 Hello, Internet. Welcome to a couple of video CTF write-ups for the ICTF competition. It's been going on this past week. Currently it is Wednesday. Right now, at the time of recording, tomorrow the game will end. As you can see, this little ending soon, blurb on the side here. I think the team that I've been playing with in Discord server has been doing pretty well, where actually you can see it up here on the sixth place spot on the scoreboard. There are, however, many people playing 2300, so I think that's pretty neat, pretty cool. Unfortunately, we're not in the top five, so we're not displayed everywhere, just 100 points away from the fourth place tie, but whatever. Let's get into what you actually came to see, this write-up here. So let's go into the web category. I'll just start here. And then this challenge is called Toc Relunch, which is a reference and a callback to their old CTF, ICTF 2016, where they relaunched our famous website, Toc. That original challenge, the two years before, was a Java web token CTF challenge, hence the name Toc. Hopefully no one will hack it and take it down just like last time. So we're giving a link here, which we can go visit. Another is a web page, staticICTF.toc is the directory that we're looking in. This is taking a little bit of time to load, sorry, but okay, this is the web page. There's not a lot here. Some alt text it seems like, would normally be pictures, but just isn't. With random lore and some text, a lot of bacon and beef references. I originally, when I saw this two years ago, I thought that it was a reference to the beef like browser exploitation framework, but it is admittedly not for this one. You could try some low-hanging fruit, just throw this at Nikdo if you wanted to. But what you will find is that this challenge does have a pretty quick and easy low-hanging fruit that you should check just running through your CTF checklist. You would normally want to put in like robots.txt and you'd put that in the head, like the root directory or the top most of the file system of the web page. However, that is different in this case, in that robots.txt does exist, but it's accessible within this Toc folder for some reason. So you can check it out here, user agent nothing or everything disallow this link here, which is supposedly a secret, which we can navigate to. And then again, assuming that Toc is the root of this web server, with the forward slash, we would just paste that in and go to this URL and get the flag. ICTF, what are these robots doing here? So we could go ahead and create an easy peasy get flag script for this. We can just go ahead and curl this and literally that's it. We can probably use that queue for quiet. And then we will make this our get flag script. So just create a quick little script, bash a bang line, paste that in there, mark it executable, get the flag, redirect that to a static file so we can save it. And then we can mark that challenge as complete. Super simple, just a robots.txt challenge. I want to give a quick shout out to the people that support me on Patreon. Thank you guys so much. You are fantastic, phenomenal and other F words. No, really, I can't say it enough like your donation and support is incredible. Just it's crazy to me that such a thing like Patreon exists where literally out of the goodness of one's own heart they donate and give to another person, especially when I make stupid videos on YouTube that anyone could do. Like anyone could do this. So I mean I solve imaginary puzzles for imaginary points. And it's, I don't know. Thank you guys so much. Thank you guys for the great stuff! One dollar a month on Patreon will give you a special shout out just like this at the end of every video. $5 or more on Patreon will give you early access to everything that are released on YouTube just to share Google Drive folder where all my videos will be uploaded to. You can get the content immediately once it's done being recorded. You don't have to wait for YouTube to schedule it. If you do like the CTF content, you'd like to play capture the flag competitions, please join our discord server. Link is in the description. If you want to jam with me or other cool people that are into programming, hacking CTF cyber security stuff, that's the place to be. Cool. If you did like this video, please do like, comment, and subscribe. Love you guys. See you on Patreon. Hopefully, fingers crossed. See you in another video.