 Okay, this video is part of a series. Hope you watch the previous ones. We're going through the 2018 Google catcher capture the flag and again, I Came across this by watching live or flow and John harm him and I don't know I always say his name wrong the first time John Hammond on YouTube check out their channels. They're awesome Again, you can go to git lab comm 4 slash melex one thousand four slash capital CTF And there you can get all my scripts that I'm working on this. I'm trying to automate All these as much as possible. This one actually Automates it most the way for you. You're gonna have to do a little bit of work We're gonna get into using DOS box and it's debugger for this particular project here We're actually going back over to where is it? There's floppy floppy to So in the previous one we downloaded a a attachment which is a file we extracted There was an icon file in it. We use bin walk to extract a file from it There was a text file in there Which was the path of the flag that we needed and then there was also a Dot-com file and it said ww.com which is not ww.com Which is actually the first place I went just because they named it that it was kind of confusing And I started looking at the source code for this page And then I realized it was because if I go to it, let's let's see here. I have Let me go ahead and real quick Into my script here and I will download that file So we'll download that unzip that Which gives us the icon file and then I can Bin walk through it and walk dash e to extract everything from that foo icon and And then we can if we list out everything inside the underscore foo dot icon dot extracted We can see that there's a ww.com file and what threw me off is because I did a file on it Like this which tell me what file type it is and it just says that it's an ASCII Text so I didn't really look in it at first Well the first project you didn't really need it if I do the same thing I can cat it out and there's some gibberish What seems to be gibberish and then some plain text here? and If for some reason it wasn't I just I think it's just because they threw me off because of the www I know this dot com is basically the same thing I'm sure technically price and differences as a dot exe on a Windows system If you go into your if you're on a Windows machine go into Windows Folder Sys32 there will be a bunch dot com files in there command dot com is one that comes to mind and most of those If I it's been also really played with them like dot coms can be renamed dot exe, but not the other way around But basically they're executals. They're usually a binary. I don't know why when I Run file on this it's telling me it's an ASCII text file. That was that's interesting Now I want to learn more about dot com files, but in general, they're just a Windows or DOS executable I don't really think I think the dot com files on a Windows system are probably just old files that are still there Don't quote me on that But they were more common back, you know, it's dot com a short for command Anyway, so what you can do is I had DOS box installed on a machine DOS box And I can give it that file. Oh, I got out of the folder. I was in Floopy floppy to DOS box and if you give DOS box a file it will automatically Mount that the folder that that file is in as a C drive and try to run it. So We should be able to do this There we go. So it ran it and basically that program Just outputs this text message, which we saw when we you know, just cat it out the file So that doesn't help us any but doesn't show the gibberish in there so what we need to do is use DOS box debugger and normally what you would do is in here you would type in debug and WWW comm and hit enter I get a little command. Another thing is to run the command and hit alt Pause on your keyboard, which doesn't really do anything for me here. And that's because DOS box in In most cases like this I got from using Pseudo apt install so it came from the Debian repositories It doesn't have the debugger built in by default because most people don't need it So what you need to do is recompile it with the debugger So if we look in here, let me real quick just clean up You know stuff I just did because we don't need all that That's directories, so we need to do this. Okay So I have my floppy code here So that's what that will do is download uncompress extract that file and then run the DOS bug debugger Which I actually have compiled DOS box here in this folder for you Already with a debugger in it. So it's actually under if I do DOS box That you know that full if I do you have to dot slash that SRC for source and then do DOS box I'm running that copy of DOS box and you can see the background here in my original shell is different That's because that's the debugger output. So let me go ahead and just exit out of this If of course it's compiled from my system. So if you're running a Linux 64-bit browser that should probably work for you But if you're in some other architecture, you might need to recompile it So I actually made a script here called make DOS box, which you can run All it does is you know, I set this up for a Debian based system It's going to install as far as I know These are the only dependencies you need you need GCGCC Which is the compiler make and then you also need endcurses because that's what it does it uses for The output in the background there in the main shell here So then I download a the source code for DOS box. We can get to different places. I'm very leery about downloading Applications and compiling them and executing them on my machine. I trust the doc DOS box people I also want to make sure I got from a server I trust so I'm actually using a Debian server here Just pulling it from that you could actually set up apt or apt to get to pull down source code I know you can you can do that. I haven't really looked into that But I just quickly googled where they pull the packages from this is one of the options I download it. I extract it. I remove the original then I move into the DOS box folder We just extract it. The first thing you need to do is run autogen, which actually should have Let me fix my script here real quick. That should be Slash autogen so when you extract it if we move into our DOS Folder here or DOS box folder here. There's a file called autogen You got to run that first and then you want to run dot config, but not just dot configure dot It's actually dot configure if again, if we cat out my Make DOS box file here. You actually need to say configure Dash dash and able debugging equals heavy So you do this that runs real quick you do this that runs real quick and then you run make and Make the first time you go to compile it. It's probably going to take it took my system One or two minutes not too long and then you can run the DOS box with the debugger Once you do that So let me go ahead and run my floppy which my floppy script Which assumes you're going to use that or a compiled version of DOS box, so we're gonna run that Extracts it and here. I'm giving you a message Once DOS box is run in press alt pause then in This window not the DOS box window use the down arrow keys until you see the flag and that's it So this script is mostly automated. You're gonna have to do a little manual and stuff So I'm gonna hit enter. It's gonna continue. So now it has run our WW comm Command I'm gonna hit alt pause and that pauses DOS box. I'm not gonna drag this over here So it's not in the way. This is our debugger back here back in our original window My system. It looks kind of messed up. I found that if I just resize the font in my shell Everything goes fine. So you can see down here You got here. You got this basically it's a hex editor viewer of basically the memory of DOS box That while it's running here and to scroll through this you use page up and page down then it looks like here like it's giving you some Assembly code you can use your arrow keys to go through this and if you understand assembly that might help And then you can also type commands down here if I just type help it's going to Add it down here, and then I can use my my right here to scroll on this section use your home and in key so I can hit and Home scroll through this so you see I already typed help and it gave me this little help output here But but all we need to do is press down page and you can see we're scrolling through here So basically we start DOS box We ran our command and then alt pause to pause it and now we're in the debugger And we're looking at the ram of the machine that's been captured and I'm just gonna hold down down page I'm gonna keep going keep going keep going. We're going to see our Www.com wording a few times here, you know what I probably There might be extra stuff here because I didn't hit alt pause right away So there's might be more stuff in RAM because I don't think I normally go down this far, but let's just keep going Okay, yeah, here we go again to the Www. Oh So right here. I Wish I knew I don't know much about this debugger. This is the first time I've used it I tried looking through the help for a search feature because it'd be nice if you just search and then search CTF But I didn't see a search feature But basically copy this and paste it and then come here and copy and paste this at the end Into the Google website and you have your flag. So this one. I wasn't able to completely whoops completely Automate it but But I was able to do most of it for you there. So That's it again, I will I'll go through that again real quick So you go to my code you type in floppy.sh once you're in the floppy 2 folder It's going to a download extract. We're gonna press enter Alt P then we can pull this out of the way and at least on my system Everything's messed up back here. I mean I can press Start pressing down page But to make things look proper. I just resize my font over here and Now again, I just keep holding down page down page down page Until you see that group of text with a CTF in it Gotta keep going keep going keep going keep going keep going keep going keep going keep going keep going keep going lot of Noel characters in here some auto batch stuff from when DOS box, I guess started running and it ran the auto bat Auto exit batch file, whatever it was and there we go. That's where you find your flag That's it. I think if you're watching again this part of series be sure to check them all out I thank you for watching visit my website films by chris.com. That's Chris decay There's a link in the description you can search through all my videos there and look I have some DOS exploring DOS, okay, and That's about it. You can support me over at patreon.com or through PayPal here Check out the links in the description this video for more information as always. I hope that you have a great day