 What's up YouTube, John Hammond here, Pico CTF 2017. We're looking at this challenge called leaked hashes. It says someone got hacked. Check out some services, password hashes that were leaked at hash dump dot text. Do you think they'd show strong passwords we should check and the service is running at this host in that port. So we can check out this file here. And it looks like it is a bunch of users given the username, and then separating their password by a colon here. But the password is a hash. So it's that digital fingerprint long string of text and numbers that would represent, okay, just the single signature of whatever actually they're trying to use here. So if we wanted to take a look at this net cat connection or this service that we can connect to, we can net cat into it and it will want a username. So I think Christine was one that I saw at the top and they don't need to know a password, which we don't know. So anything we will have to try and crack these hashes. So according to the hint here though, that is what we should make our objective. So we've got hash dump dot text. Let's actually w get this and work with it. Cool. So if I cat out hash dump dot text, let's say I wanted only the password. So I'll cut up field two, and I'll get all of the passwords that are in that listing. So then we can go to like an online tool as the hint suggests, I'm going to go to hash killer, because I think that is a pretty fine one. That will let me do more than 20, I think crack station will only limit to 20. And this is certainly more than 20. We can assume this is sort of IIB at maybe whatever that capture is. That's what you want to see on YouTube, right? See me fail at hashes. Okay, cool. Sweet. So Christine was the very, very top of hash dump. Yep, the 5d. And it looks like her password is chasm with the four as our a. So if we go back to that net cat connection, we can try and log in with Christine, we can use chasm with lead speak as her password. And it says welcome to the shady file server. Would you like to access the cat ask your database? Sure, we'll say yes. Scroll up here. And we've got our flag just like that. So simple, simple hash crack. Let's actually try and create a small command line thing to automate this. I'm going to use printf here, because that will allow me to automate the new lines that I'm entering. So whenever it's like essentially letting me hit the enter key while I'm interacting with the service. So all this input will go through because it'll ask for our username first, which will say is Christine, then it'll ask for our password. Notice I'm using the backslash n to denote a new file or a new line. And then I'll use another backslash and after it asked for my password to say yes. So I can check out the flag and cat ask here. So look, it automated that whole connection. Now I can greptack I for flag. And then if I wanted to I can rev that cut it up with the limiter as a space, get the very first field and then rev it back. So we get just the flag here. And we can go ahead and save this line as our get flag script. Perfect. Okay. So we can mark this challenge as complete submit that if we want to, which in fact I do get some points for this and climb on the scoreboard. Cool. Hey, I want to give a special shout out to my supporters, individuals that love me and Patreon. You guys are fantastic. It is incredible and surreal to see this list get a little bit longer. I'm always happy for new names to add here. $1 a month on Patreon will give you a special shout out at the end of every video just like this $5 a month on Patreon will give you early access to everything like create on YouTube. The moment it is ready. So once it's recorded, it'll be uploaded to a specific, special and specific. I put those words together, Google Drive folder that you can access. And that's how you can get early access to my content. Hey, if you did like this video, please do press that like button, maybe leave me a comment. Subscribe if you're willing and please join us on the Discord server link in the description. And if you're willing to check me out on Patreon. Cool. See you guys in the next video.