 This challenge from Ryan Nicholson's cat from flag competition is called strings won't help you for 100 points in the extreme category. It says determine the password that the program asks for and receive the flag, recover the flag. So it gives us a shell that we can connect to, credentials to login with, CTF nine and challenge nine. If we check in our home directory, we have a file program. Okay, we still don't have the file command, whatever, let's run the program. And it says cat root MD five hash permission denied. That's weird. Enter the password for the flag. Please sub. Nope. Try again. I was originally weirded out by why we're getting a permission denied notion thing here for root MD five. If I check out this program, it's not a set UID binary. So it's very strange, but it's owned by root, and everyone can run it. But I'm not able to open up this file that's in the root home directory. So I checked out what I can run with pseudo or with root privileges. And it says the user me run the following commands, no password competitor program. Okay, we see that here. And L trace, that was really weird. So I figured, All right, let's pseudo L trace and the program. And this will show us. Okay, what is it was actually trying to happen here? Looks like it tries to read this file, MD five hash, and it gets this MD five hash cool. It enters the password for the flag as we input it. So please sub. And then it tries to Oh, it uses some bash code to determine the MD five some of that, get the actual hash. And it tries to compare that you can see str cmp with the hash that it read out of root MD five hash. So all we need is to figure out what this hash is originally what the real plain text is from that, right? Like, that should be our goal here, because please sub is not the correct password. But whatever yields this hash is the correct password. So let's go ahead and try and crack this. I'll Google it, or a crack station, whatever we need to do to actually, I don't need command line, I just need the actual thing, whatever we need to do to crack this hash, let's paste it in here, run through that stupid capture. And the hash is supposedly Big Bang 31. Okay, so back to our program here. Now we can run program. Again, we'll have to pseudo it because so we can read that proper hash file, and then we'll enter Big Bang 31. And it says, Okay, sweet, that was the flag. That's here's what you need Fumitorium neat, weird. I'm confused why that wasn't a set you ID binary. I thought that was kind of strange. But I was going to use L trace and S trace to begin with. So it's an interesting thing that those are noted in pseudo that we would be able to run them. So always always, at least when you're in a shell, try and run that basic enumeration pseudo attack L list of what you can run without a password or anything else on the system you might have access to. That's kind of a cool thing to note for capture flag competitions. And this one was just a simple okay, reverse this hash. Pretty much what we did like in the beginner section. Hey, I want to give a special shout out and some love the people that are willing to support me on Patreon. You guys are phenomenal. I'm gonna do it. I'm gonna run through here. Spencer, Clark, Al Horowitz, okay, I tell you, I'm sorry, always put your name or a lot of the unruly destroyer of worlds Bastion of Terror, Jan Rob, Timothy County, Jacob H or one FL Thomas, Fred, Rob, Dakis, JD, Ton, Maurice, Contorowitz, Ben, Sweeney, William Whitcomb, Justin, Man, Kimbo, Nullpixel, Rich Smith, you guys are phenomenal. Hey, $1 a month on Patreon will give you a special shout out just like this at the end of every video where I can butcher your name along with everyone else's $5 a month on Patreon will give you early access to every video that I create before it's uploaded onto YouTube. And if you did like this video, please do press that like button, maybe leave me a comment if you're willing to subscribe. Join us on Discord, link to the server is in the description. And it would be awesome if I could see some support on Patreon. You're the best guys. See you soon.