Google CTF: Beginner Quest: MOAR
Skills:
Tool Use & Function Calling80%
Key Takeaways
Solves Google CTF Beginner Quest challenge MOAR using binary exploitation
Full Transcript
Hey, what's up internet? This is John Hammond and I want to showcase more of the Google capture the flag competition that just happened recently. Um, a shout out first of all to Live Overflow. Um, I played this game with him and he took a look at some of the legitimate challenges. Um, JSafe 2 or like JavaScript safe 2.0. Um, and he did some incredible work with it. It was super cool to watch him work. Um, but he's a great guy. He has incredible content on YouTube. You should totally check out some of his stuff um, if you haven't already. but we do similar things like cyber security, computer science, hacking, capture the flag stuff. So hopefully he's already on your radar. Um, but let's get to the real content here. Let's get to the Google capture the flag. So I want to check out the beginner's quest. Uh, and this challenge here uh the green dot that became available just recently after we've solved a couple of the challenges. This challenge is called more m o a r uh and it's a pone uh binary exploitation challenge. However, it's not that much. Um, it's not the classic hardcore binary exploitation thing. It's a baby quest one. So, the challenge prompt is finding yourself on the Fubanizer 9000, a computer built by 9,000 foos. This computer is complicated. Luckily, it serves manual pages through a network service. As the old saying goes, everything you need to know is in the manual. So, we can copy this netcat connection script. Um, let's get a terminal that we can work with this stuff in. I've been working out of GCTF because I like to have a folder for every single game I play. And I like to have a folder for every single challenge I do, too. So, let's make a directory more. Move into it. And let's create a connect script just because I always forget the host name and port for everything that I do. So, I do want a connect script that lets me just easily run through the net connection. Now, I can dot /connect. And what we have here is what looks like a manual page for socat or the socket cat multi-purpose relay blah blah blah. And there's nothing else we can do with this. It's just printing out that page and that's it. So the gimmick here is that this man page is trying to run a pager program like less or more. And thankfully those command those those programs let us do interesting things like open up editors or read another file or etc etc. One of those things is actually running commands. If we give it a special key a exclamation point we can actually start to type things that will run in the shell that in the service we're connected to. So if I run who am I we'll get the output more. Okay. If I were to run ID, we can run and see, oh, I am this this user here. So, if I go to actually ls, see what's in the current directory. Hm, this looks like a root directory. Let's check out what's in home. Anything? Okay, looks like we just have a uh more user. So, let's see what he has. He has a file disabled DMZ.sh. Looks like a shell script. Um, let's check out what that actually is. Home more. Oh, it looks like I lost connection there. So, let's cat out home more. Disabled DMZ.sh. Um, oh, I had a forward slash in there. My bad. I'm going to copy this because I'm lazy. Run this. And we can see the output and see the contents of this script. A shebang line here. It says disabling DMZ using password CTF something catastrophic. Here is the flag for this challenge. So, not super hard. Um, I didn't end up writing a get flag script for this. I just took note of the flag and wrote down a solution. I like to do that. Just a super easy thing so I have my own mental write up like um use exclamation point for rce cat home directory scripts or something. And just a super uh mental note for myself. Um, rather than writing a get flag script for these things that I can't easily automate things for, we could try and connect to it and then use XTE to send keys. Um, I don't even know if we could just like echo a dollar sign or an exclamation point into this connect script. Let's try it just to see, I guess. Disabled DMZ.sh. Pipe that into connect and we'll see what happens. No, it looks like it breaks. Yeah. Okay. So, like I said, not an easy candidate for writing a get flag script, but we can still grab the flag, save it, take note of what we did to get it, and mark this challenge as complete because that's good CTF practice here. Sweet. Thank you guys for watching. Hope you enjoyed this uh simple stuff, right? Beginner's quest, baby challenges, noob stuff, but a little bit here for everyone. If maybe doing some techniques you haven't seen before or just good practice, I don't know. I like to showcase some of this stuff. Thank you guys for watching. Um, I'll see you in a later tutorial or video, but extra shout out, check out Live Overflow. He's awesome. Uh, and I'm really, really thankful we were able to get together and do some of this stuff together. Uh, maybe do a collaboration in the future, and I hope we can work together on some of these CTF stuff soon. All right, if you did like the video, please do press that like button. Um, if you want to give me some feedback, let me know what you think, what else you'd like to see. Leave a comment if you're willing. subscribe and if you really really want to help me out, please just Thanks again.
Original Description
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 0 of 60
← Previous
Next →
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
More on: Tool Use & Function Calling
View skill →Related Reads
📰
📰
📰
📰
Why RAM Prices Are Exploding: Inside the DRAM Shortage Fueling the AI Boom
Medium · AI
Reflection inks $1B compute deal with Nebius
TechCrunch AI
You’ve Been Working for Google for Years — And You Never Got Paid
Medium · AI
You’ve Been Working for Google for Years — And You Never Got Paid
Medium · Machine Learning
🎓
Tutor Explanation
DeepCamp AI