Stored cache and stuff like that. I literally just ran strings on everything and look for a flag so That's what I had done. I hope to know I wonder if anyone like once the write-ups actually released for the CTF or if anyone can fill me out on some cool Utilities or cool tools to be able to recover like Google Chrome data and stuff like that Until then I guess I'll just deal with strings on on everything. There's our flag You can submit that and get 500 points. So a good a good challenge, but just a interesting unique interesting tactic Interesting and unique tactic sorry jumbled those words there is just running everything through strings You can do that with the fine command and just looping through every single one of them. So sweet. Thanks for watching guys Hope you're enjoying these and I'll see you in a later video