Juniors CTF 2016 :: Dirty Repo

Key Takeaways

all right what's up guys welcome back to another YouTube video my name is John Hammond showcasing the junior CTF Capture the Flag competition that was going on over the last week uh so dirty repo this was another uh funic challenge was a little bit harder um and I guess higher up in their difficulty range 500 points still because not many people had been able to solve it or whatever the scoring fluctuates is um says grungle loves his money blah blah blah um Z Fighter for justice I just spoil one developers project try to find find out what the mfactor added here are all the developers projects so we get this working directory is this download link uh and it's a zip archive so oh file download limit exceeded okay we can only do that so this was also another like difficulty that a bunch of people had while they were like playing the CTF so thankfully I still have the archive uh let me get it so I'm going to create a new folder here just call it dirty repo and just paste in the tar object here in our terminal we can start to to work with it you would have downloaded the same thing just with a gz extension so you can just gunzip it and that's how you would actually be able to extract it and um then you can just tar extract it with tar xfv I guess and then we'll just crank it out so now we have a bunch of other archives so great let's gunzip everything that is a zip archive okay so now we have all these tars and we can tar XF all of those and let's not get everything so let's actually just get the comp comp grip and extract those oh let's do Okay cool so now we have everything extracted that works well um so if you're just going into one of these um these are open VPN I was very confused with and appar apparently it just looks like the source code for open vpm like I literally just looked at the readme file for a little bit it's like okay wow this is seriously the source code for openvpn so we have a ton of these right if you check out um comp 2 it's the exact same stuff and that goes the same for all of the other things so I'm assuming okay we now have like 20 or so um actual archives that have different codes in them or the same code although there's one difference in them so it's our job to find out what the difference is so what I did is I actually ran this through with diff and if you take a look at the diff Man pages it can actually find recursive stuff like it can work through an entire directory uh DHR D lowercase R I think it is me find d r yeah yeah yeah dasr recursive recursively compare any subd directories found so we can just crank that out right I use comp one as my initial test so I grip out all the comp ones um and let's get rid of the tars actually okay so now while I read line what I can do is I can take the diff of comp one and the what I'm looking at and let's pass in the RS to recursively look through it and let's go done and hey we see one difference which is in this source code file in in comp one and uh in in comp five it looks like it looks like there's a a a new line in there uh line 132 or or 133 has uh has a new comment called flag Grunkle Stan the word coder so boom that that's it there's our flag all we did was we diffed a bunch of different directories so sweet right uh what I ended up doing in in in real life was I Ed use like s so I could see like all the information and I took through that and I grepped out what not what was not identical and then it tells me oh straight there it is right there I had used Q for quiet when I did this for thing because I just found that line on stack overflow and it says okay these are the ones that differ so this is the interesting file so I had catted that out and just GED lowercase flag and there's a bunch of stuff in there but I could see just the very top here hey here's this comment flag is this but honestly this without it and you you still get the flag just without those other uh arguments to diff to like try and use quiet or stuff like that you just literally just get the one difference and it gives you the solution here so that wasn't too bad right it was there's a lot to look through but if you automate it with like some bash and uh some some diff then you're done the work is the work is easy so you submit this and I mean 500 points cool cranked it out so thanks for watching guys hope that one was kind of cool it looks like we had 20 different folders that we just like easily Loop through them and that's awesome so uh hope you guys are enjoying these um I'll record some more of the other later challenges that I had Sol and maybe I'll be able to get a few more before the game ends there's like uh a day left so I don't know I'll see you in a later video