 Hello, ladies and gentlemen, welcome back to another HSCTF video. We're looking at the Admin Pass Challenge from Miscellaneous, so another kind of low-hanging fruit, small challenge, not a whole lot of point value. It says, hey guys, I found a super cool website at this link. If this site is blocked by school filters, try this, this, okay, those will both work. Whatever, let's try that first one. It looks like it'll work for us. It says, password checker, please enter password here as my tribute to Richard Stallman. Here is a link to the open-source GitHub. Oh, and it has a nice little, like, super old-school marquee. That's pretty awesome. Enter the password. Password is absolutely please subscribe, nope. That's wrong. I don't know why that's wrong. That's always the right password. Let's see the source code of the webpage. One note, the flag is not, literally not the flag, okay? If you want to go through some more reconnaissance here, you could do, like, robots.txt. You could do some Durbuster or stuff like that. Kind of dig through those passwords, see if there's anything more to it. Or we could go check out that GitHub link, GitLab link, lots of words to say. So I'm looking at this, and all we have is that index.php so far. And that looks like the same source code that we just saw, except the PHP code is visible. So if the md5 hash of the given password is equal to this, then it tells us the flag. Okay. So on first instinct, you could try and crack that password. You can go down the John the Ripper route or a hash cat or just try and see this online crack that will go through it. And the online tool does not. And I will save you the heartache and the trouble that John the Ripper and hash cat will probably not find it either. At least not after a very long time. If you look back at the front page of this repository, you'll note there's some interesting stuff here. There's one branch, which is master. So if there were more branches, I'd want to go and discover that. There are also 40 commits. So maybe the flag is hiding somewhere in these commits. I don't really want to go through this one by one. So what we can do is because this is a public repository, we can go ahead and download this. So in the command line here, I'm just in my HS directory that I created for this. I have the old challenge file in there. If you have Git, which you might very well have being on Linux, if not just sudo apt install git, depending on your package manager, I have a new bunch too. So apt will work for me. We can go ahead and git clone this website, that repository, and now we have a directory for admin password, and we've got that same index.php file that we're working with. But that means we can also check out the git log from the command line, and we can do some tricks. Git grep might work. Let's take a look. Git grep HSCTF. Okay. Yeah. That finds a lot of stuff for us. That finds the entries. Congrats. The flag is this. That's an important note. Literally not that. And this actually takes after the password, kind of appending it and pre-pending it in there. So it might be worthwhile to git grep for password as well. That's a post, see what that, password, a little, okay. So git grep didn't track it down for us. That's fine. Let's do kind of some more manual searching. What I did earlier when I used git log, and this is a crappy technique that I like to use. I'm actually trying grep for all those commit lines, so I can get those SHA-1 identifiers and git, and then I like to get the limiters cut. So all I have in my standard output are these identifiers, and then I can loop through each of them. I do a little janky, like wow, read line, do, and you can see the line that I'm working with as a variable now. So dollar sign line will let me work with that inside the loop. So I can just simply say let's git show on that line, and that will go through the actual git commit message and all the files and diff that those two files had, and we could look through it. Another option if you didn't want to do that was tig, and that's a graphical user interface, not, okay, totally not graphical, but command line or terminal user interface for looking through these. Maybe if I hit enter on one of these, it'll show me, okay, yeah, and then I can navigate on the top and it'll show the commit down at the bottom there. If I weren't extremely zoomed in, maybe we'd be able to see stuff that were worthwhile, but that's an option. Actually no, it shows it. Okay, cool. So I just tracked down, based on luck here, this git password, maybe in an older commit, they actually had the information they were looking for as part of the commit files they placed in the repository, and it says, I love Richard Stallman, he's so cute, and then some random hash. So that must be the flag. That must be what we were searching for, HSCTF, surrounding that, and you could totally submit that and get that answer, right? So HSCTF, kind of poop that in there, and that's all good, cool. If we had used that method as I'd done up there, you can still git grep in all this output, so I don't have to hit Q and manually go through all of these if I don't want to, but I'm still getting that information printed to standard output. It's just kind of being paginated or paginated by less there. If you wanted to, you could simply grep again for HSCTF, you'll get a lot more hits, and grep for password if you want to get those hits. And then, okay, now you'll see that in the output. I love Richard Stallman, he's so cute, and you can track it down by that method. We're using some little thought process there. I know the flag is going to be concatenating the password value we seem to be getting or posting, so, hey, worth tracking it down, worth finding it, but that is the flag, and that is how you solve admin password. So some more git digging. So if you liked this video, please do like, comment, and subscribe. Love to see you guys on Discord. There is a link in the description if you'd like to join that party. It's a lot of cool people, a ton of fun. We tackle a lot of these capital flags, CTF events, and if you're willing to support the channel, I'd love to see you on Patreon, I'd love to see you on PayPal. Thank you guys so much. I'm so grateful for everything that you do, trying to help and grow the community. Thank you guys. I'll see you in the next video. Love ya. How do I stop recording?