Google CTF: Beginner Quest: MOAR

John Hammond · Beginner ·📰 AI News & Updates ·8y ago

Key Takeaways

Solves Google CTF Beginner Quest challenge MOAR using binary exploitation

Full Transcript

Hey, what's up internet? This is John Hammond and I want to showcase more of the Google capture the flag competition that just happened recently. Um, a shout out first of all to Live Overflow. Um, I played this game with him and he took a look at some of the legitimate challenges. Um, JSafe 2 or like JavaScript safe 2.0. Um, and he did some incredible work with it. It was super cool to watch him work. Um, but he's a great guy. He has incredible content on YouTube. You should totally check out some of his stuff um, if you haven't already. but we do similar things like cyber security, computer science, hacking, capture the flag stuff. So hopefully he's already on your radar. Um, but let's get to the real content here. Let's get to the Google capture the flag. So I want to check out the beginner's quest. Uh, and this challenge here uh the green dot that became available just recently after we've solved a couple of the challenges. This challenge is called more m o a r uh and it's a pone uh binary exploitation challenge. However, it's not that much. Um, it's not the classic hardcore binary exploitation thing. It's a baby quest one. So, the challenge prompt is finding yourself on the Fubanizer 9000, a computer built by 9,000 foos. This computer is complicated. Luckily, it serves manual pages through a network service. As the old saying goes, everything you need to know is in the manual. So, we can copy this netcat connection script. Um, let's get a terminal that we can work with this stuff in. I've been working out of GCTF because I like to have a folder for every single game I play. And I like to have a folder for every single challenge I do, too. So, let's make a directory more. Move into it. And let's create a connect script just because I always forget the host name and port for everything that I do. So, I do want a connect script that lets me just easily run through the net connection. Now, I can dot /connect. And what we have here is what looks like a manual page for socat or the socket cat multi-purpose relay blah blah blah. And there's nothing else we can do with this. It's just printing out that page and that's it. So the gimmick here is that this man page is trying to run a pager program like less or more. And thankfully those command those those programs let us do interesting things like open up editors or read another file or etc etc. One of those things is actually running commands. If we give it a special key a exclamation point we can actually start to type things that will run in the shell that in the service we're connected to. So if I run who am I we'll get the output more. Okay. If I were to run ID, we can run and see, oh, I am this this user here. So, if I go to actually ls, see what's in the current directory. Hm, this looks like a root directory. Let's check out what's in home. Anything? Okay, looks like we just have a uh more user. So, let's see what he has. He has a file disabled DMZ.sh. Looks like a shell script. Um, let's check out what that actually is. Home more. Oh, it looks like I lost connection there. So, let's cat out home more. Disabled DMZ.sh. Um, oh, I had a forward slash in there. My bad. I'm going to copy this because I'm lazy. Run this. And we can see the output and see the contents of this script. A shebang line here. It says disabling DMZ using password CTF something catastrophic. Here is the flag for this challenge. So, not super hard. Um, I didn't end up writing a get flag script for this. I just took note of the flag and wrote down a solution. I like to do that. Just a super easy thing so I have my own mental write up like um use exclamation point for rce cat home directory scripts or something. And just a super uh mental note for myself. Um, rather than writing a get flag script for these things that I can't easily automate things for, we could try and connect to it and then use XTE to send keys. Um, I don't even know if we could just like echo a dollar sign or an exclamation point into this connect script. Let's try it just to see, I guess. Disabled DMZ.sh. Pipe that into connect and we'll see what happens. No, it looks like it breaks. Yeah. Okay. So, like I said, not an easy candidate for writing a get flag script, but we can still grab the flag, save it, take note of what we did to get it, and mark this challenge as complete because that's good CTF practice here. Sweet. Thank you guys for watching. Hope you enjoyed this uh simple stuff, right? Beginner's quest, baby challenges, noob stuff, but a little bit here for everyone. If maybe doing some techniques you haven't seen before or just good practice, I don't know. I like to showcase some of this stuff. Thank you guys for watching. Um, I'll see you in a later tutorial or video, but extra shout out, check out Live Overflow. He's awesome. Uh, and I'm really, really thankful we were able to get together and do some of this stuff together. Uh, maybe do a collaboration in the future, and I hope we can work together on some of these CTF stuff soon. All right, if you did like the video, please do press that like button. Um, if you want to give me some feedback, let me know what you think, what else you'd like to see. Leave a comment if you're willing. subscribe and if you really really want to help me out, please just Thanks again.

Original Description

If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 E-mail: johnhammond010@gmail.com PayPal: http://paypal.me/johnhammond010 GitHub: https://github.com/JohnHammond Site: http://www.johnhammond.org Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from John Hammond · John Hammond · 0 of 60

← Previous Next →
1 Code Commentaries? PHP to JavaScript in Bash and PHP!
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
2 Tutorials? MySQL connection with PHP and Bash!
Tutorials? MySQL connection with PHP and Bash!
John Hammond
3 Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
4 JavaScript Splits The URL!
JavaScript Splits The URL!
John Hammond
5 HTML Tables in Python!
HTML Tables in Python!
John Hammond
6 HTML, Net Shares, GML!
HTML, Net Shares, GML!
John Hammond
7 Python 08 Programming Style and Comments
Python 08 Programming Style and Comments
John Hammond
8 Python 26 Object Oriented Programming
Python 26 Object Oriented Programming
John Hammond
9 75 Python Tutorials, Out Now!
75 Python Tutorials, Out Now!
John Hammond
10 Batch 14 Mathematical Expressions
Batch 14 Mathematical Expressions
John Hammond
11 Batch 85 Array Append
Batch 85 Array Append
John Hammond
12 Batch 86 Array Count
Batch 86 Array Count
John Hammond
13 Batch 87 Array Index
Batch 87 Array Index
John Hammond
14 Batch 88 Array Insert
Batch 88 Array Insert
John Hammond
15 Batch 89 Array Remove
Batch 89 Array Remove
John Hammond
16 Batch 90 Array Reverse
Batch 90 Array Reverse
John Hammond
17 Python [colorama] 00 Installing on Linux
Python [colorama] 00 Installing on Linux
John Hammond
18 Python [colorama] 09 Cursor Position
Python [colorama] 09 Cursor Position
John Hammond
19 Python [hashlib] 02 Algorithms
Python [hashlib] 02 Algorithms
John Hammond
20 Python 00 Installing IDLE on Linux
Python 00 Installing IDLE on Linux
John Hammond
21 Python [pygame] 11 Rectangular Collision Detection
Python [pygame] 11 Rectangular Collision Detection
John Hammond
22 Python [pygame] 12 Platforming Rectangular Collision Resolution
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
23 Python [XML-RPC] 01 Research
Python [XML-RPC] 01 Research
John Hammond
24 Python [pyenchant] 03 Personal Word Lists
Python [pyenchant] 03 Personal Word Lists
John Hammond
25 FancyURLopener Authentication and User-Agent [urllib] 03
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
26 Python 04: PEP8 Coding
Python 04: PEP8 Coding
John Hammond
27 Python Challenge! 17 COOKIES
Python Challenge! 17 COOKIES
John Hammond
28 Google CTF 2016: Ernst Echidna
Google CTF 2016: Ernst Echidna
John Hammond
29 Google CTF 2016: Spotted Quoll
Google CTF 2016: Spotted Quoll
John Hammond
30 Google CTF 2016: Can you Repo It?
Google CTF 2016: Can you Repo It?
John Hammond
31 Google CTF 2016: No Big Deal
Google CTF 2016: No Big Deal
John Hammond
32 Google CTF 2016: In Recorded Conversation
Google CTF 2016: In Recorded Conversation
John Hammond
33 Homemade CTF Challenge: 01 "Orchestra"
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
34 Homemade CTF Challenge: 02 "Bae's Base"
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
35 Homemade CTF Challenge: 03 "Web Hunt"
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
36 Homemade CTF Challenge: 04 "UPX"
Homemade CTF Challenge: 04 "UPX"
John Hammond
37 Homemade CTF Challenge: 05 "The Assumption Song"
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
38 Homemade CTF Challenge: 06 "A Brisk Stroll"
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
39 Homemade CTF Challenge: 06 "I lost my password!"
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
40 web25 :: Mr. Robot : EKOPARTY CTF 2016
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
41 web50 : RFC 7230 :: EKOPARTY CTF 2016
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
42 misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
43 Hack The Vote 2016 CTF: Sander's Fan Club [web100]
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
44 Hack The Vote 2016 CTF Warpspeed [forensics150]
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
45 Juniors CTF 2016 :: Black Suprematic Square
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
46 Juniors CTF 2016 :: Six Strange Tales
Juniors CTF 2016 :: Six Strange Tales
John Hammond
47 Juniors CTF 2016 :: Lost Code
Juniors CTF 2016 :: Lost Code
John Hammond
48 Juniors CTF 2016 :: Here Goes!
Juniors CTF 2016 :: Here Goes!
John Hammond
49 Juniors CTF 2016 :: Southern Cross
Juniors CTF 2016 :: Southern Cross
John Hammond
50 Juniors CTF 2016 :: Clone Attack
Juniors CTF 2016 :: Clone Attack
John Hammond
51 Juniors CTF 2016 :: Dirty Repo
Juniors CTF 2016 :: Dirty Repo
John Hammond
52 Juniors CTF 2016 :: Hackers Blog
Juniors CTF 2016 :: Hackers Blog
John Hammond
53 Juniors CTF 2016 :: Voting!!!
Juniors CTF 2016 :: Voting!!!
John Hammond
54 Juniors CTF 2016 :: The Good, The Bad and The Junkman
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
55 Juniors CTF 2016 :: Stop Thief!
Juniors CTF 2016 :: Stop Thief!
John Hammond
56 Juniors CTF 2016 :: ROFL
Juniors CTF 2016 :: ROFL
John Hammond
57 Juniors CTF 2016 :: Restriced Area
Juniors CTF 2016 :: Restriced Area
John Hammond
58 Juniors CTF 2016 :: Oh SSH!
Juniors CTF 2016 :: Oh SSH!
John Hammond
59 HackCon CTF 2017 TRIVIA and BONUS Challenges
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
60 HackCon CTF 2017 "Bacche" Challenges
HackCon CTF 2017 "Bacche" Challenges
John Hammond

Related Reads

📰
Why RAM Prices Are Exploding: Inside the DRAM Shortage Fueling the AI Boom
RAM prices are surging due to the DRAM shortage caused by the AI boom, learn how this affects the tech industry and what it means for professionals
Medium · AI
📰
Reflection inks $1B compute deal with Nebius
Learn about Reflection's $1B compute deal with Nebius and its implications for AI and cloud computing
TechCrunch AI
📰
You’ve Been Working for Google for Years — And You Never Got Paid
Discover how your daily interactions with Google have been training their AI without your knowledge or compensation
Medium · AI
📰
You’ve Been Working for Google for Years — And You Never Got Paid
Discover how your everyday interactions with Google may be training their AI without your knowledge or compensation
Medium · Machine Learning
Up next
PLATO Exoplanet Hunter Launch 2026 Searching for New Earths in a Warming World
Tech Folk Insights
Watch →