 Hello everyone welcome back Again, my name is John Hammond and I'm in this video I'm showcasing some more of those challenges that I put together for a local practice exercise CTF or capture flag competition At my school and so the next challenge was on web hunt and the prompt here is it's a website scavenger hunt and the hint that You can find if you hover over is like grep can be an extremely powerful weapon if you know how to wield the sword so it is a zip file that you'd end up downloading and Once you actually go ahead and use this you'll notice that it is a full and complete website with an index of html and CSS and images and JS and stuff like that so the ploy is that they would go ahead and extract all these files and Begin it to look at the website with a little index.html I'll drag this down so you can see it and it is quite simply a website where hopefully it would fool them to Like look around and and and and do things but you might want to look at the html source or some of the CSS It's literally the ploy is that it's a website scavenger hunt But since there are a bunch of files and we want to be able to search through them for a flag Well at this point we should know the flag format. So what we can do is we can just search for it, right? so That is in the Web hunts status four on my case so in the web page or in the website what we'd end up doing is Grepping in our case for anything that starts with you a cga like looking for the flag identifier the flag format But we wouldn't want to do it on like a specific file because we know it's probably not going to be in any of those But we'll do it recursively dash r and we'll look at in this folder onward. So we find it eventually but that that that dash dash r folder that that That argument sorry. Well, that does it reads all files under each directory recursively So that's how I intended them to solve the challenge rather than having to look for it by hand because I actually stored the flag In the JavaScript like jQuery file So no one would look through that on their own like individually But the ploy and the hope was that they would use grep to to find it so Grep can of course Find the line but and you can you can just go look for it because it'll be highlighted, but a good ploy. I think is to Now use more things inside of the I Think it's RP Or oh, I want to be able to get just the alright, there it is cool Rop and the regular expressions you find simply the flag itself. So There we go. Grep can find anything if you know what you're looking for And that is how I ended up putting that together. So the way that I built that was real easy All I ended up doing was I was taking that nothing in the box calm and I w get mirrored that to create That nothing in the box calm. I Think I can Go ahead and start to show that and then it will No checks if it gets fine If I need that argument to go ahead and pull it that's fine And then it will start to like mirror and scrape the web page So that's why it was able to create that folder and all the other stuff. So I'll get rid of that But once it was downloaded, I literally just go into the JavaScript file See what's in there and I'd go ahead and insert The flag in the jQuery file I just edit it in like sublime text and just literally plop it in there wherever it's in the middle of a comment Or a or after a command so that way it doesn't interrupt the JavaScript code itself, but it's still hidden in in the web page So that was it just using simply grep to find a file But knowing to use it on all of the files in the web page. So that was Like copy the flag, I want to make sure I copy the flag Okay, cool. Yep. We'll go ahead and submit it and get our hundred points And we're just moving right along with some of the simple challenges that I put together for our local practice CTF exercise and competition. So I'll see you in the next video