 Hey, what's up YouTube? My name is John Hammond. This is another video right up for Pico CTF 2018. This challenge is called Mr. Robots for 200 points in the web exploitation category. Challenge prompt is, do you see the same things I see, the glimpses of the flag hidden away at this link? So we can go check out this website. It says, Mr. Robots, hello friend. So I'm just going to listen from the challenge title and the name here, that this is a reference to robots.txt. So if you haven't seen that before, I cover it in a lot of videos because it's kind of just the most simple low-hanging fruit web challenge classic thing you can find in a CTF. So it's just a text file that explains pages that would not be kind of visible to a Googlebot or kind of a web spider or crawler that's trying to index pages and stuff like that. So we can go ahead and check out that robots.txt file. Let's go to the forward slash robots.txt in the URL. It says, for any user agent, so for any kind of web browser, go ahead and disallow this page. Don't allow them to get to that page. They're trying to hide it. But it is plain text. We can all see it. It's all accessible. So, so much depends on bottom red flag. We can just go ahead and grab this flag right there and submit that. So if you wanted to, we could go ahead and make a get flag script out of that. Let's go ahead and just write like curl here. Go ahead and curl S this and then let's get our flag format out of it. Super duper easy. All right. Just like that, we can save it. Again, my flag will be different than yours because of the hex at the very, very end. I should have marked that as complete. My bad. Get flag script, bin bash, paste that in there. Market is executable. Go ahead and run it, save it and mark that challenge as complete. Easy peasy. All right. The next challenge is called no login for 200 points. It says, it looks like someone started to make a website but never got around to making a log. But I heard there was a flag if you were the admin. So this challenge got a lot of flack. No one particularly liked it, at least from what it seemed like. It says, I'm sorry, it doesn't look like you are the admin. I think this was kind of a guessing challenge or a leap of faith challenge. And that's why I think it got so much flack because sign in sign out aren't available. If you check, if you try and go to the flag page, it says you're not the admin. So what we ended up having to have to do was creating a cookie. So I'm using edit this cookie. I'm just going to create a new one here. The name will be admin and I'll set the value to one and now I refresh. Go ahead and hit the flag button and it gives me the flag just like that. So no real inclination or no real kind of point to do that. Just like maybe from your learning in the previous and the previous challenge where you had to modify the cookies. This time we had to add a cookie, kind of guess the value. The name would be admin and it set it to one or true and you'd get a flag. So dumb, not my favorite thing, but whatever. I'm just going to bang out a quick script for that. Let's make a directory no login and I'll mark it as complete now because we know we've already got it. No login complete and I just created a script, a Python script for it because I just want to be able to specify those cookies. User bin environment Python. Let's go ahead and grab the URL. URL can equal this. Let's import requests, which if you don't have installed, you can do a pip install request. And if you don't have pip, you can do apt install Python hyphen pip. And let's just do requests dot get URL with cookies. That's a keyword argument I want here. Let's say admin and set it to one. And let's just say this is R for response variable. Let's print R dot text. Looks like we do get the flag just visible there. Okay, so now let's go ahead and carve it out with some regular expressions. So let's do RE and then RE dot find all pico CTF star asks risk to get it all. And we get that as our input and we can go ahead and print that out. So perfect. Let's market that as executable redirect it to flag dot text. And we're done with that. Awesome. All right. What's the next challenge? Do we want to submit that? Do I have my clipboard still? No, I don't too many alt tabs. Alrighty. Now that that one's done, let's check out secret agent for 200 points. Another web exploitation category challenge. Here's a little website that hasn't been fully finished, but I hear I heard Google gets all your info anyway. So we can check this out. My new website hit the flag. It says you are not Google and it gives us our user agent or the header that's passed through HTTP or whenever you try and make a web request about what kind of browser that you're using. So it sounds like in this case we want to act as if we are the Google bot or the Google crawler to index stuff like as if we were viewing it the robots.txt file. So let's try and figure out the Google user agent. Let's try to Google what the Google user agent may be. And Google crawler is user agents. I had to poke around with this a little bit. I think eventually it was the Google bot or Google auth thing that worked. Not sure which of these maybe let's try this guy. So what I'm going to do is I'm going to take this web address. I'm going to go to my terminal here and I'm going to use curl to go ahead and get the page. It says you're not Google and it says curl is our user agent here. Let's specify user agent. Curl can use tack tack user agent. And then I'm going to go ahead and paste in this information here and it says awesome. Here's the flag secret agent. So that one worked just fine. I use the user agent in curl and you could do this if you wanted to with another Python requests module stuff. You can say headers can equal curly braces and then the header. So you're just setting up a dictionary for the headers that you want to supply and you can paste in the header that you want and then in your request you would simply say headers equals headers. Or if you want to use a dictionary in line you could do it just like that. So interesting thing but I'm not going to go through that one. I like the curl style here and then we can just grep for our flag. Carve it out and if we're going to grep we need curl tack s. My processing was weird there. Awesome. And now that is our get flag script. Let's make a directory for that. It's called secret agent. Market has complete and bang out a get flag script with our proof of concept stuff that we just did. Awesome. Redirect that to flag.txt. So that's that. Some cool web challenges, some simple stuff. Just kind of knowing your toolkit and knowing what is able to crank through those for you. I think that it's kind of awesome to just know how we can manipulate those headers and those cookies whenever we need them especially in code and in automation. So doing that in curl or doing that in Python, it's just going to benefit you later down the road for a lot more of these CTF style stuff. Before I go, I do want to give a quick shout out to the people that support me on Patreon. I actually just lost this page because I ended up accidentally saving the second half because I split my screen in Sublime Text and the original supporters.txt file that I keep track of just lost that half. So I got to be careful about that. I realize I'm missing some of the accents on some people's names and I'm very, very, very sorry. I'll fix it probably immediately. Hopefully anyway. All right. Hey, $1 a month on Patreon will give you a special shout out just like this at the end of every video. I know it's not a whole lot. It's just a small, stupid incentive. But it's just hopefully that feel good feeling, the fuzzies warm fuzzies in your heart helping out another dude just trying to make his way and I'm grateful. Thank you. $5 a month on Patreon will give you early access to everything that will release on YouTube before it goes live because I like to have stuff usually backlogged and kind of ready for later releases but I have not been very good about that lately. So, hey, whatever. I would still be grateful. I appreciate your support. Whatever you're willing to give. Thanks so much. If you did like this video, please do like, comment and subscribe. Join our Discord server. Link in the description is a cool community full of CTO players, programmers and hackers. If you want to hang out with me or other really cool people, people way smarter than me. That's an awesome and great place to do it. We're gonna be tackling a lot more capture flag competitions as they come through. Pico CTF is still going on just to have people learn and get better. It's a cool CTF word camp. So, thanks. Hey, hope to see you guys on Patreon. Hope to see you in the next video. Love ya, bye.