 Hey, what's up YouTube? This is John Hammond and welcome back to the YouTube video in this case I want to showcase some of the Google's capture the flag competition that happened just recently this past weekend and To start off. I wanted to include a little shout out to live overflow who is another awesome youtuber Who has incredible content? He's in the same kind of cyber security computer science capture flag hacking Material that I'm into He does a lot of great videos and we played together for a little bit of this capture the flag competition Hopefully he'll be releasing another video pretty soon on some of the real like hardcore legitimate challenges But I stuck with some of the noob and baby stuff in the beginners quest So I want to showcase some of that content Google CTF is already complete. It finished up last weekend June 24 Congrats to Plaid Parliament opponent for totally taking first place there. I love those guys I've been to their cyber stakes competitions when they've done that and They do an incredible job with all their stuff So this game was live at G.co for CTF and if you want to you can take a look at some of the write-ups and stuff That's already out but I want to cover some of the beginners quest and I might showcase a little bit of one of the challenges that live overflow and I took a look at personally for the Legitimate challenges there's some pretty hard stuff because Google does not mess around So if you go to this competition on the website You can create a team, but you don't have to for the beginners quest So if you click on beginners quest, it gives you this kind of storyline and prompt here, but it's pretty cheesy didn't actually Indicate too much of the actual challenges But on the top you have this diagram moving you from beginning to end of some of the challenges So let's start at the start as we should and this this challenge is called letter It's a miscellaneous category. The challenge prompt is you really went dumpster diving amazing after many hours success Between it looks like a three-week old casserole and copy of relative time magazine You found this important-looking letter about a victim's PC However, the credentials aren't readable Can you still obtain them and we have an attachment to download so let's go ahead and create a home for ourselves in here Make a directory gctf and Let's make a directory letter that we can just download this to perfect right in there save it so If we get into that directory, we have this giant hash looking thing And that is a zip archive So let's move that file to letter dot zip and then we can unzip it without a problem because it'll know that the file extension is there so that will extract a challenge dot PDF file and That must be what we're working with here. Let's open that up and see what we've got So this looks like pretty boilerplate letterhead fake name fake address blah blah blah Dear customer, thanks for buying our super special autumn product and the credentials for the webinar face are blacked out They're redacted For security reasons, we cannot change your password. Please store them safely whatever so the way I approach this was I looked through Some of the PDF tools that come in with Linux if you type in PDF and double-tap tab to autocomplete You can see some of these things that are available PDF images will try and extract images out of it PDF to HTML will convert it to HTML PDF to text will convert it to Text I tried PDF images and if you run that it'll ask for it'll explain what the options are It will take the PDF file and then the image route where you really want to put stuff I tried to run that on challenge PDF with like output as the directory But I never ended up getting anything anything with it So I tried to run PDF to text on challenge dot text and that created I'm sorry on challenge on PDF and that created challenge dot text So now we can cap that out and see what it's really Explains there and this reads username dot dot dot dot dot, but password CTF. I can read this cool. There's our flag Interesting thing if we do have that open in the PDF editor if I had just highlighted this It also will show the flag for us just like that So not a hard challenge at all totally a good beginner beginner quest starting challenge and let's note that as the flag flag dot text and just for the heck of it. Let's create a little Get flag script that will create this or copy this do this for us All in one go so I'll call that get flagged at sh That will have a shebang line and we'll run curl on That link that we can copy for us that will get the file here And let's save that or dash o for the output file as letter dot zip and we'll redirect all of the actual content here or the standard error that it gives us to dev null So we don't see that status update that it tries to give us while it's downloading it We can unzip tack a I think is to overwrite that letter dot zip And again, let's pump its standard error to dev null So we don't see it and then let's run that PDF to text on challenge dot PDF That will create that challenge dot text for us and we can cat that challenge dot text file Let's grep for CTF and let's see if it will actually get the flag for us Create that script. It'll download it all. Okay. It looks like The output is there and It looks like it's not doing that for us. Maybe it didn't it didn't overwrite. Let's see If it's tack. Oh, I think they'll over it Tack. Oh overwrite existing files without prompting. Okay. That's fine in this case because it already exists. So let's do tack. Oh Let's run our get flag script okay Standard error goes to dev null. We can put centered output the same place We probably can do that backwards. Let's take regular centered output redirect it to dev null And then take centered error and redirect to the same place centered output is going So both standard error and standard output will go to dev null in that case PDF to text We'll grep PDF running get flag. It gets the password for us But let's get just the flag out of that. So let's reverse the line and Cut it with the delimiter of spaces Get the first field and reverse it back So now our get flag that script will just get the very last column separated by spaces I can read this and there's our flag. Cool. That's pretty easy We can mark that challenge as complete and we can move on to the next one Now that we've got this saved Submit that and we're done. Cool. That first challenge is complete for us. Thanks for watching guys Hope you're enjoying this again special shout-out to live overflow. He's awesome. You should totally check out his content He has great stuff and I hope to see you guys in the next video Hey, if you do love some of this material if you'd like the video, please do that press the button like the video And if you'd like to let me know what you think what else you'd like to see Please leave a comment if you're willing to subscribe and if you thanks so much guys. See you soon