 What's up everybody welcome back to another YouTube video checking out the pico ctf capture the flag competition Getting better and getting started at learning how to be a computer science Cybersecurity professionalist elite hacker someone in the ctf scene So we just finished up the tutorial and now we're at the real game board for pico ctf on the left hand side over here You can see it's kind of a jeopardy style game And that's the lingo and the terminology you'll hear is that there are two kinds or I guess really more than that If you can find them but the most common types of capture the flag competitions come in a jeopardy style or an attack and defend style So jeopardy style is what we're seeing right here, and that's pretty much what's most common Jeopardy means there are different kinds of categories, right? Just like it looks like a jeopardy board here with different challenges You can click on and they're all in a specific category like forensics or cryptography reverse engineering web Exploitation binary exploitation, etc. Mr. Laney's that could be kind of grab-back really anything or random as You get more and more involved and into the scene You'll find out stuff that you love and you're super interested in and maybe you'll want to do more of that and maybe zoom in on And narrow down on what your interests are what you want to get good at and that's awesome like I love web Security, I really think web web exploitation is kind of cool. There's stuff like leak sequel injection There's stuff like local file inclusion. There's stuck stuff like Java web tokens JSON web tokens, etc And I think those are cool. You'll maybe get into forensics or cryptography Maybe you'll do some Diffie Hellman Maybe we'll do some RSA reverse engineering or binary exploitation. You'll do some like return to libc attacks or Rop Crazy cool stuff that you can get into as we explore more and more of this but right now we're beginners, right? We don't know what we're doing just yet So let's get started with some of the easy stuff something we can get our feet wet and learn with So as I'm looking at all these different challenges that we could we could attack The point value may be Maybe indicative of the difficulty or how hard it is. So let's start small I see over on the top right of this left-hand side. There is a thing called internet kitties And that's like the top of the board in the miscellaneous category. So let's try that here. We've got this prompt here Challenge title is internet kitties and we've got the challenge prompt I was told there was something at ip shell 2017 dot picoctf.com with port 40,660 That port number may be different for you because maybe you have obviously you're running a different user on the picoctf game So picoctf and platform opponent that people that that karnag email and the guys that host this game They're really good about making dynamic content. So maybe some of the Like ciphertexts or some of the things like the port numbers you see will be different from one person to the next And that's so you can't really cheat Like some of our flags may be different because it'll have some hex values like strapped on to the end that are different That's so you can't just submit my flag. You got to do it yourself and practice and learn and it's a good thing It's honestly a good thing So how do we get to that? How do we get to this something special? Do I need a ship for the port? That's a joke. Let's check out the hints here Look at using the netcat or nc command Huh, what does that mean? I figure out how to use it. You can run man nc or an nc tac h on the shell or search for it on the interwebs What is a shell? What talk about a command, right? So I didn't I didn't do a good thing here. I kind of did you guys an injustice I explained the left hand side of the screen What's over this big black box on the right side of the screen? So that is a web shell It is a shell It is a command line or a console or a terminal or anything That you really want to call it out of that subset Those are kind of the common words the lingo the terminology that you'll get used to hearing for a command prompt And you've seen a command prompt before like maybe that black box on Your windows computer or something like dos microsoft dos And you just type in commands and you'll get output and things that will be able to Work with work with it. You're using a computer or just not with a gooey with a mouse and Clicking stuff around dragon icons and stuff. You're working at a command line. So you use the keyboard type in get commands So that's what this is. Let's go to this black box and let's try I'll zoom in a little bit. Hopefully to Get a good font that you can read here sweet So we want to take a look at according to the hint check out the netcat command or nc To find out how to use it. You can run man nc or nc tack h on the shell Let's see what that nc tack h. So I just clicked in this black box. I clicked in the shell and I'm typing in nc tack h You can see right beside everything. I'm typing. There's a Dollar sign. I'm sorry an underscore underscore john hamlin because that's my username and your username will probably be there at Shell web and that's got to be the host name or like the computer name for this for the shell server for what we're trying to to work on so It also gives us a little till day Which is the directory that we in at the moment and you may not know that okay that till day or that squiggly line is shorthand for our home directory And you may not know that because you don't always use linux and that's okay because right now Inside this black box inside this shell. We're in linux. We're running linux commands and not windows So because i'm on my windows computer I'm still just using a web browser and i'm in a web shell That I can type and interact with and do things with But i'm doing that because it's On their computer this shell server that we have access to is running linux and we're able to use just a Program in simulated software to to work with it. So we're on linux inside this box Linux is awesome and linux is where we're going to actually do Most of our capture the flag cyber security hacking stuff and we'll get into that super duper soon I want to get your feet wet to get into it But for right now we got to get into the idea of commands command line command line arguments Input and output standard output standard input stuff like that. So let's try nc tac h whatever that is Looks like it will connect to somewhere Whatever listen for inbound blah blah blah and it gives us other tac options that we could Give to the program or have it do things These square braces can say things that it's not like used to That are optional for the program to run like you can see the tac could be tac h or any of them Blah blah blah and these are all the things that we could do with the description on the right hand side And how you do it in the syntax on the left hand side So this doesn't give me a whole lot of understanding. So let's try man and see like they suggested Whoa, looks like we get a lot more text here And i'll zoom out a little bit so this can be seen cool so The man command will return manuals or like man pages or pages of a manual Referred to as man pages of how a command or how things particularly work and they're awesome like you want those you If you want to learn you can read through the man pages and they're always installed and typically always available on a linux system So this command nc or netcat Is nicknamed the tcp and ip swiss army knife so we can do a whole lot of stuff It's a simple unix utility unix being linux essentially Which reads and writes data across a network connection using the tcp or udp protocol Okay, maybe you don't know the tcp or udp protocol is just yet. That's okay. You don't have to Right now We're just going to see if we can take advantage of this program of this tool because nc that command is a program It is a tool. It is like literally a computer program. It's a binary another word for it Just a computer thing that we can execute and have it do things for us So at the same time, it's a feature rich network debugging and exploration tool So it's going to create almost kind of any kind connection you would need and have several interesting built-in capabilities Wow, that's a lot of text blah blah blah Let's use the arrow keys or hit enter a little bit to actually move through this Uh man page and you can use the up key if you want to go through it, etc page up and page down will also look through it and It shows some examples, but for several netcat recipes, please see forward slash All this stuff and whatever that may be maybe biting off more than we can chew here Let's just figure out how to use it through that help page Uh, he can hit q to quit you can see down the very bottom. It says q to quit So just like that the help page that we saw when we saw attack h That will show us how to use it right netcat with options that are optional So we don't need because those square braces. We don't need those the host name. Okay that It should be Shell 2017 picoctf.com, right because that's the computer That's the server that we're trying to connect to and then the port or however many ports. So Is that it? Do we just write netcat or nc? Shell 2017 dot picoctf.com And then a space to separate these because These are arguments these these things separated by spaces are the arguments or the parameters that we give to the program or the command Command being netcat So netcat the command always comes first and then the arguments are what follow the arguments or parameters and other synonym So the next port the next argument that we want to give it is whatever your port is But in my case it's 40,660 So I hit enter to connect to it and it says yay you made it Take a flag and this string of numbers and characters is a flag. That's what we want to submit to Okay, get points for this challenge. So let's uh, select all that Let's right click to copy it And scroll down here. Let's paste in the bottom right We can paste I don't know why that didn't copy. So we'll do that again copy Which is that gonna work at all for me paste? No Okay, I'm gonna try using oh, I hit refresh. Whoops I'm gonna try I tried using the control c and control v Uh the keyboard commands And I think that looked like it was gonna work for me if I submit it there. Okay, cool hit submit Sweet challenge solve you are up 10 points And that's it. We did it we solved our first real capture the flag challenge But just by learning just by reading about how to use a tool in this case They were nice enough to explain to us. Here's here. Here's what you should do Here's how you can attack this problem, but read a little bit learn about how to use it and then Try something experiment learn poke around and tinker see if you can get some magic to happen And we were able to successfully connect to a hostname and port we connected to a service And now we're moving on That's a skill that we're gonna see time and time again in capture flag competitions You're gonna net cat to services net cat to programs all the time So thanks for sticking with me guys. Hope you're enjoying this Um, hey I gotta give a shout out to my supporters the people that love me on patreon Spencer Clark gal Horowitz says okay, atilla or gal off the unruly destroy of world's bastion of terror You guys are awesome. Thank you so much for Spreading the love and really just being willing to go on this adventure with me One dollar or more will get you a shout out in this video or any of the other videos just like this at the end Um, five dollars or more will get you early access anything I put on youtube just a little bit earlier because youtube Will schedule them and you'll have may have a lot of time in waiting for a video to be released when I've already got a record And it's ready to go Hey, if you did like this video, please press that like button Maybe leave me a comment letting me know what else you'd like to see how you solve this or other cool things We can do um and if you're willing to subscribe and if you really want to support me check me out on patreon Thanks so much guys. See in the next