 Hey internet, how's it going? This is John Hammond showcasing more of the Google capture-to-flag competition that happened just recently this past weekend Before we dive into some of more of the beginners quest challenges one another shout out to live overflow Super cool guy does a lot of awesome YouTube stuff and we work together a little bit for this captured flag competition Hopefully we'll do more. I really appreciate him and you should check out some of his content. So let's dive in Moving to some of the beginners quest challenges This is one of the later miscellaneous ones as you move along through the top northern paths. I guess I get I guess This challenge is called security by obscurity Read in the content screenshot you found some guy named John created a firmware for off-up router Sort of an eyedrop drive cloud sure you fetch it and the John packed firmware with an unknown key Can you recover the package key? Sure? Let's download this and Create it in a new folder in our CTF folder security by obscurity As I type that safe cool. Let's get a command line open and see what we can work with move into that directory security by obscurity it is a Zip file as with most everything that we've been seeing so far. So let's create it security zip Cool, let's unzip it. Whoa, and we have a thing here Long file name password dot X dot ABC blah blah blah with periods in between it. What is that? Oh It's another zip archive. Okay so This gets to be an issue Because I'll show you if we make this a new zip archive and we try to unzip that password one it Inflates another long password thing And you'll wonder what this is and of course, it's another zip archive So we have lots of nested recursive zip archives So what I did in this case when I was going through this challenge was I actually moved the original zip archive to a Original dot capital zip file extension So if I wanted to I could still unzip it just fine But I wanted to use a lowercase zip extension to note what I'm really working with here because I wanted to do this in in a Automated way. I wanted to write a script so I didn't have to do this by hand. So what I did Try remove password And I I'll remove the original one as well. So I if I were to unzip original dot zip. I have this thing so Let's try To write a script now. Whoa, I just deleted what I wanted all along. I'm a fool. Okay, let's redown all this thing and Get back to where we were Let's write our script now nano. I'm gonna call this ape dot sh bin bash So what I'm gonna do is I'm going to unzip Original dot zip Let's do that quiet and that's wow read Let's cat everything LS sorry LS everything. That's not a capital zip. So if I were to run this We can see we get And let's actually remove the script in here Let's filter out the zip the script as well grip tech v ape dot sh So we're just getting what we what we extract Let's do a wow read line on this So I can work with that file and Let's move that line to a line dot zip Good and let's unzip that zip where we were Let's see How far we go I guess We actually don't even want anything that Has a zip extension in it because if we're just getting the most recent the most recent zip archive Let's actually grip tech v for regular zip files Now let's try it unzip That happened just fine if she should begin Okay, now we're just doing this over and over again. We're not actually while looping Let's modify our script. Let's do a while true While true or while one Let's do This over and over and over again Let's LS for things that aren't zips and then let's Try it Goodness gracious. Okay. Looks like it starts to break at some point now we've got a ton of stuff, but let's see How big they are? So the smallest one down here I used to LS tack L to see the size here because this this number it determines the bytes or how big the file is So let's see why it broke and that says running file on it. That's because it's not a zip archive now It's an XZ compressed data. So Let's move him to New dot XZ and let's remove all of the old zip files that we were working with So if I nano my script We can get back in here and we can comment out what we were doing to begin with Let's on XZ Original dot or Hmm Because what if we what is actually this thing? Oh just new It'll remove the file extension, but of course it's still another recursively compressed archive so Modifying our script we can un-XZ Or move new dot XZ and then un-XZ that new dot XZ so over and over and over again We will be extracting this Move new to new dot XZ. So it gives it the file extension then un-XZ can actually extract it and It breaks because oh we have password here again Okay, it's gonna keep its file. Is that right? Oh now we have B zip to compressed data. So What is this thing? No, I don't know where that is. Let's let's move new to new dot BZ to Let's change our script to now move to Comment this stuff out Create a new segment for that. Let's move new dot BZ to and Bunzip to So move the new without an extension to new with an extension and then bunzip that BZ to with an extension So we're putting the extension back on after we've extracted it Because if I were to bunzip this one new dot BZ to it's just going to be new without the extension But as we are finding out we have B zip to compressed data. So Let's run our script it extracts it out Now we have new dot BZ to and that's now G zip data. Okay This is getting kind of old But at least it's not too too difficult to work with Let's move new to new dot gun zip or G zip and let's gun zip new dot GZ That's a gun zip new We have to move it to begin with So it has the correct file name run ape Now what do we have? Now we have a regular zip archive. Let's move that to new dot zip. Let's try and unzip That's oh and we have password dot text and it's asking for a password. Huh, okay? Let's try and run fcrack zip Let me get a dictionary file Rock you dot text. I Know I have a copy of it somewhere on my file system probably Okay, put it in our directory. We can remove the giant password one because that's not important And now let's fcrack zip If you don't have a fcrack zip you can sudo app and solid if you need to Tack D for dictionary looks like and Just the file Is that all fcrack zip? tack D for rock you and then new dot zip do you need to tack P there? Okay. Yeah, whoa It thought everything worked. That's not how to do it. I Got to admit. I literally always forget how to use fcrack zip I'll be completely honest with you. It's one of those things, you know like tar Okay, here's an example tack V Tack you why does it? What do we need to tack you for? I'm sorry, you guys shouldn't have to watch this This is not interesting use unzip try to be compressed. Okay This weeds out false positives Okay, sweet. Now ASDF that looks like the password here unzip new zip ASDF as a password now we have a new file Password dot text and we have our flag. Hell. Yeah, CTF compression is not encryption perfect Let's actually move that to flag dot text and I'm not gonna write a good flag script for this but We kind of have one than that ape dot sh thing that we were working with but it's not particularly very good Let's submit the flag here and Mark this challenge as complete Thank you guys for watching. I know this one was kind of cheesy because we were just modifying a script rather than getting a Very elegant one and done thing But hey that showcases the process that showcases what we were doing because who knows how many times that was recursively Encrypted not not encrypted. I'm sorry, but compressed or put into another archive. So thank you guys for watching Hope you're enjoying these another shout out to live overflow. Check out his material if you haven't seen it before Hopefully we'll do more cybersecurity capture flag stuff again soon together If you did like the video press that button, please like if you're willing to leave me a comment Let me know what you think what else you'd like to see. Please do if you're willing to subscribe I'd love that. Thanks again. See you soon