 Hey, what's going on everybody? My name is John Hammond. Welcome back to the YouTube video is still showing off the juniors CTF Who's going on this past weekend? And in this video, I want to show off that six strange tales web challenge So it was worth five hundred points initially and all of them keep fluctuating because of how they're keeping track of the scores But the six strange tales a lot of the CTF is based off of the Gravity Falls show As I think just a pun or a joke for that I don't know. That's just what they tried to theme the CTF off of so regardless and showing it off The challenge prompt here is no real prompt just some weird cryptic messages But it says grungles and what's the secret of the six-fingered hand? Which I guess is the grungles stand character. He has six fingers Can you see these codes when the six-fingered hand touches them when the gravity falls it gets opens How should we read the secret left to right right to left maybe upside down blah blah blah? so this is What we are presented and it's not an image or at least we can't click on it like view anything. Can I view image? Okay, cool. I can view image sweet. Oh God I closed the page my bad Little control w doing a little preemptive stuff with the control w Let's get back to it Access token All right now. We're back in action. Sorry about that hiccup didn't mean to hit control w there I thought it created a new tab for me so this is it and How do we read this from left to right or right to left? This all looks like like a bunch of text that it doesn't look like a cypher doesn't look like any base 64 things or anything And I've it's kind of hard for us to copy and paste anyway because it's an image however, this is again a web challenge, so I wanted to view the source this web page and challenge prompts flag here Which is apparently some red herring which pissed me off because I'd like submitted this I submitted with quotes I submitted it as flag equals and all this and that again was not the flag You can keep submitting this like until the cows come home, but it didn't do anything And we all yelled at it on the telegram like the RC channel that they set up for it. It just was bad Okay, I see this JavaScript here though and this JavaScript is what peaks your interest because this image that they take the source of is The image that is displayed, right? That's that's that now. I can actually control of you so it draws this and loads it and I notice this test here if my user agent is gravity falls and I try to set this up I try to just copy that user agent and I opened up tamper data to try and view this page again So I would start the tamper Get my thing here and I'd go and change my user agent to gravity falls Hey, okay, I Do it for all the other following ones just to like I'd say because I just wanted to make sure that it would actually go through Even with like Google's weird things So I tamper through all of those Google fonts and stuff that they needed to grab But there's no change in the image when I thought there should have been considering it's supposed to replace What I'm assuming is the color to like 1.5 like it's replacing all these zeros with a 1.5 jazz so Regardless that didn't that didn't really work for me. So what I ended up doing was I actually just copied this script and recreated it Actually, yeah, I'll take the whole canvas because that's really what we need here and I'll fire up sublime text Bring this down and what I did is I had created a juniors yeah recreation dot HTML and And Creation once we viewed this I pretty much got the image again. So I recreated it. Okay Now I can actually remove that JavaScript line to test if my user agent's gravity falls refresh the page now Okay, so now it does it so I just kind of forced JavaScript Hey completely regard that conditional for some reason it wasn't working when I tried to change the user agent So whatever let's just skip it I'll bring this down exact. Sorry Now I have these strings here and I have six strings one two three four five six and I'm assuming I'm assuming this is our flag really really hoping so What I did is I concatenated them. I tried them with spaces. I try them without spaces I thought it was a joke in that how should we read these from left to right or right to left I tried all six of them from right to left I tried all the characters reversed Reverse from right to left and I tried it upside down You know like maybe reading vertically this thing starting first and this and this and then this and flipping that Like we're in reverse again with reverse characters and all of that stuff the fault that I had was Because this was an image When I'm hand typing them all out. I literally just try to translate it Oh showcase what I have here What's it called? It was called six-fingered in hands, right? Yeah, I had these pieces But my oh Was a zero because I had to type it by hand. I had the wrong Like hand it like translation which was stupid and dumb And I was really really pissed off that it took literally forever for me to get that But that was the problem All you had to do was remove the spaces and it's it's in the correct order already But because you had to like hand copy it you couldn't type this out Unless I mean you could try and do this with tesseract to automate it again It would have issues and there's already so much other shit that's visible here because of all these other like great out Things it was just really hard and dumb and obviously I'm still salty about it but that ended up being the flag you would submit that and 500 400 points whatever the case may be However, it was very cryptic and You know a little bit of a strange challenge from the six strange tales. So that's it though I want to show it off to you guys. That was the solution What I did was just taking out that conditional JavaScript getting it to actually highlight these things for me and then Making sure I had the correct zeros and O's and all the numbers the actual translation correct and removing the spaces and they're Concatenated and that is our flag again. No flag format. So, you know All right. Thanks for watching guys. Hope you enjoyed this one And I'll be showing off some of the other challenges as we as we move along here the lost code So cool. See you in the next video