 What is going on everybody? My name is John Hammond. I am joined once again by my friend Sinister Matrix. What's up again, guys? Back for another one. Sweet. Three times a charm. We're taking that. Oh man, I'm so bad at interest. We are taking a look at BCACTF. This challenge is for the night is dark, 1 and 2. This is their quest category. It was kind of neat, very cool. It originally started at 200 points and would slowly lose point value as people solved it. I think that was a sign static to each person. So kind of a neat trick. It says, hello traveler, welcome to your quest. You must walk the red lords shining path, guided by his shining stars. Here's a picture of those stars. A map, if you will. May the lord of light give you wisdom. And as more heroes complete the stage of this quest, fewer points will be available to future teams. Okay. So we have a file to download. I do have it downloaded already, but I'm going to save it because I don't think I actually put it in that correct directory, so whatever. Let's create a directory for this thing, quest. And we'll save that. And I lost my terminal, so we'll fire it up. That is in my BCA directory. And quest. My bad. Let's go to YouTube. Quest. I'm showcasing some of the secrets from when I solved it for realsies. Okay. So if you take a look at this image, it is in fact just a black picture with some slight, I'm zooming in right here, red pixels scattered here and there and sort of a mess. And I'm assuming those are the stars, right, and the red that we need to guide ourselves to the flag. Right. If you wanted to take a look at the hints, you totally could. I'm more than confident. You people, you viewers, you lovely lovelies would be able to look at these and know what to do without looking at the hints, but it says one per row top to bottom, so it clearly means checking out each pixel by pixel. And then maybe the brightness of the stars means something. And again, I think we would have figured that out. We've done a lot of challenges like these before. So let's go ahead and write a script to do what we know we need to do. Let's carve out what all these pixels actually are, get their color values. So I'm going to use pill to do this. I'll showcase it so that Sinister can actually see. Let's go ahead and open up that image. And it is StarMap.BMP. Is that right? Yeah. Bitmap. Yeah. Okay, cool. So I'll use IMG. And then I'll set data equal to image.load. And I like to go ahead and grab the coordinates or like the dimensions of it. Size equals width and height, width is equal to image.size. So now that we have data, we should be able to like actually index at whatever color position that we want within the picture, and we can extract out the color values. So I will use for X in range width, and then I'll do the same for height. So we'll go Y in height. We'll go bit by bit, pixel by pixel throughout this image. Let's go ahead and print out the color. We'll extract that as data given at that X and Y coordinate. And let's check out what we're seeing here. Print out that color and let's display this. So 0000, right? That's a lot of black. And occasionally we see some red and that has to be our actual stars, right? Those red colors we were viewing. Let's go ahead and extract those out. We can say if color zero, let's keep track of these. Let's say stars, give it an list, let's say color zero, stars dot append. So I'm using that if statement to say if it actually has a value other than zero, right? So at the very end we'll be able to view all of those stars that we have. And now we have a long, long list of colors. Note, color's red in this case. Do you notice anything about these, sinister? Honestly, they kind of, just from looking at ASCII tables and stuff doing multiple CTFs of the likeness, it looks a lot like ASCII character codes. Yeah. These are all in the range zero to 255. So those may very well be ASCII characters. Let's go ahead and kind of put together the character rendition of X for X in stars. And let's join that so it is going to be displayed as one full string for us. If I print this out, I kind of get nonsense. I looked at this and I didn't really know what to do with it. It's not base 64. It's got some special characters in there, colons and periods. That's not base 64. Clearly it wasn't Rot13 or any Caesar cipher. I wouldn't know what to X for with this because it doesn't really look like binary data that I would be able to X for anything with either. So I started this for a while and didn't know what to do. But eventually I got to thinking, when it told us one per row top to bottom, I realized, oh, I'm totally indexing these in the wrong way. If we want to go horizontally first, that's going to be the innermost loop. So Y, our Y loop will be on the outside. And our X loop is going to be what's happening first, horizontally, slowly, row per row. So now if I print this out, that gives me HTTP colon slash slash, and that looks a lot more like something worthwhile. We can fire that up and it tells us, hey, good job on your first quest here of light. I'll reward your effort to the flag as I hear those are what you're kind hunt for. So that is the flag for stage one. You can go ahead and submit that. And at stage two, if we examine that, that can be found at this page that we're looking at currently. Your journey does not end here. Now we're looking at the trial by fire and there's a link to take a look at this. It says, entered the secret here. I think it's obviously please subscribe, but that didn't do anything, nor did that. So it doesn't look like it's actually even doing anything. I don't see my page refresh. I don't see any new stuff go through. So I thought, let me look at the source code here and see what we're working with. So I got curious about this JavaScript down here. I see a stage two.js, and I wanted to check that out. So that looks like a little bit more code jQuery, right? When we submit on the target, it grabs the current value of that input, and it tries to MD5 hash it, which it looks like actually came from this MD5.min. So it looks like they already have some code they're trying to include to do that MD5 encryption, that hash. And then all this stuff would happen if we have this hash. I don't really know what any of that is. Looks like a bunch of nonsense to me. Some encryption that it's doing and creating a new location. Anyway, all of that would happen if we have this hash. So we might as well just check what that hash is. Can we track it down? I'm going to go to crackstation, because that's super easy, super simple for password tracking, hash tracking, do a little capture here. And that says dark night is what we're looking for. So let's try and just enter that and see if that gives us the right hash, and it does. Stage three. So you can discern truth soldier, maybe you could be the storied one after all. And that is the flag, and apparently there's a task three, but it's not really a thing. Literally there's nothing else in the page. I asked the organizers and they said, yeah, it's not a thing, it's not real. So that's that. That was some simple pill, Python image library to solve the first portion, and then just reading some JavaScript and tracking down that hash to crack for the second challenge. There you go. That would be, what, 300 points in the game? Yes, sir. Good stuff. Alrighty. Well, any other thoughts, Sinister? What do you think? I like this challenge because, you know, a lot of challenges nowadays have images including in them, and, you know, using Python to go through those images is often an important part of going through CTFs. That's true. Yeah, I do see that a lot, and they do a lot of tricks with them. So pill is totally a good thing to have in your back pocket, and I don't think the syntax is really that hard. If you want to carve through those colors and those pixels, just grab the size, get the data when you load the image right, and then you can loop through and index it like an interesting, peculiar array there. Cool stuff. Alrighty. Well, thank you guys for watching. I hope you enjoyed this. If you did, please do like, comment, and subscribe. Join the Discord server if you'd like to hang out. There is a link in the description. You can party with me, party with Sinister, and tons of other crazy cool people that are way smarter than me, both of us. Both of us. Both of us. Yeah. I'd love to see you guys on Patreon. Love to see you on PayPal. Thank you so much for your support. Whatever you're willing to help, I am so grateful to have. Love you, be part of the community, and build the channel and watch me grow. So, thank you. Love you. See you in the next video.