 Hey there YouTube, this is John Hammond with another Pico CTF 2018 video This challenge is the in-and-out error for 275 points has a lot of solves It's just the general skills category and I don't see this challenge as that hard Maybe it's just I don't know something that I've got to learn about Linux like all the while I've been using it so it wasn't difficult, but uh, whatever the challenge won't is can you utilize or? Utliz utlize Standard incident out and send an error to get the flag from this program You can also find it at this location in the shell server. So let's go ahead and download it and play with it I've got a terminal open here. So let's W get this file here and We can mark it as executable because it is just a binary when we run it It says hey there if you want the flag ask nicely floored Please enter the phrase please may have the flag Okay, that's fine enter that thank you for asking so nicely floating point exception and core dumped Maybe this doesn't have the exact same functionality on My computer as it does on yours. I don't know I think it's because it needs a fake flag to be able to read out and work with So if I were to have like my own flag That's maybe the program could open up and use then it could probably handle this But otherwise it gives me that floating point exception. Okay, so it looks like there's a lot of garbage coming out there So let's use the real like binary that's on the shell server. So I just want to copy that location And I will go ahead and SSH over there as soon as I get my touchpad to play nicely with me So I will just SSH in Go ahead and enter the password For your account and then change directory to that location that already has a flag dot text in there that we can't read We have to use the binary for but I'm assuming that's what the issue was earlier So if I run it now on the shell server with their flag try and run the in and out error program It says please may I have the flag? Into centered input and it gives us all that nonsense. So we can take advantage of this, right? It's not too hard to simply pipe in or echo some standard output into the standard input of another program So let's do that. Let's just echo. Please. May I have the flag and now that that's on standard input We can pipe it that vertical bar the shift formation of the backslash right above your enter key Into the in and out error program. So now it will give us all that information Took a little bit of time and now it's a lot of garbage though, right? So we want to Work through this and see what we're dealing with so and inkling or maybe a good guess or estimation is that well If it's telling us to deal with the three standard streams standard input being number zero Standard output being number one file descriptor and standard error being number two We can work with these while we're getting information out of a program, right? If I said I want standard error So I would say just the number two following the program or the command that I'm trying to run And we can redirect it with that greater than symbol or the walk-a-walk-a to a different location If we put it to DevNol, which is just kind of a digital trash can on your Linux computer or a bit bucket there It'll all go away and it won't be visible. So now we get only standard output visible to us And we are gifted. Thank goodness. What a miracle with the lyrics to Rick Astley's never gonna give you up So no flag in this. Let's try our other option. Let's try standard output And that's the file descriptor number one we direct that to DevNol and now we get a lot of nonsense here But clearly this is the flag. It says Pico CTF piping is a thing and then some hex identifier So my flag will be just different than yours. Let's go ahead and submit this right? We solved it. We got the flag. If you want to we can take note of it And remove our fake flag or one that we use locally to test But please do subscribe. I dig that and we can mark that challenge as complete, right? Not too difficult. If you want to automate something to connect to the shell server and then run that command and do it all You are more than welcome to but I don't think it's necessary for this video. Just a simple Hey pipe in some standard input like redirect some standard error and or standard output in this case and just read on standard error interesting thing Thank you guys for watching. Hope you enjoyed this one before I go I want to give a quick shout out to the people that support me on patreon cannot thank you guys enough $1 a month or more on patreon will give you a special shout out just like this I know it's not a lot just a little bit of that feel-good feeling get your name up in lights helping a helping out a dude Just you know get some air and feel good fives So $5 a month on patreon a little bit extra, right? Not a whole lot But just gets you the early access content that I release in a shared Google Drive Anytime I record a video it will be added to that and you can receive that just before it's uploaded on YouTube So some early access I've been in the funk lately and haven't got a whole lot of videos a whole lot of videos out and ready for you But I'm grateful for whatever you're willing to help support Please do join our discord server link in the description It's a cool community full of CTF players programmers and hackers a lot of smart people They're certainly smarter than me and it's just awesome to crank on a CTF together or some programming challenges or any other thing Interesting to just be part of the community Please do like comment and subscribe love to see you guys in the next video and take care