 Hey, YouTube video right up for ICTF 2018. We actually just made it to third place. We solved secret recipe Tied for seconds. So that's kind of neat. Just wanted to showcase that. Anyway, let's jump into real good stuff This is the third web challenge for the competition And I don't know how to pronounce this name because I don't speak Icelandic But whatever it the challenge from here says Eve wants to make the hottest new website for job searching on the market and avid PHP developer she decided to use the hottest new framework Laravel I don't think she knew how to deploy websites at this scale However, and it gives us a length we can work with and navigate to so let's go check it out in a new tab And it says okay. Welcome This is a site neat. We can view the source look at stuff if we particularly wanted to It looks like there's a lot of stuff going on that is supposedly with the Laravel PHP debug bar We can totally take a look at this if we want to I poked around and looked at some of the request variables and The views see if I could reach any of them, etc. Etc. I'm trying to access some variables But it didn't end up actually getting me anywhere While I was poking but it was kind of neat to see. This is the first time I'd ever actually Seen this PHP debug bar or anything kind of with Laravel, I don't know testing and stuff like that Cool so if you poke around you can actually go to other web pages up here this navigation bar has the home page Which we're at and the jobs which looks like it just gives us a listing of different kinds of jobs So if we were to click one software developer looks like we could potentially apply to it if we were to give it Like information so blah blah blah blah blah We hit apply here, but nothing else happens So if we wanted to go back home or if you've been jobs again get the back button Whatever you want to do you could do this over and over again and explore some of them But none of them particularly do anything so at one point while I was poking around I kind of just stumbled upon this and it sounds like at least through conversation in the discord and through other people That this is just kind of what happened with them as well They stumbled upon it and it happened on accident where let's say you were looking at a job And you went back to click on jobs and it would move you to Jobs jobs in the URL and suddenly you would be popped at a Like stacked like trace back an error message an exception thrown of for Laravel This is the debug that you'd normally see if you found an error in Laravel programming So you can see okay, we've got the flag right here. I CTF you found a bug. That's pretty neat fine Interesting thing though. What's actually happening is that okay? It must be getting these aliases from other functions that may be reading it from a file or something But so since we could normally just view jobs very very easily by clicking on the link if we were to view the jobs page Or click on it. Wow already at the jobs Like a specific job Input page like a apply page for whatever reason. Okay, the routes got messed up. We jump in we get an error and I CTF you found a bug sending what happened if rather than a job data that we had seen or known Weren't there like if I went to you, please subscribe. Obviously we get the error message in the debug thing We could probably scrape this out if we particularly wanted to Let's make this challenge like third web If I could curl this maybe Gross whatever Let's grep for only I CTF and looks like we find a couple hits. Let's just get the first one and Let's make this quiet Am I not doing that right when I say curl tech you maybe? Okay, it looks like it is curl tech s for silent and I instead one head the first I just want the first occurrence not all of them because I was getting the very very last one that had a very long line So let's put that in our flag dot text and we can certainly just copy this and make it our get flag script So just kind of an easy regular expression steal the flag out just fine Make that do its thing and Then we are good. Perfect. We can mark that challenge as complete and we're done. So Just poking around just exploring Doing a little doing a little reconnaissance in our own homework quick shout out to the people that support me on patreon Thank you guys so much. I cannot say it enough one dollar a month or more on patreon I'll give you a special shout out just like this at the end of every video Five dollars or more on patreon will give you early access to everything that released on YouTube before it goes live So since I'm recording all of these video write-ups in bulk after the game is over and I can actually share them without being prosecuted by Game administrators not not actually prosecuted just you know flame wars on Union stuff You could you could view them all without waiting for YouTube to schedule the uploads They'd just be ready and available in a shared Google Drive folder. So five dollars a month That's all if you did like this video if you're into CTF's you're into infosec you're in for cybersecurity blah blah blah Please do join our discord server link in the description cool community of CTF players programmers and hackers You can hang out with me and other really awesome people sweet Thanks, please do like this video comment subscribe share all those other YouTube algorithm stuff. I don't know Get out of my face