 Hey, what's up guys, my name is John Hammond and welcome back to the YouTube video still checking out the Kaizen CTF Looking at some of the last of the networking challenges. This very last one was called IP and a haystack and I was worth 200 points It didn't seem too difficult for me because I feel like I knew the tool that I needed to be able to get this done So the question here is identify how many IP addresses in this file fall within the CIDR range the IP address is paired with For example, if the following CRD IP address ranges, we can see that some of the IP addresses fall within the range and some do not So we're supposed to submit the number IP addresses that fall within the range as our answer So because of that it does not follow the regular Kaizen flag format So we're given this zip file that has this IP dot text file list of a bunch of things here So let's create a IP and a haystack. Let's create a file folder for it and save it So back in our shell we can take a look at it IP and a haystack unzip that archive and now we've got that IP list dot text Which has a bunch of those IP addresses and their range So now we can totally just see how we can stray through it So I think the best way to do this is with the IP address module on Python I'll show that off for you here If you haven't heard of it before it's a really cool library module that just lets you work with it IP addresses and determine like okay number of bits number of bytes stuff Is it within a certain range a certain subnet what version is it stuff like that? So it's really cool Honestly, I honestly just like had to Google Python check if address is in range Something like that or if IP addresses there and you can see the stack overflow thing that's got some code for it But the next line is really really interesting Where they just use the IP address module and it's a Boolean test like is IP address in some network with the given CDR range, so this is looks exactly like the line that we need I can just literally copy this out So let's start to crank some code out that'll work with it attacker.py and Now I'll start to write it here. Let's get our surveying line bin environment Python I'll import IP address and We'll open up our IP list dot text Contents equals handle dot read for line and contents dot read lines we can say address and CIDR equals That line and it's split by a space, right? So it's okay to just run that line just fine and we can test if the IP address address is In that CIDR range and if it is we'll increment that counter which we can start with zero We'll just increment it up And then once we're done we can print out that counter and we should be good So let's mark this as executable start to run it and Oh, I have a typo on my shebang line my bad Now here we go string has no object read lines. Oh contents I suppose I could just use read lines here For line and contents and now we're working and okay So that's this range does not appear to be a valid IP address Arrange is you want to pass in or instead of a unicode object? So we have to specify our Addresses should be passing as unicode objects for whatever reason the IP address module likes them that way There's nothing wrong with that. I don't think I mean we just pass them in that way And we should be able to run now and it does not seem to be an address. Oh I have it mixed up The CIDR is first in the address now We're running we're on business and we get a certain number thirty six thousand four hundred fifty And that's our solution, right? We just go ahead and paste that in and get our flag That is how we solve this challenge Really simple pretty cool simple script literally just running through the album and just doing a simple test using the IP address module And Python that already does all the hard work for us It just determines if an address is in that CIDR range So easy if you haven't heard of the module before IP address it does come in handy So I'd put that in your back pocket at it to your toolkit, you know have another notch on the belt. So easy flag easy 200 points and we're all done with that networking session for the Kaizen CTF cool. Thanks for watching guys. Hope you enjoyed this one and I'll see you in a later video