 Hey, what's up everybody? My name is John Hammond coming back at you again with some of the Google CTF Challenges solutions only a few of them not really anything big and hefty just the ones that I was able to solve which was on not a lot So all right next one. We're checking out is the Kenya repo at one really like low point value and a lot of people solved it but nowhere near as much as some of the others that were Get even though we're even worth more like more points than this like 50 or so some of the other videos that I did Anyway, the question is do you think the developer of ill intentions, which is a another challenge They have up top here ill intentions. Do you think they have a public repo? They know how they set up a public repository so Here's how I did this ill intentions is just an Android APK so I'd like for hours I was actually spending way too much time on this and I probably should have I was trying to do this By like searching github before like strings that I found in this APK or like Trying to search Google like trying to do some internet scraping with like Google Dorks as to how to actually get this file Etc etc and Find it like online But that didn't end up being the solution for me. Anyway, here's what I actually did I ended up running strings on the whole ill intentions APK and I was doing some perusing in here I found an interesting string that related to git obviously it was just simply git user and Okay, that's what ticked me off it. Okay, there's got to be something in here that actually is like relating to git So I kept poking around and I was wondering like, okay, this looks like a Caesar cipher It turns out like did you really think it was that easy when you break the Caesar cipher? No big deal but this this was an interesting string leet dev 42 Because it had so like me because it was like a lowercase and had numbers I like honestly It didn't I didn't I didn't see it initially or for a long time Like it blended in with all the other random stuff that strings was giving me But I did pick it up eventually that leet developer 42 and I figured okay that has to be username That has to be something so I went to github and I tried to search just by it's Leet developer 42 and it found it finally as a user awesome and it had a single repository Called test app and he joined on April 27. So like okay perfect timing for the CTF. It's all looks perfect and Yeah, he had a whole repository. So what I did was that I went ahead and cloned it git clone test app, okay cool, so I've already cloned it my bad and Now we'll go into test app There's a bunch of stuff in here. It looks like gradle things and stuff for App there's probably more stuff in here blah blah blah leet developer key and or whatever what I did in this case Was I actually just grabbed for everything and tried to see like oh is actually my CTF in here as much as the Is the key is the flag and we're in here that didn't work since it's a get repository I feared okay, maybe it's in some of the commits. So I ran git log I could see first commit initial commit blah blah blah And then this interesting one was oops removing the passcodes. So I figured okay, it's got to be somewhere in the git stuff So I actually ran git Show and that gave me everything that was either added or removed After some perusing I could definitely see the key password is equal to CTF The haircut took a lot of my mind. So we did find the flag. We did eventually find the flag I'll try and write something. I'll try and we'll try and build something that will actually Find this for us or at least run like a get flag script for us Because I want to be able to do that So Hopefully We'll actually get somewhere with this because I haven't I haven't tried to prepare this See if we can write a get flag dot pie script And disregard the current flag that was just shown down there that was for the last challenge Probably something really calling CV or shell I guess I'll call it So we would have normally done we would have done shell Call git clone on This repository right I guess I'll say there's a repo this has to be stringified So you would be able to clone the repo just like that But now once you've actually done that what you can do if that after it has been cloned you can move into it Change directory, I think And the name of it name the repo is a Repo dir can be repo URL dot split just to get the very end of it that is correct Okay, cool. Yeah, and now what you would do is you would run I guess shell dot Check output to be able to see Are we gonna be able to see everything that we would have looked at from the shell? So I'll print out And I have to split this again Okay, so you can see everything if I run git show Now we would have it in there and now we can scrape out that flag with RE again. I'll just call this content match equals whoa Lost parentheses there match equals RE you guys know the drill. I normally do this CTF Okay, so now we get our CTF Is that the Constant for it and for RE No underscore my bad. I should have done that with some of the other ones because You would have to know that. Oh, okay. It's not all capitals in this case So if I didn't have this It wouldn't be able to find it So put that back in here and I'll run if matched Just to make sure it actually does get a match, but okay, that's how we can scrape our flag out I'm really just actually calling the shell command git show which is kind of a hack in a cheap hack But again, I'm also operating on the impression that we've downloaded the repository If not, we can just run it to clone it just like we did a little bit just a bit ago But that's how we can simply scrape it with Python and find our flag for us. So Simple stuff. Hope you guys enjoyed it again It was pretty crazy to like run through that because I was banging my head against that for so long and it was only worth five points It wasn't a big deal, but I knew I could solve it and that's why I kind of tried because so many other people did But again, it was only worth five points Okay, thanks for watching guys Sorry about the like hack and scripting put together thing that I just did that was really gross But I hope you guys enjoyed the video and you're still trying out more of the Google CTF challenge solutions. Thanks See you later