 What's going on everybody, my name is John Hammond and this is the first video and hopefully a long series on Pico CTF 2019. I'm not going to be playing their game or kind of their interactive Unity experience activity thing. I'm going to stick to the challenge problems strictly as they are the challenges like a regular CTF. So that's where I am with that said, I'm not going to be playing the factory secret challenge because that's kind of inside of that little Unity activity thing. It's on one point and I'd much rather do the real cybertech computer nerd stuff. So we're going to do that. Let's dive right in. I'm going to check out this Glory of the Garden challenge. It has about 50 points in the forensics category at the time of recording, which is after the competition is over. I'm sorry, I'm really bad at this. It has 9,368 solves and I just solved it because I tried to record this a moment ago and failed after I submitted the flag, it was stupid, whatever. So here we go. Which challenge says, this garden contains more than it seems. You can also find the file in this location on the shell server and we'll jump into the shell server later right now because we're given a download link, I'm just going to copy this link and we can work with it on our host machine. So I'm going to check out the hints before we get started because it's my philosophy that if you're playing a game, you're in a capture flag competition and they will offer you hints without any repercussions like it doesn't take away points or anything. It is to your advantage to read those hints. Just get an idea as to where you're going, what you're doing, what you're after. So in this case it says, what is a hex editor? So that's kind of the angle that we want to approach this with. If we happen to not know what a hex editor was, we could simply go ahead and Google that. You can see I'm already checked out Wikipedia here. It says that's a computer program that allows for the manipulation of the fundamental binary data with real raw zeros and ones and hexesimal values that we'll see that will represent that computer file. All those numbers and stuff. The name hex comes from hexadecimal. That's that number base 16, right? Represented by 0 through 9 and A through F so we can get 0 all the way to 15. So we could take a look at that and let's do it. Let's just dive right in. I'm going to fire up a terminal here. I will make a little directory for us to work in, move into there. And it's called Glory of the Garden, cool. So let's jump into that. I'm going to use W get to download this file here and we have garden.jpeg. So JPEG file extension, right? We can assume that's a picture or an image if I were to open up my little file browser here. We have a garden.jpeg and it's simply a picture. Nice pretty garden, okay? That doesn't entirely help us because we're looking for the flag right in this capture the flag competition. We want that string or that specific token that will prove, okay, we found this vulnerability or we found the hidden information or the secret that it was trying to hide from us. We exploited the service, whatever the case may be. So this picture isn't really what we want. We want to look at that raw binary data. We want to be able to view this in a hex editor. So in my terminal here, if I get back to it, I'm on Linux and I like to use hex edit. That is not installed by default so you would need to grab it, pull it off from your repositories. If you're on Ubuntu, you can use apt, or if you're on Arch, you should be able to use yay, your pacman, or you could use gex or bless or some other ones that you might be interested in. I'm going to use hex edit. So let's do it. Pseudo apt install hex edit, I need my password here because it's Pseudo and we'll just grab that and pull it down. Okay, great. So now I can run a hex edit and if we want to check on the man page for that, get an idea of what it really does, what it really is, we certainly could. But we should just be able to supply the file name as an argument that we want to actually work with and interact with. So let's check out hex edit, garden.jpeg, and here we are, a lot of noise, a lot of nonsense if you haven't seen this before. On the left hand side, it's showcasing where in the position or what location within the file is this whole line of hex coming from. In that middle section that I kind of have highlighted, those are the raw bytes. That is the actual data that constitutes this file. Once it's hexadecimal representation, and if it could interpret that and translate that into its ASCII representation, like the letters and printable characters that it could read out, that's going to be displayed on the right hand side. So we can see this header here, J5, and that is a kind of special signature for that JPEG file. If we want to go take a look at that with that file command to do simple quick and easy file reconnaissance, we can see, okay, here's reading that initial magic bytes that signature there, it'll tell us this is a JPEG image, and we can open it up just as we did with like I have known or with our GUI as needed to. So if we were still viewing that within hex edit, we would have to navigate through all of this hex. So I'm going to hold down my arrow key for a long, long time, and you can see at the very, very bottom, I'm at 0x15, 16, 1700, and it's growing, it's growing, but we got to get to that number right there. So that's going to take a long time. I think we could hit G, no? Maybe I'm not too hot on the hotkeys for hex edit, I think a better solution for us is to use something that is native, XXD, XXD, given that file name, it'll just spit out all that data printed out to the screen, and we can see at the very, very bottom, Pico CTF, the game organizers, the creators snuck in a little secret message or some information here. They say, here is a flag, Pico CTF more than meets the eye in some kind of lead speak there. So if we try to copy that and work with it, we're going to end up copying the entire rest of that hex dump, and that's not super useful for us. So we can mess with some of the flags and the arguments, the parameters we could give to XXD to just see that output, but because we know it's just getting that ASCII representation, those printable characters, those strings in the binary, we can just simply run strings on that binary. So strings garden.jpeg, pump all that out, and you can see that very, very last line, nice and easy for us, here is a flag, Pico CTF more than meets the eye. If you wanted to grab just that as your output, obviously there's a lot of other nonsense that comes out here, we can just simply pipe that to tail, I'll use tack N1 so I get the very, very last line, N for the number, N, tail saying let's grab from the very, very bottom, and N1 so that very first, last line, here's the flag, and let's go ahead and cut that up too because we can use cut, keep building our pipeline here, here is a flag, and I'm going to use a delimiter with the double quote, so that way this will be the first field, this will be the second, and then essentially the third after it, let's grab that second field with tack F2, and there's our flag, nice and easy, we can save that redirect to getflag.txt if we wanted to, and we can copy this line and just build out a simple little get flag script so we document our solution here, put a little shebang line, bin bash, save that, mark that as executable, getflag.sh, and there it is, cool, okay, if you wanted to solve this with Katana, which is the utility that I put out with a good friend of mine, my roommate Caleb, you'll see him in the Discord server as Alissa Tiger, we can go ahead and activate the virtual environment for that, that's in GitHub, Katana for me, and it's env, bin, activate, now I can run Katana just as a simple command, and we'll specify that flag format pico CTF, this needs to be a regular expression, so inside of the curly braces, I'm gonna use a period to match any character, a star to match as many of them as possible, and a question mark to make that lazy, so I just leak up until a return up until that very, very first closing parentheses, or closing curly brace, and we can actually just pass along the little URL here for that file, I'm gonna copy that link again, and I'm gonna use tack a for auto mode, and paste that in there, Katana will initialize and it will run strings on that after it downloaded and just pump out the flag that it found, that'll automatically be saved in our clipboard, so I can use control shift V just to paste it, or we can go ahead and throw that in the scoreboard, and those are 15 points, so that's that, that's how you solve Glory of the Garden, simple strings challenge, it's what you really gotta go through for your little warm up challenge in a new beginner CTF, so I hope you enjoyed that, hope those were some new techniques if you haven't seen them before, hex editor stuff, raw binary data, and that's that, let's move on to the next couple of challenges, thank you guys for watching, if you did like this video, please do like, comment and subscribe, love to see you guys in discord server, link in the description, love to see you for other CTF, love to see you on patreon, paypal, all the good stuff, thank you for watching, I love you, see you later.