 What is going on guys welcome back to the YouTube video still looking at the Linux Offset Club Wargame you can find online just at that URL Let's jump back into it. We were just at user seven and Let's go connect and try to see what this level is like Linux Offset Club We'll paste in this password that we've got here and All right, where are we at now? We can just cat out this password attacks Okay, it tells us nope. Just uh Just nope don't know why that is is that Is is is that just what is in this? Okay? No the the file 16 bytes not only for not only those letters of cares Those characters so what's going on? Can I cat to begin with? No, can I cat anything? No Okay, are there any aliases set up? Is there are we trying to nerf the command? Oh, nope Nope nope. I don't know why that's funny. I'm sorry. Okay. No, there are no aliases set up for the cat command So what's going on? What are we doing? Are we running the correct cat command? Okay? No Using the which command I'm able to see the path of where this file what file is actually being executed here We can see we're running user local broke cat, which is probably not What we think it was let's actually just view that file What do I do I have less do do I have less even? No, I don't okay. Jeez. What about more? Do I have more I don't Well, what is my path? Okay, user local broke is the first thing user local broke Okay, all of these things that you would probably expect to use are not working well They're all looks like just bash grips. Oh, yeah, just that just to echo the nope command echo the echo the string Nope, it's not a command. Wow. Okay. I Guess they forgot grep though. So that's kind of a funny thing. You can just probably grep password text for anything Nice, that's a that's a worry around it or we could use the original actual cat command Let's locate it in like forward slash bin. We can run that on cat and that will work just fine. Nice. Okay. Let's take note of that What is that user eight now, yep, okay login for user eight is each piece land 64 cool Let's jump into him. We are logged in and go here cyber chef is Okay, that's That's literally that's literally the file name, but it's there's nothing in there. Okay password text. Ah Okay, so cyber chef a lot of this looks like base 64 you can tell but the trailing equal sign and Let's see what we've got here Cyber chef is an online tool That lets you do some really neat things that you may commonly run into in a Capture the flag competition. So our input here we can paste in and the output is what we can Modify based off the recipe that's kind of in the middle here and on the left hand side all these operations or these things We can do to actually operate on the data looks like in the favorites it had from base 64 You can use that as an option and oh, okay, you can see it's running where That first line looks like it's just the word where but the rest of it is not really Playing nicely with us. So what else can we do? But if if that's under Base 64 data format is where that actually lives rather than favorites we can from base 64 What are all these other encodings? Maybe this is base 32. Let's drag that in Let's turn off the base 64 No Huh What if we remove that part now? Oh, yeah, okay Since that base 64 is out of the way Because we knew that was base 64. Maybe just this part is base 32 and looks like that gives us the word would So where would let's put this somewhere where would Now what's this last bit is this next in the list is base 58 Let's turn off base 32. Oh, we don't have anything else in there. So we can't yet We don't want to we want from base 58. Oh Okay, and known 80 nice that Decoded just fine. So where would known 80 that looks like it is probably a password based off of the stuff We've seen so far. So let's just put that in user nine dot text right cool and Let's disconnect and go check that one out User nine we are logged in cool check out password dot text. Hey this is probably not the password, but perhaps a hash and a Maybe an MD5 hash maybe really low hanging fruit simple one And I I'm saying that because this looks like 32 characters of just hex characters a through F is your through nine And let's test that. Yep. Okay 33 including the new line character Yeah So that's got to be 32 characters of that actual string Let's throw that into like a hash cracker that we could probably just find anywhere online Crack station will work just fine. I know that's like the pretty easy default. I'm not a robot Crack these hashes. Okay, cool success shark bait is what that actually What that was the original string here It was hashed and performed like a one-way function to turn into this hexadecimal garbage Nice, let's note that as user nine No, my what that is user 10 my bad because I was we were just in user nine user 10 shark bait Cool, let's try and connect to user 10 now Shark bait heck. Yeah, we're in. Okay, cool Simple challenges simple levels in this one a few of the users We able to knock out seven through nine and we'll jump into 10 through 12 in the next video Thank you guys for watching. Hope you guys are enjoying these