CTF Walkthrough with John Hammond

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
the takeaway here is we're doing a so-called basic ctf and you've already that kind of way of thinking and looking at code seems to be applicable to the real world is that right yeah at the when you drill it down to the core there is still curiosity and the inquisitive mind and kind of that problem-solving attitude those are really instilled in you for capture the flag and war games and all of this i know in the moment sometimes it sucks like you're banging your head against the wall you have this problem in front of you and you you can't solve it you've been beating yourself up for a day or a week but you still you can't sleep you're thinking about it you're obsessed with this problem and you i don't know it it builds in that grit and determination and stubbornness to let's think about this let's try and solve this problem let's let's be curious as to how it does what it does those are all things you'll definitely get and capture the flag [Music] you can get so much closer to the wire in in linux and using the command line so i i would absolutely recommend that hey everyone david bumble back with john john we spoke previously about ctfs we did some theory type stuff but i'm hoping now that we can jump into some practical demonstrations because you're well known for that so welcome thanks so much yeah i uh i would love to showcase some cool stuff here uh i i realize that hey we're all kind of coming and approaching this at different levels so i think it might be good to start with some beginner-friendly stuff something right very i don't know i'll get you get your feet wet and kind of get you in motion so that'd be great so go for it i'm gonna keep quiet and you know take it away okay so i am online here at picoctf.org and this is kind of one of the capture the flag competitions that i mentioned in our in our previous conversation david it's a hey pico ctf let learning happen through exploration so i i mentioned yeah middle school and high school students but that's not meant to dissuade you one way or another um pico ctf is is super beginner friendly it's great for getting started and just kind of learning and exploring this sort of thing it's a capture the flag and it's meant to be hands-on but it's all about learning and having fun so i'm gonna go ahead and log in um i should be hooked up with lastpass here so you mentioned last time that they run this once a year but you can access these labs anytime is that right yes so picoctf 2021 just actually wrapped up the game was from march 16th to march 30th but the environment the infrastructure will still always be online and accessible i think i'm not actually positive but there's the competition from pico ctf 2019 is still up and about you'll you'll find challenges online from the 2018 game or the 2017 game so they do a great job of making sure this stuff can can stay accessible for folks that's great so i am logged in inside of their game environment and forgive me some of these uh kind of challenge tiles or these cards here they look a little grayed out because i've i had to play myself right i gotta be true to form here so i i'd love to showcase a couple of these again kind of more beginner friendly ones we could start off with the very very top just to kind of get your feet wet i will go ahead and download this file and it's simply titled flag i will hop over to the command line or i'm working in linux right now truthfully i i love linux and i think that's a great place to learn i have a ubuntu virtual machine set up so i've got to ask you the question your favorite distro yeah i like ubuntu personally uh it's just easy it works and it has a great community and you do you run that as your as your physical machine or you're running that in a vm on a mac or something uh i all of my laptops i have linux installed bare metal just on the drive itself um on my desktop pc what i'm using to have this conversation right now it is running windows on the host and i have a couple other virtual machines living through virtualbox so right now this is a vm that's great so i have downloaded that flag file and i use the mv or move command to move it from the downloads out of my home directory into this current directory kind of with the period notation here so now i simply have a flag file if i were to ls display that out in my current directory and i'll use the cat command to cat it out or display it onto my terminal screen or the output so we're greeted with this text pico ctf curly braces and kind of some leet speak here sanity verified and some other numbers and letters uh now this is the bare bone basics right this is just hey are you a real human being here's a sanity check can you download and just look at this file this is a flag that proves hey we've accomplished the task and they often follow this flag format that's how you you know what you're looking for right it's not just a needle in a haystack it follows some standard structure pico ctf with curly braces and some text in between so we could go ahead and submit that and hooray i've solved that challenge correctly again super duper simple right that's the the top of the iceberg here but there's so much more we could do uh i think information is a great one to kind of keep us cruising the description here hey files can always be changed in a secret way can you find the flag and now i have a jpeg or an image file to download you can see they do offer some hints and again there's no risk there's no shame in taking a look at some of these it's all about learning isn't it so i mean you can't expect to you can't expect to run if you can't crawl so i think it's sad that we lose that when we grow up um often we lose that i mean there's no shame in if you're new to something just you know crawling walking running i will repeatedly say like hey i'm a kid at heart and uh i'm always learning too i'll be 50 years old or older and i'll be manny i'm still a beginner exactly so i got this cute picture of a cat open up and we want to kind of understand okay really what is in this is there a flag hidden somewhere i think i see some text over on the side but we're more interested in how this file is really put together i'll go back to my terminal here and once again i'll move that downloaded cat.jpg into this current directory and i could run the file command to kind of understand really what is this file it tells me hey it's a jpeg image we kind of knew from the file extension but just to make sure just to verify because that file extension could be trying to deceive us and then we could do some reconnaissance or kind of understand really what is this file made out of when we tried to cat that flag file earlier when we displayed that out on the screen it's just plain text and that's easily visible and human readable but these data files like a jpeg or a song or a video all those different file types well that's going to be binary computer data so if i tried to cat that cat out onto screen it's going to be an absolute mess it might even just tell me hey we don't want to view this because it's binary data i'll use that with an absolute one a lot of nonsense right so we could do some other interesting things we could try to determine any strings in there to only find maybe they snuck in some data amidst all those those binary computer values or we could try to look at the metadata like if this was a picture what other information might be stored with that picture like are there gps coordinates that were taken along with it or if it were kind of a song like the example we mentioned earlier uh what's the track name or the artist or the album that that song was on i'm gonna use exif tool one thing to get exif data or the metadata out of a file and i noticed something weird truthfully this might just kind of come from my exposure but if you look through here you can see the file name the file size when it was kind of downloaded for us type etc but there's a lot of nonsense in this license and i'll be honest maybe this kind of comes from some trained eye and experience and being just being familiar with this stuff but this order of seemingly random letters maybe an occasional number in there it kind of bounces up and down and this sticks out to me as base 64. so wow i mean i don't know if everyone would have known that but i think your your previous knowledge gives you that so i we can google around uh we can maybe learn what is base64 i mean i i john if you don't mind i'm going to ask you some questions in between sure so skills that you would recommend someone get i mean i see you you've already mentioned linux or ubuntu would you recommend that someone really work on their linux skills truthfully i think linux is is great for getting your getting your hands on the keyboard right uh understanding the command line kind of knowing how to navigate around the file system uh being able to install tools as you need them with your your package manager the repositories uh linux is a hacker's operating system it's a hacking distribution if you're using cali or any of the other fancy tools you can get so much closer to the wire in in linux and using the command line so i i would absolutely recommend that for resources to do that over the wire is another exceptional and great war game uh bandit one of their levels from over the wire is is really good at piecing together what you can learn in the linux command line and how to use some of these commands so i mean that's a free ctf where you basically learn linux is that right yes i mean you've got all this knowledge and it shows um it's like how do we become you um so linux would be one of the first skills would you recommend a programming language as well yeah the the trajectory that i tend to give folks uh and maybe this is just pertinent to me but i think uh it's worked well for others that i've tried to teach and train i think learn linux number one over the wire kind of the web page i'm on right now bandit is is a great war game to kind of get started and to learn how to work through levels and connect in linux then i would recommend folks get familiar with the scripting language and this can be any language that you're interested in or one that you like personally i use python python is kind of just it's my weapon of choice right that's my knee-jerk reaction once you feel like you're at least familiar enough feel you're familiar enough with python or maybe you're bored of it i just want to try something new that's totally okay too uh go play a capture the flag go play pico ctf can i get exposed and see what what tasks or challenges are in front of you and you'll learn so so much so i mean your your two like introductory skills would be linux and then it would be python is that right start with those two um anything else that i mean are you just saying then go do ctfs and then the world opens up for you and then you you're going to see where all your gaps are in my opinion that's that's the way uh linux in a scripting language of your choice python is a great recommendation and uh it's iterative again if if you see something out there kind of experimenting with war games whether it's try hack me whether it's hack the box or pico ctf or any other capture the flag you can always go back learn something new in that language that you love or try some new tricks inside linux and in the command line and that's great i mean so you use ubuntu and i don't want to turn this into a linux thing but i mean if that's our first skill um would you recommend like just ubuntu or would you recommend someone who starts to use like kelly or parrot os or something else so i use ubuntu uh because when i was learning linux when i was trying to make the transition uh kind deciding whether i wanted to jump straight into running linux as my full only operating system rather than windows ubuntu was the most recommended thing for the easiest beginner friendly linux distribution uh it it works out of the box it has a lot of incredible support the community is humongous and it's just so easy i'm sure there are some linux heads and gurus they're like oh you you have to run arch linux or you have to use kali linux if you're i've heard a lot of those yeah i've had a lot of those no honestly hey you can install whatever tools you need you can customize it however you want it's open source it's linux that's the whole point so uh i tend to use ubuntu just because i like it and it works and that's good enough for me so you install you're running ubuntu um natively on your on your laptop as an example and then would you run kali in a virtual machine or do you just like get clone and install the tools yeah i'm a weirdo i i tend to you know you know my tools i don't really use cali all that often i i don't use parrot which is another one i i don't use black arch or some other renditions of penetration testing tools and there's nothing wrong with them to each their own if you like to use those tools you're more than welcome to i tend to like i don't know pulling in things as i need them and then customizing and configuring them as i need to so so i mean do you some other guys have said you should pro it would be better to use a mac or a windows computer so that you can write reports and stuff and i mean you're giving a different view on that so when you when you use ubuntu how do you write reports do you like use word or do you have to use some open source um like management or sorry office application how do you get around like the the business stuff like email and um word and stuff like that yeah this is where i get really nerdy um i i tend to write reports when they're needed from me in markdown which is a kind of a plain text like hey here you can structure and design things as you're naturally typing on the keyboard um and markdown can be translated into html or even latex or latex latex to generate it into a pdf so i tend to use and i've showcased some videos on this uh i'll use markdown to write whether it's my notes whether it's a full formal report and i'll convert it into latex and then have that generate a pdf document for me so it looks gorgeous it looks beautiful and it's so much easier to write and just crank out than kind of fumbling around moving my mouse and microsoft word and all that so that's how i tend to do it so i mean is an application that you'd recommend someone uses sorry to go on this tangent but it's interesting is it like on ubuntu what application do you use to create that so personally for taking notes to further my learning or just to build out a library or reference in a catalog an archive right of everything that i'm learning i like to use obsidian obsidian is a note-taking application but it allows you to kind of reference and link to all of the other notes that you've already written out and it'll even build some crazy cool mind map or like a graph view and because it's all plain text it is super fast to hey control f and search through all of your different pages like oh i need to remember how to bypass some filter evasion in sql injection or whatever or whatever you can link and do so so much with it and it's so simple and it's so great i use obsidian i'm glad you mentioned this because i mean when you're doing ctfs i'm assuming that you're not going to remember every ctf and how you solved it so would you like dump knowledge into something like this yes uh whenever i am playing a capture the flag for real like all my attention is on it or even just kind of cursory even just hey let's go see what i can solve just kind of a casual thing uh i'll try to organize and capture every challenge that i work in in its own folder and i'll mark it as complete or it won't have that suffix if i'm if i haven't finished going through it yet every time i go through one i will try and create like a little get flag script that just captures how i solved it uh it's like a write-up without being a write-up it's like hey these are the commands that i ran this was the code that i used this was the real process technically as to how this challenge was solved sometimes they aren't all that sometimes i'll just literally leave myself some notes like here's a dummy solution file and that's at least the bare minimum i can do while i'm cruising through and running as i'm playing it capture the flag oftentimes i do something more formal i'll write a readme in markdown it'll be organized in obsidian but if you're moving quick i think this is still absolutely necessary keeping track of a solution keeping track of the flag itself or a little get flag script to keep encapsulate how you solved it so i mean while you're doing that you're creating these local text files and then do you upload them to obsidian at some point or you just use both systems yeah um sorry just trying to get into your mind john because you've you've been doing this for a long time so i'm trying to like extract your your tips and tricks if you like how do we become like you and you know how can we not make all the mistakes you've made over the last number of years this is just an example of of my notes or kind of how i put things together when it's an obsidian uh i could show you reports or i could show you something more formal if need be if you don't mind i mean be great to see it but i mean we i mean if if it's going to take too long we can see it later but it'd be great to see you know for us to try and get your knowledge you know any tips like this is great yeah i i try to even when i'm going through a course like you can see this is a working through a zero to auto uh malware analysis course uh i'll try and create like essentially reformat whatever slides they showcase or whatever text they cover in in their book i'll i'll make it my own even if it's powering through just rewriting and hand jamming it uh i'll try and make my own copy of it so i can get fully invested and fully into everything that i'm trying to learn and it eventually starts to be built out as kind of a library because then i can always click back to refer back to anything particularly interesting and uh that is a great reference so i mean john that's great i mean so basically the takeaway there is don't just go through it and then forget what you've done you've got a searchable database basically of your knowledge and your experience that you you can refer to back later is that right yeah you will run into a problem and then later down later down the road in the future you will see that problem pop up again or you'll see something similar to it or you'll see maybe just a different variation with a slight spin on it uh so building out your own library is is absolutely imperative i think it's it's really great and it's something you can always always call back to and dive through your notes you have your own checklist you have your own repertoire that is a something super valuable yeah i mean i think that's i mean just like thinking out of the box i mean you you going through these ctfs you're going to see a problem in the real world you might like you said see something similar it might trigger something in your mind hold on i've seen this before and then you can ref you'd like to do searches um on your notes i mean evernote and there's a bunch of these note-taking applications out there i mean it's it's fantastic to put your brain into something where you can search the notes later rather than trying to remember everything absolutely so i mean sorry john i took you off your cdf so you said there was something like uh something weird about the license on that file yeah here i will um bring that all back sorry no no you don't you don't need to apologize so so john explain you you're going to show us like base64 what is that and um how did you how does it like this is if this is like you said earlier if this is for school kids if you like i mean that's quite a quite a not not something that they may necessarily recognize yeah uh i think there will eventually you you'll see things and you'll you'll become familiar with some things that are common uh and they they pop up every now and again like oh you'll you'll see a caesar cipher as a bare bones very classic very cookie cutter capture the flag trick you'll see base 64 or you'll see other representations of data like base 32 or base 58 it goes on and on but they are kind of quirky gimmicks but they are really used in the real world like base64 is an encoding scheme that will take any kind of data even like those binary values that we saw out of that jpeg file and it'll try and represent them in printable characters like those letters a through z and zero through nine base 64 uses all those letters of the alphabet uppercase and lowercase the numbers here and just a plus sign a forward slash and adds in equals at the very end for padding so one rule of base64 you can kind of become familiar with is that the encoded data always has to have a multiple of four for its length so if it encoded something to maybe five characters long oh okay we'll we'll try and do some padding to make it eight uh it has to be a multiple of four so if you see equal signs at the very end of some random letters and numbers hey that's maybe a good telltale this is potentially base 64. in this case it wasn't so we're kind of working on a hunch but one thing that we learn from capture the flag is we need to try everything like every idea that comes into our head every single thing that we think of it's worth checking under that rock just to see because after a competition or when write-ups or other solutions are available if you see someone that solved it and you think oh man i thought of that i just didn't even tried it you should try it everything that comes to your mind it's worth exploring i just wanted to say something i watched one of your videos you were i think it was a vb script or uh you were doing some malware analysis and you you were saying they were obfuscating the code with um i can't remember exactly but i mean to me the takeaway here is we're doing a so-called basic ctf and you've already that kind of way of thinking and looking at code seems to be applicable to the real world is that right yeah at the when you drill it down to the core there is still curiosity and the inquisitive mind and kind of that problem-solving attitude those are really instilled in you for capture the flag and war games and all of this i know in the moment sometimes it sucks like you're banging your head against the wall you have this problem in front of you and you you can't solve it you've been beating yourself up for a day or a week but you still you can't sleep you're thinking about it you're obsessed with this problem and you i don't know it it builds in that grit and determination and stubbornness to let's think about this let's try and solve this problem let's let's be curious as to how it does what it does those are all things you'll definitely get and capture the flag i was going to say it's it seems to be this is stuff that's applicable to your real job it's like you said right in another video i think um it's not just games it's it's actually teaching you a lot of skills that are relevant for what you're doing because you're doing like hardcore malware analysis and this stuff seems to be already pointing us to that yeah there are tidbits that you'll see just about everywhere it all kind of bleeds into injunction so i'm going to shut up now you you continue show us the show us how you solve this sure so this one is taking that weird string that we saw from that exif tool and piping it into some base64 decoder because this is the encoded form but that operation is kind of reversible so we could decode that with base64 and that command line argument tak d those are some of the options or parameters you might learn as you get more familiar with the linux command line but when we decode this oh here's a base64 the metadata is modified and that's another simple challenge that flag that we can go ahead and submit and get some points so the takeaway there is to look for weirdness is that right so look for stuff that's out of place yes and and that is is absolutely crucial just as much um ina capture the flag and this kind of has its own difference than bug bounty or its own implications for penetration testing and some other real world aspects to it you know with capture the flag that something is vulnerable there is something that has a flaw there's something that can be kind of peeled away and picked at uh that's different than the real world right you could be beating up a target if you're doing an actual pen test and maybe you get nothing you don't know if it's really vulnerable or if you try and bug bounty and man you don't get anything and capture the flag it is a change of mindset and that if something weird is there it's probably there for a reason so maybe that's a tip to uh to help dig into things you
Info
Channel: David Bombal
Views: 174,785
Rating: undefined out of 5
Keywords: capture the flag, ctf, john hammond, nerf capture the flag, capture the flag 2, capture the flag game, ctf for beginners, ctf competition, ctf hacking, hack the box, try hack me, hackthebox, tryhackme, picoctf, picoctf 2021, ctf writeup, cyber security, hacking, learn ctf, google ctf, ctf walkthrough, hacker, cybersecurity, cyber security tutorial, john hammond ctf, ctf challenges, ctf tutorial, ctfs, how to hack, ctftime, learn how to hack, hack, capture the flag tutorial, ine
Id: ZUqGSbvZp1k
Channel Id: undefined
Length: 28min 6sec (1686 seconds)
Published: Wed May 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.