 Hello everybody! My name is John Hammond. We're doing some more Miter Stem CTF. Linux Category, 150 points is where we're at right now in that challenge, Hierarchy. The challenge is called Solinostimus. I don't know why. Well someone, uh, avoid updating the Discord they had to like Google this and he told me it's a fish. Okay, don't know why. Says none of which are longer than 15 processes and I'm like, what? What does that mean? Uh, we were actually second to solve this. I was very, very sad and very, very upset because we were so, so close. DuckDuckNow got it before us and they looked like they're rocking. I think they've been in first place for like the professional side or whatever ineligible teams for like the longest time. So whatever, let's jump in. We've got to create a new directory now for 150 Solinostimus. Solinostimus? I don't care if I spelled that right or wrong or if that's even the right word anymore. We need to SSH connect to it and if you hit enter yes the first time you're connecting you can go ahead and check what we have in the current directory and it's nothing. So let's see what we've got here. Again, I'm going to use set. Looks like there's nothing here. Blah, blah, blah. Check out the path variable. Looks like stuff. Again, we have our home bin that we can work with. Pseudo, TACL. Nope, we don't have Pseudo anymore. So that's kind of not an outlet for us anymore. What I had thought, maybe this is a leap of faith. I don't know. I thought let's determine what these 15 processes are or if we have 15 processes. Like I wanted to look at processes, right? So I tried to just run PS and PS aux, but of course I didn't have that. So I went to the Googs to the Google. I said Linux C processes without PS, without PS. And there it is. How to print all process IDs without Linux. And it said we could determine the metadata that's in proc. So it looks like this just turns on the extension globbing where we can CD proc and try and echo everything that it finds in those. I was just kind of going to hit the I believe button and roll with it because whatever I just need to get into proc and I list stuff, which I guess that would have worked just as well because these numbers will tell us what we're looking for. So I actually tried this though. And I didn't. This is odd because I saw a process ID 15 when I was trying to solve this. So let's try that again, maybe reconnect to it. There's process 15. I don't know why I didn't have it earlier. Is that right or wrong? Maybe you had a process 15 and I didn't. I don't know. But okay. I thought that that one was peculiar because the challenge description said 15. If I were in a case of not finding that I guess I would have explored either of these or any of them to determine what we've got to work with to see if maybe one of them had again what I'm looking for now. So I went into proc, right? And I moved into check out that 15 process that's running. So Linux again, everything even running processes are considered to be files and things you can look at and work with and read. So a very, very cool thing is if I wanted to I could check out what is the current working directory that they're working in or I'm sorry, CWD. Nothing in there. Looks like a directory. That's fine. I could check out what the executable is. Looks like it is tail. Very interesting. So what I usually find to be the most valuable thing to look at is actually the command line. And you don't always have spaces whenever I read this, which I think is peculiar and funny. But you're able to see, okay, this is the command line that was entered to start that process or to do what it would do. So I see this interesting thing now because I have tail tack f, etc. system, system, blah, blah, blah. So it looks like it's trying to read a file with tail that is supposedly this thing. And it's called multi user target wants do want dot text. So that sounds odd and strange. But let's check it out. Huh, okay, looks like the the flag here just kind of put it all together. So does tail tack f actually give us that? No, it looks like it just gets the last couple lines fluidly. So what I had done after I immediately saw this was okay, let's use TR and remove with tag D to delete all the new line characters. And now I have the flag mca shashu pay nine jv, which is weird. But that's that that is how I solve that challenge, checking out the 15th process, looking at the command line, seeing what it was doing and how was doing it, detecting that file and then just cutting it up and removing all the new lines. So that is the flag submit that for some good points. And let's keep note of that. Let's do nano flag dot text. And again, if you wanted to just jot down little solution. Check out process 15 cat proc 15 command line, and then read the file is suggested. Blah, blah, blah. That's a crappy one because it's not very specific, but better than trying to automate it in our case and not saving our solution whatsoever. So that's that 150 points in the bag. It's marked that as complete. And I hope that was cool. I hope if you guys haven't done that before, checking out some of the process is is processes, processes as a file and Linux. That's a neat thing to do. And just checking out that directory, you're able to find a process ID and move into it and see what else you can access for that. So thanks for watching, everybody. If you liked this video, please do like comment and subscribe, but join our discord server. It's a cool community full of CTO players, programs and hackers. You can hang out with me and other cool people that are like way smarter than me. So awesome place to grow and awesome place to learn. If you'd like to support me, please check me out on Patreon. If you'd like, I got a PayPal link up there. If you want to hang out, I'm grateful for each and every one of you. I can't say it enough. And yeah, how do you end a video? How do you just like a stop record button over there?