 Okay, this video is part of a series. We're looking at the Google 2018 Capture the flag. We're gonna be looking at the firmware project today again shout outs to John Hammond and live Overflow, they're the ones that brought this to my attention. Also Check out my git lab git lab.com forward slash my looks 1000 Ford slash capital CTF all the I'm trying to automate all these Capture the flag things so I have code there that you can look through and that we're gonna walk through in this video and If you're watching this series the last one I kind of at the end of the video Because it was above my head trying to explain it this one though. I completely understand. I can explain this to you very well So here you have an attachment which you can download which is rather large. Let's go ahead and just run my script here Which is going to download that file, which is 81 megabytes. I mean, it's not huge, but it's rather large It's a zip file when you extract that it's very clear that it is a GZ file and it says right there dot ex t4 and there's our code. So let me go ahead and go into my code here and We'll walk through this step by step So let's go ahead and just count this and we will grab this and download the zip file So we can walk through it step by step. It's it's very very simple My script does have some pseudo commands in here because we have to do some mounting So if you run it will ask for, you know, your your pseudo password Obviously you don't know me if you download my script look at the script before you run it, you know I you know, okay Well, even if you're even if it isn't asking for root privileges You definitely want to look through it. It's what 15 lines of code see what's happening before you run it Because heaven forbid I type something wrong and it wipes out your hard drive or I'm trying to be malicious Which I'm not but you don't know me. So, you know, never download code and run it without looking If it's short like this at least looking at it quickly So download that we will unzip it and then we will gun zip that file and Even though we already have the extension of dot EXT for extensions mean nothing Let's just look at that file with file and we can see that it is a file system. It's an EXT for file system So we should be able to mount it. No problem. So we're going to make a directory called MNT in the current directory You don't have to do that. You can mount wherever you want. That's what I'm doing. Then I'm going to pseudo mount Let me make this a little bit smaller. So I fit all in one line our file here to MNT and Then we can list out what's inside the folder MNT and you can see it's a root file directory so my first few thoughts here was I Listed what was in the root directory, which it would probably say that I don't have permission for Yeah, so we'll pseudo list that out Nothing in there and then the next thing I would do is check the home directory and Doesn't seem like there's anything in there So really we should also be looking for hidden files. So the next thing I would do is this Nothing in there again. Check the root directory. We have a bash our C file and a profile We might want to look at that, but then also let's just look at the the root directory of the file system right there And right there you can see Something that says backdoor password in a GZ file. So let's go ahead It has root file permission. So we probably need to pseudo gun zip that file so and T forward slash dot Media backup or a backdoor password and that should extract it to our current directory Or not, maybe it did it inside the image here It did so it extracted it there. So now we should be able to pseudo cat Actually before we do that Let's just file it out just to make sure Can we even do that without being pseudo? And we can see it's plain text. I just did that just case, you know, it's binary file We can see it's not very big but Just to be Careful or just to know what's going on. We will now cat out dot media backdoor and there is our flag So that that one was pretty straightforward. It was just a gun zip file or G zip file Inside a Linux image that was compresses G zip, which was compresses as it And it was just hidden. So you just had to look so I mean that's usually the first things I do when I work with the stuff I look at what's in the root directory I look at what's in the When I say root directory the root of the file system Then I look in roots home folder and then I look in the regular users home folder, which there were no regular users on here After that, I would have started looking into, you know see what files are in the path directories such as Bin S spin usr bin then also ETC. So that's just you know, the process I would go through for looking through stuff I might have even ran if I didn't find it at this point. I might have I would have done, you know find dash I name Flag like this and just search for any file that had the word flag in it on the entire directory And obviously I would be doing that Yeah, I'm already in that folder so I could do that and it would look through there And you probably want to run that as sudo just in case there is it's not a big file system So it went through that real fast At that point like while I'm looking through manually I might have also I'm just giving you an idea of if I hadn't found it right then there the next step I would have done I probably have done grep dash r I Flag from everything and that's that also didn't take very long And then I would have also looked for CTF and that didn't find it either Why not I'm in that directory. I wonder if that doesn't search hidden files Anyway, that's would have been a step. I did try to grep through every file in the system Should take a long time. I'm obviously typing something wrong with my command. Otherwise, it would have taken longer to search through all those files Anyway, just giving you a train of thought on things I would have tried if I didn't see that file right there But again root directory home directories of root user and other users. Let me sure we look for hidden files Those are the first things you should be doing in situations like this after that then, you know I would probably look at, you know, what processes are started when the system starts You know that init tab and then look at those binaries and see what they're calling blah, blah, blah We didn't have to get that deep into this. So I hope that you did learn something here. I'm going to now pseudo you mount my directory here and I will remove my zip file and the challenge. Yeah There we go. Just cleaning stuff up. Oh now I can also remove the MNT file or folder There we go. My directories clean again, and I can run my script again again, which automates the whole thing We can look at the script, but it's basically what I just went over step by step. That was very very simple one Run here extract it extract it Mount it again the script will ask for root password or pseudo password. I've already typed it in so it's It's saved for a bit and there is our flag and there's the code Downloads it unzips it removes the zip file to keep things clean unzips that which gun zip Automatically removes the original file when you unzip something make the directory to mount to then we mount and then I Unzipped the gun zip file there that was in the root file system And then I here I changed its permissions which I now realized after walking through this again I didn't need to do that was readable once I extracted it. I copied it to the current directory so that I can unmount clear the screen Cat that file out and then you know remove all the you will clean up at the end there So again films by chris.com is my website. That's Chris okay There should be a link in the description if you're enjoying these videos I hope you continue watching this part of a series, you know, be sure to check out the full playlist Go to my website you can search through all my videos there from both my channels if you like my videos I want to support you check out the description of this video or go to support You can support through patreon or PayPal and if you can't support financially think about liking sharing subscribing commenting I appreciate all that stuff and as always I hope that you have a great day