 Hello YouTube welcome back to another video this time looking at seesaw CTF the red team competition or seesaw red In this video I just want to run through all the tutorial challenges because they're not too difficult I can probably pack them into one video without kind of just beating that a horse stupid stuff the are you alive challenge is pretty simple It's essentially a get flag script. It's just simply a a bash command that will spit out the flag for you So if you were to go ahead and copy and paste it into a terminal hit enter just as description says It says flag welcome to red and you can submit that like whatever as your flag if you wanted to save it as a flag Put together get flag script if you cared about that stuff, but not too bad pretty simple on this I'll just bang through this. Hopefully it won't take too long screw it. Never mind. All right BB-8 is the other one and that they're referring to BB-8 is one of the few robots that Google can find do you know where they hide and that is a reference to a Robots.txt game not a game, but it is robots.txt that thing in the internet in the world With robots.txt file at the root of a web server will explain it to Google search engines or other like index internet crawlers Do not visit these pages. However for seesaw red it was just kind of clever and that it looks like a regular page with a flag on it, so you can copy and paste that and that would be the Flag you'd submit. This is a YouTube link just for BB-8 in Star Wars And I guess we don't particularly need to see that but if you wanted to you could just simply curl this and You could make that a get flag script if you curl tack s This link and then go ahead and grep tack OE O for only and E for extended regular expressions So we can just use a flag format here flag and curly braces and then regular expressions the period in the asterisk to get the flag However, it's going to interpret these HTML characters. So maybe that's not the Best notion to do here because I don't particularly want to spend the time to cut that up and bash Yeah, stuff to show Next is in my elements, which is a simple one where they have base 64 hidden in the page It says there's a flag somewhere on the page Can you find it if you review the source on this page or even when we looked at the robots.txt file? You could see it when we curled it even there's this base 64 hidden in an HTML comment. That's what these Greater than less than walk-a-walk exclamation point stuff is is green here noted as an HTML comment Again, if you wanted to you could cut this up Use it with curl base 64 decode it I'm gonna go ahead and do that just copy and paste echo this Into base 64 attack D to decode new kung fu Kenny and we could do this with the curl command if we wanted to and so we could look for things that have that HTML comment in the style there and We will probably need to use single quotes for that So we don't have Bashed literally interpreting literally literally interpreting wow, okay I'm not even gonna try and finish that sentence that won't work It didn't work because I had spaces there and there are no spaces in that so just go ahead and remove those and then you'll get okay the Flag kind of in base 64 and we can go ahead and cut out with the delimiter of a hyphen Just field one two, maybe three in this case. Yes, great pipe that into base 64 attack D And then get our flag just like that all in one line simple stuff The next one is called regular expressions in that can you find the flag in one of these files control? That may not be enough. We're given a zip archive and if we wanted to we can go ahead and Download that I know my directory structure is totally not what it's supposed to be right now Burning through these tutorial questions Take a little bit of time to download Now that it has downloaded I can go ahead and unzip it and there's a lot of text files in there So let's go check out that directory tons of stuff Well, we don't want to look through all of it Let's just run strings on everything and there's a lot of information there, but we can simply grep attack I For flag and then if you wanted to that's gonna get a whole lot of results So use the flag format with the curly brace in there and then we can get the hit just a regular flag submit that earn points Cool stuff Jets, that's the simple stuff for the tutorial challenge. Haven't used strings before do that Use a wild card to hit everything in the current directory and then grep through that output look for the flag that you want Robots dot text is a thing base 64 do stuff with curl etc simple simple stuff That's the tutorial section in seesaw red. So thanks for watching quick shout out to the people that support me on patreon Thank you guys so much. You are phenomenal and the reason that I keep making these awesome videos They're not awesome the video the video is on awesome. They they probably suck, but you guys are awesome You awesome people are the reason I keep making these shitty videos All right. Hey $1 month on patreon will give you a special shout out just like this at the end of your video I can't do please sub anymore because this guy please sub patreon supported me with the name please sub It's now what I have to know. I have to type out literally please subscribe every time. Okay One dollar a month gives you a special shout out just like this at the end of every video And I do a stupid bit every time I have to do this. So it's probably super annoying $5 a month on patreon will give you early access to every video that are accorded and put on YouTube before it goes live because I like to record in bulk and Like release things gradually, but I haven't been very good at it lately Hope you guys are okay with that whatever. I'm a human being too. I put my pants on the same way you do hopefully I Gotta end this video right here if you guys like this video, please do like comment and subscribe Join our discord server. It's a cool community full of CTO players programmers and hackers link in the description I'll hang out with me other cool people replaying games like seesaw red obviously Same thing with pico CTF if that's coming and everything that comes on down the pipe. So Great. Hope to see you guys on patreon. Hope to see you in the next video. Love you