 Hey, what's up internet? This is John Hammond, and I want to showcase more of the Google capture-the-flag competition that just happened recently. A shoutout, first of all, to Live Overflow. I played this game with him, and he took a look at some legitimate challenges. JS Safe 2, or like JavaScript Safe 2.0, and he did some incredible work with it. It was super cool to watch him work. But he's a great guy. He has incredible content on YouTube. You should totally check out some of the stuff. And if you haven't already, but we do similar things like cybersecurity, computer science, hacking, capture-the-flag stuff. So hopefully he's already on your radar. But let's get to the real content here. Let's get to the Google capture-the-flag. So I want to check out the beginner's quest and this challenge here, the green dot that became available just recently after we solved a couple of the challenges. This challenge is called more MOAR, and it's a PON, Binary Exploitation Challenge. However, it's not that much. It's not the classic hardcore Binary Exploitation thing. It's a baby-quest one. So the challenge prompt is finding yourself on the Fubanizer 9000, a computer built by 9000 foos. This computer is complicated. Luckily, it serves manual pages through a network service. As the old saying goes, everything you need to know is in the manual. So we can copy this NetCat connection script. Let's get a terminal that we can work with this stuff in. I've been working out of GCTF because I like to have a folder for every single game I play, and I like to have a folder for every single challenge I do, too. So let's make a directory more, move into it, and let's create a connect script, just because I always forget the hostname and port for everything that I do. So I do want a connect script that lets me just easily run through the NetCat connection. Now I can dot slash connect, and what we have here is it looks like a manual page for Socat, or the Socketcat, multi-purpose relay, blah, blah, blah. And there's nothing else we can do with this. It's just printing out that page, and that's it. So the gimmick here is that this man page is trying to run a pager program like less or more. And thankfully those programs let us do interesting things like open up editors or read another file, or et cetera, et cetera. One of those things is actually running commands. If we give it a special key, a exclamation point, we can actually start to type things that will run in the shell in the service we're connected to. So if I run who am I, we'll get the output more. Okay, if I were to run ID, we can run and see, oh, I am this user here. So if I were to actually LS, see what's in the current directory, hmm, this looks like a root directory. Let's check out what's in home. Anything? Okay, looks like we just have a more user. So let's see what he has. He has a file disabled DMZ.sh looks like a shell script. Let's check out what that actually is. Home, more, oh, it looks like I lost connection there. So let's cat out home more, disable DMZ.sh, oh, I had a forward slash in there, my bad. I'm going to copy this because I'm lazy. Run this and we can see the output and see the contents of the script. A shebang line here, it says disabling DMZ using password, CTF something catastrophic. Here is the flag for this challenge. So not super hard. I didn't end up writing a get flag script for this. I just took note of the flag and wrote down a solution. I like to do that just a super easy thing. So I have my own mental write up like use exclamation point for RCE, cat home directory scripts or something. And just a super stupid mental note for myself rather than writing a get flag script for these things that I can't easily automate things for. We could try and connect to it and then use XTE to send keys. I don't even know if we could just like echo a dollar sign or an exclamation point into this connect script. Let's try it just to see, I guess, disable DMZ.sh, pipe that into connect and we'll see what happens. No, it looks like it breaks. Yeah, okay. So like I said, not an easy candidate for writing a get flag script, but we can still grab the flag, save it, take note of what we did to get it and mark this challenge as complete because that's good CTF practice here. Sweet. Thank you guys for watching. Hope you enjoyed this simple stuff, right? Beginners quest, baby challenges, noob stuff, but a little bit here for everyone. If maybe doing some techniques you haven't seen before or just good practice. I don't know. I'd like to showcase some of the stuff. Thank you guys for watching. I'll see you in a later tutorial or video. But extra shout out, check out Live Overflow. He's awesome. And I'm really, really thankful we were able to get together and do some of this stuff together. Maybe do a collaboration in the future and I hope we can work together on some of these CTF stuff soon. All right, if you did like the video, please do press that like button. If you want to give me some feedback, let me know what you think, what else you'd like to see. Leave a comment. If you're willing, subscribe. And if you really, really want to help me out, please just... Thanks again. See you later.