 What's up, everybody? My name is John Hammond. We're looking at MITRE CTF, the capture flag. This challenge is the 50 point web challenge, and it's called super secret hidden service. So the challenge prompt here is just a link and then the URL to this IP address here. And we have just a little, okay, insert your connection. That's fine. We'll just roll through these as usual. Add exception, blah, blah, blah. But we get nothing. This page says, 421 site, this IP address is not served on this interface. Control U gives us nothing, right? Robots.txt. Nothing there. Looks like it returned it no matter what I had in there. So literally whatever we enter, it just tells us this error message. So I had Googled this. I tried to do a little bit of a research. Site is not served on this interface. Try to Google this a little bit. Looks like the caddy community. Caddy, 404 site not served on this interface. Caddy server, it sounds like there's just a lot from all the research that I had done and from all the reading that I had done, it was able, pretty simple or at least logical to deduce that, okay, maybe this is a caddy server. I had done a little bit of research and understanding. And I was talking with people in the Discord server. We were banging our head against the wall on this for a while. If you aren't in the Discord server, you should totally come hang out. That's an awesome think tank. And someone had said, like, someone who had solved it, had said there's literally everything that you need is on the webpage. I'm like, what the F? What does that mean? What the garbage? So I Googled this more, looked through it. And I tried to think of, am I missing something? Is there something clever that I'm just not seeing? I couldn't tell what it was. And then eventually, my eyes came back to the certificate. And I was wondering, why is this HTTPS? When all the other challenges, seemingly anyway, now in hindsight now that I've gone through more of them, but they're just regular HTTPS. If it's HTTPS in a CTF challenge, like if you're seeing SSL or HTTPS in a capture the flag task, it's there for a reason. Like everything that's in a CTF challenge has got to be there for a reason. So why? Some of my Google search, some of my readings had stumbled upon one kind of, this link specifically, it said, catty serves wrong SSL server for a site that's not served on an HTTPS port. And I thought this was odd because I read about it. And then I went through and they mentioned there, it's had a host file. And I was like, Oh, my God, is this like some virtual host thing? Is that not served on this interface? Kind of a tip of the hat or a nudge to, Oh, it needs a domain or it needs something specific as a virtual hosting thing. And then I was like, Oh, domains, right? Domains are stored in the certificate. So I'm like, Okay, let me dig this out. Let me let me actually open this up. Let's see what the certificate is. If I check out more information on this thing, looks like a website view certificate. It's a caddy self sign. Okay, so that confirmed that is caddy. And I opened up the view certificate, got some details here, we can explore it. I just try to look through each of these to see if I get anything interesting like a domain name or something. And then eventually, I found, Okay, we have a DNS name in the alt name, the certificate subject of 138, the IP address dot xip.io. And I was like, What is that? Do I need to set that in my server host file? And I added it in and mess with it. And turns out I didn't need to do that. Now that I've kind of relived this challenge a couple of times over again. But it's funny, had I actually just looked at that originally, like had I read through the prompt to access this on an insecure setup, like if I open Firefox again, just create a new prompt, a new page for it, let's go to that location. And I don't know if I maybe I need to close this other Firefox. I'll do it. You know what? I'll do it for you guys. Just for you. Let's go to this location. Okay, let's remove the certificate. That's probably all I needed to do. I'm an idiot. Remove exception. Great. So having seen this prompt now, if had I not just steamrolled over it like we always tend to, it says the owner of this site has configured their website improperly. Let's check out the advanced stuff. It says this uses an invalid security certificate. The certificate is not trusted because it's self signed that I would expect. The certificate is only valid for this. So I'm like, Okay, that must be a thing. I didn't know if I needed to set an IP address for it and set our host file. Eventually, I just tried. Let's go to this location. Let's try and open that in our URL. Address bar. So HTTPS though, right? Because it needs to have that certificate. So I enter that. And this tells me, Oh, your connection's not secure. Check out advanced. But it says the certificate is not trusted because it's self signed. It doesn't matter. It seems at least be valid, right? So add exception. Yeah, okay, let's do it. And there's the flag. Like that's it. I didn't I from what I understand, there were a lot of people that were like, tweaking out over this thing, like the site's not loading for me, the page isn't working, what's going wrong, etc. And you just kind of need to be really super duper observant and everything in the page. Check out the certificate. Always check out a certificate if it exists. And that's honestly my like learning takeaway right now is if you're given a certificate in a CTF problem, it's probably there for a reason. So dig through it is does it have a domain name as having the other information email addresses, usernames, stuff that you might just find any information you can like latch onto. And that's that it gave us this IP address. And some of the research helped us find with caddy and stuff. And that's great. That is also necessary doing the research and just banging your head against the wall. But that's that that's that challenge. You can submit that get some points. And thanks for watching guys hope you enjoyed this. This is a lot of fun. I love recording these videos. I hope you guys really enjoy watching them. Thank you so much. I'm looking forward to join into the next CTF. I think TAMU CTF is gonna start or already did start. But now that minor CTF is over, I want to jump into that. So thanks for watching guys. If you liked this video, please do like comment subscribe hope to see in the next video. Love to see you on the discord server love to see you on patreon PayPal. Thank you. Thank you so much. Never say enough.