1
00:00:00,630 --> 00:00:07,450
Hi, within this lecture, we're going to continue solving our bandwidth capture to flag questions.

2
00:00:07,710 --> 00:00:13,740
So right now we're in level three and I will go to the level three to level four tips.

3
00:00:14,160 --> 00:00:19,260
So as you can see, it says that the password for the next level is stored in a hidden file.

4
00:00:19,770 --> 00:00:20,970
So here you go.

5
00:00:20,970 --> 00:00:23,540
Now, I believe you know how to do this as well.

6
00:00:23,550 --> 00:00:27,400
So you can just around dash L.A. and here you go.

7
00:00:27,420 --> 00:00:31,080
Now we see the hidden folders and hidden files as well.

8
00:00:31,110 --> 00:00:31,460
Right.

9
00:00:31,710 --> 00:00:38,460
So we can come over here to CD in here and there is nothing over here if we on that list.

10
00:00:38,460 --> 00:00:43,530
But if you're in L.A., then we can see the hidden file over there.

11
00:00:43,830 --> 00:00:45,300
So this is a basic one.

12
00:00:45,300 --> 00:00:48,960
You know how to dash L.A., I suppose.

13
00:00:49,870 --> 00:00:55,620
Of course, getting the password out of this is trivially changes from CAT that that hid.

14
00:00:56,490 --> 00:00:57,360
So here you go.

15
00:00:57,390 --> 00:00:58,710
This is the password for the.

16
00:00:59,130 --> 00:01:01,830
For now, I'm going to exit out of that one.

17
00:01:01,830 --> 00:01:05,100
And I'm just going to say to the bandit fa.

18
00:01:05,760 --> 00:01:07,060
So here you go.

19
00:01:07,080 --> 00:01:11,130
Now, if I hit enter, it will ask me for the password.

20
00:01:11,370 --> 00:01:14,010
Then I can give this password and just login.

21
00:01:14,460 --> 00:01:16,660
So I'll pay selection and enter.

22
00:01:16,680 --> 00:01:17,320
Here you go.

23
00:01:17,340 --> 00:01:19,380
Now we are inside of the bend that far.

24
00:01:19,950 --> 00:01:22,100
So let's go to the next level.

25
00:01:22,650 --> 00:01:29,650
So here we have the password stored in the only human readable file.

26
00:01:30,210 --> 00:01:30,540
Yeah.

27
00:01:30,540 --> 00:01:31,130
Here you go.

28
00:01:31,140 --> 00:01:34,900
Human readable file in the in here directory.

29
00:01:35,430 --> 00:01:37,990
So this is kind of interesting.

30
00:01:38,010 --> 00:01:39,270
Let's see what it means.

31
00:01:39,270 --> 00:01:40,480
Human readable.

32
00:01:41,130 --> 00:01:47,890
So I believe many of those will be not human readable and we will just see the human readable file.

33
00:01:48,510 --> 00:01:55,160
So let's try and see if I run the less naturally I can see the in here folder over here.

34
00:01:55,260 --> 00:01:55,670
Right.

35
00:01:55,980 --> 00:02:01,770
So let me come over here to come in here and run Ellerslie or more time.

36
00:02:01,770 --> 00:02:02,270
And here you go.

37
00:02:02,290 --> 00:02:04,190
We have a lot of files over there.

38
00:02:04,530 --> 00:02:06,500
So some files.

39
00:02:06,900 --> 00:02:10,530
Let me just try this one by one.

40
00:02:10,980 --> 00:02:13,740
And it's only 10 files.

41
00:02:13,740 --> 00:02:15,960
And I believe we can do this quickly.

42
00:02:16,950 --> 00:02:21,870
Maybe we can just run a script or write a script to test this automatically.

43
00:02:22,050 --> 00:02:28,050
But I'm not even going to bother with that because it's only some files.

44
00:02:28,050 --> 00:02:31,090
And as you can see, we cannot run this like that.

45
00:02:31,120 --> 00:02:34,860
We have to say dash, slash, dash.

46
00:02:35,100 --> 00:02:37,210
That's slash dash file zero zero.

47
00:02:38,280 --> 00:02:39,090
So here you go.

48
00:02:39,120 --> 00:02:40,590
This is not human readable.

49
00:02:40,770 --> 00:02:44,050
I believe it was talking about this.

50
00:02:44,070 --> 00:02:46,800
OK, so we cannot read that.

51
00:02:46,950 --> 00:02:52,860
And I believe one of these files will contain a human readable text inside of that.

52
00:02:53,310 --> 00:03:00,840
So I'm going to try this for file one and file two and file three.

53
00:03:01,470 --> 00:03:05,430
And let's try it for five, four, five.

54
00:03:05,790 --> 00:03:08,670
Yep, six and seven.

55
00:03:08,980 --> 00:03:09,830
And here you go.

56
00:03:09,930 --> 00:03:12,580
We have the password for the next level, I believe.

57
00:03:13,080 --> 00:03:16,850
So this should be the password for the Bendit five.

58
00:03:17,400 --> 00:03:20,330
So what I'm going to do, I'm going to copy this, OK?

59
00:03:20,340 --> 00:03:27,630
And I'm going to copy selection and I'm going to exit out of this one and just click connect to Bendit

60
00:03:27,630 --> 00:03:28,140
five.

61
00:03:28,830 --> 00:03:31,590
Let me come over here and write Bendit five.

62
00:03:31,980 --> 00:03:35,580
It will ask me for the password and we will see if we do this right.

63
00:03:36,270 --> 00:03:40,100
So let me pass it over here and enter.

64
00:03:40,560 --> 00:03:41,340
So here we go.

65
00:03:41,370 --> 00:03:47,540
We are inside of Bendit five and let me just open the tip from here as well.

66
00:03:48,000 --> 00:03:50,040
So level five to level six.

67
00:03:51,030 --> 00:03:57,330
Again, we have a password and it start in a file somewhere around there in here directory.

68
00:03:57,600 --> 00:04:07,280
But this time it should be human readable and it has a specific bytes in size and it should not be executable.

69
00:04:07,890 --> 00:04:08,940
Very interesting.

70
00:04:08,940 --> 00:04:10,620
Let's try to find that.

71
00:04:11,100 --> 00:04:12,570
Let's see how it looks like.

72
00:04:12,570 --> 00:04:13,650
Let me run the list.

73
00:04:13,920 --> 00:04:14,490
Here we go.

74
00:04:14,490 --> 00:04:15,990
We have them here folder.

75
00:04:16,140 --> 00:04:20,910
Let me run Ellerslie and we have a lot of folders right now.

76
00:04:20,910 --> 00:04:22,530
Maybe here, maybe there.

77
00:04:22,800 --> 00:04:25,050
So we have twenty folders.

78
00:04:25,440 --> 00:04:30,960
So this time we're not going to try this one by one, I believe.

79
00:04:30,960 --> 00:04:31,350
Right.

80
00:04:31,680 --> 00:04:34,560
So it's getting harder and harder.

81
00:04:35,320 --> 00:04:42,840
I believe if we go into those folders, there will be a lot of many more files inside of those folders

82
00:04:42,840 --> 00:04:43,160
as well.

83
00:04:43,170 --> 00:04:45,780
Let me try one and here you go.

84
00:04:45,780 --> 00:04:51,990
We have a lot of files over here like file one, file spaces, something like that.

85
00:04:53,040 --> 00:04:57,870
So we have to find a way to test this at once.

86
00:04:57,870 --> 00:04:59,820
And actually, we have to find a way to.

87
00:04:59,930 --> 00:05:08,090
Find our file with this specifications with bitts or not executable specifications.

88
00:05:08,670 --> 00:05:15,860
Of course, you can just try to see the size of the file inside of those folders, but it will take

89
00:05:15,860 --> 00:05:16,410
some time.

90
00:05:16,670 --> 00:05:18,160
And here we have the tip.

91
00:05:18,560 --> 00:05:22,280
We have a comment in Linux called Find.

92
00:05:22,910 --> 00:05:25,490
And let me go to a new tab over here.

93
00:05:26,200 --> 00:05:28,430
It runs in color Linux as well.

94
00:05:28,430 --> 00:05:36,050
Obviously, you can see how it's used over here by typing find if you just type find, it will just

95
00:05:36,050 --> 00:05:40,760
try to find every file and folder and it won't do any good for you.

96
00:05:40,840 --> 00:05:47,930
OK, so I'm going to clear this up and I'm going to run find that stack help so that we can see how

97
00:05:47,930 --> 00:05:48,620
it's used.

98
00:05:49,430 --> 00:05:52,970
Let me open this up and here you go.

99
00:05:53,330 --> 00:05:59,270
So find is a comment that we use in order to find some file or folder.

100
00:05:59,600 --> 00:06:03,710
And it has it takes in a lot of parameters over here.

101
00:06:04,070 --> 00:06:11,630
So we have to understand how can we use this in order to specify the site or specify the executable

102
00:06:11,630 --> 00:06:12,230
or not.

103
00:06:12,770 --> 00:06:20,420
So over here you can see the normal options, tests and actions like you can just specify the maximum

104
00:06:20,420 --> 00:06:21,980
depth, minimum depth.

105
00:06:23,030 --> 00:06:31,520
That tab pattern is regex or whole name executable, readable.

106
00:06:31,940 --> 00:06:34,540
You can specify anything you want, actually.

107
00:06:34,880 --> 00:06:40,780
And we're going to use all of those things because as you can see, it says executable, I'd say.

108
00:06:40,820 --> 00:06:43,820
Sighs Yeah, we're definitely going to use sites, right.

109
00:06:43,820 --> 00:06:49,190
Because we have this one thousand thirty three bytes and not executable over here.

110
00:06:49,460 --> 00:06:50,780
We can just specify.

111
00:06:50,810 --> 00:07:01,010
I want to find the files that is 1033 bytes in size, and I want to find the files that are not executable

112
00:07:01,010 --> 00:07:08,990
at all so that I can actually narrow down my search and I can just try maybe a couple of files to see

113
00:07:09,020 --> 00:07:11,500
if they're the ones that I'm looking for.

114
00:07:12,170 --> 00:07:16,250
So we're going to use this comment in the server as well.

115
00:07:16,250 --> 00:07:20,900
So I'm going to make the smaller a little bit one more time.

116
00:07:21,380 --> 00:07:28,570
And let me go back to here and let's try to run the find comment over there, OK?

117
00:07:29,000 --> 00:07:33,500
And we're going to narrow down all the possibilities over here.

118
00:07:33,830 --> 00:07:39,140
But I believe I cannot type anything right now, and I believe I lost my connection somehow.

119
00:07:39,770 --> 00:07:44,690
Maybe we can just exit out of this one or just try to connect it one more time.

120
00:07:45,110 --> 00:07:48,230
Let me see if I can get my password.

121
00:07:48,230 --> 00:07:52,400
By the way, I don't have my password stored over here.

122
00:07:52,400 --> 00:07:56,720
Let me try to pasted over there and let's see if this works or not.

123
00:07:57,380 --> 00:07:58,010
Here you go.

124
00:07:58,040 --> 00:08:04,220
Yeah, I have the password and I just realized that we are not saving this passwords.

125
00:08:04,610 --> 00:08:10,760
And I believe it's a very good habit to save all those passwords, all those passwords into a text file

126
00:08:10,880 --> 00:08:14,860
so that if we lose our connection like that, we can come back and check it.

127
00:08:15,470 --> 00:08:22,250
So let me go to my documents and I'm going to create a folder called CTF or something like that, or

128
00:08:22,250 --> 00:08:22,910
Bendat.

129
00:08:23,240 --> 00:08:28,580
Let's actually call this ETF because we're going to solve a lot of ETFs over here.

130
00:08:28,700 --> 00:08:34,670
I'm going to go into this ETF and I'm going to create Bendit over here and I'm just going to go into

131
00:08:34,670 --> 00:08:38,510
the Bendit and I'm going to create a not static, OK?

132
00:08:38,510 --> 00:08:41,150
I'm going to just use the Nano.

133
00:08:41,720 --> 00:08:45,980
I'm going to call this password and I'm just going to paste is over here.

134
00:08:46,460 --> 00:08:49,250
So this is level five.

135
00:08:49,370 --> 00:08:52,520
OK, so I'm going to take note of all the passwords.

136
00:08:52,760 --> 00:08:56,740
I'm going to say control all control X and here we are.

137
00:08:57,590 --> 00:08:58,550
So here you go.

138
00:08:58,550 --> 00:09:06,560
I believe you know how to use Nano by this time if you don't try to use any other text editor that you're

139
00:09:06,560 --> 00:09:07,640
comfortable with.

140
00:09:07,820 --> 00:09:15,680
OK, I'm going to paste is in and I'm going to try to log into our server over here.

141
00:09:16,010 --> 00:09:21,370
But I believe there is something wrong or let me try one more time.

142
00:09:22,040 --> 00:09:23,120
Here you go.

143
00:09:25,160 --> 00:09:28,280
Yeah, we're getting some kind of a weird error over here.

144
00:09:28,280 --> 00:09:34,220
Let me try to copy this one more time from the file that we have just created.

145
00:09:34,760 --> 00:09:38,990
Maybe I have copied spaces by mistake.

146
00:09:38,990 --> 00:09:40,160
OK, it happens.

147
00:09:40,370 --> 00:09:44,720
So I'm going to cut this out and I'm just going to take this, OK?

148
00:09:44,720 --> 00:09:46,370
And I'm just going to copy this.

149
00:09:46,820 --> 00:09:54,500
And I'm just going to come back over here and I'm going to log into the banded five one more time.

150
00:09:54,510 --> 00:09:55,250
Here you go.

151
00:09:55,940 --> 00:09:59,830
Let me paste this election and hit enter and see what happens.

152
00:10:01,480 --> 00:10:03,200
Let me try one more time.

153
00:10:03,550 --> 00:10:04,490
Here you go.

154
00:10:05,740 --> 00:10:08,910
Um, yeah, it says a connection closed.

155
00:10:08,920 --> 00:10:11,250
So maybe there is something wrong with the server.

156
00:10:11,260 --> 00:10:15,650
I'm going to try this one more time and see if we can make it right or not.

157
00:10:16,240 --> 00:10:17,010
Yeah, here you go.

158
00:10:17,020 --> 00:10:18,330
Now, we made it right.

159
00:10:18,700 --> 00:10:25,240
So I'm going to clear this thing and I'm just going to use the find comment that we have been discussing.

160
00:10:25,400 --> 00:10:33,730
OK, so I'm going to go over here and if we just write, find that, OK.

161
00:10:33,760 --> 00:10:41,500
So that means I'm trying to find something in the current folder and I'm going to specify the type and

162
00:10:41,500 --> 00:10:43,970
size and whatever I want over here.

163
00:10:44,350 --> 00:10:49,390
So for the type I'm going to I'm looking for a file.

164
00:10:49,400 --> 00:10:56,050
OK, so I'm going to specify F and for this size, I'm just going to right size that size.

165
00:10:56,050 --> 00:11:02,370
Obviously I remembered to have documentation and this will be one thousand thirty three.

166
00:11:03,040 --> 00:11:06,040
And let's see if this works or not.

167
00:11:06,040 --> 00:11:13,060
If is, if we don't have any executables over here, we don't need no further filtering.

168
00:11:13,720 --> 00:11:14,620
So here you go.

169
00:11:14,620 --> 00:11:22,750
We only have one file in this current folder that is 1093 bytes in size.

170
00:11:23,290 --> 00:11:25,810
So I believe it was easy to find this.

171
00:11:26,410 --> 00:11:29,680
And of course, we can just narrow it down more.

172
00:11:29,680 --> 00:11:37,840
But there is no point because as you can see, we only have one file and you can just write it like

173
00:11:37,840 --> 00:11:38,090
this.

174
00:11:38,090 --> 00:11:43,060
So executable, as you can see, there is nothing executable over here.

175
00:11:43,780 --> 00:11:45,100
So this is fine.

176
00:11:45,340 --> 00:11:47,910
Anyhow, I found what I'm looking for.

177
00:11:47,920 --> 00:11:48,310
Right.

178
00:11:48,520 --> 00:11:57,670
So you can just write something like this, by the way, in order to make it negative, like find something

179
00:11:57,670 --> 00:12:05,470
that is not executable and all you have to do is just put an exclamation point in front of the executable.

180
00:12:05,620 --> 00:12:10,140
And it gave us the same result because file two is not executable.

181
00:12:10,750 --> 00:12:18,670
So I'm just trying to get this out maybe here 07 and that file, too.

182
00:12:18,760 --> 00:12:19,810
And here you go.

183
00:12:19,810 --> 00:12:21,280
We have the password.

184
00:12:21,670 --> 00:12:25,530
So see how easy this is due to the find comment.

185
00:12:25,990 --> 00:12:32,380
So remember, just find comment because we're going to be using this a lot during the course as well.

186
00:12:32,980 --> 00:12:40,570
So I'm going to try and log into the Bendat six and see if this works or not, see if this is the right

187
00:12:40,570 --> 00:12:42,730
password, if this is the right password.

188
00:12:43,030 --> 00:12:45,790
Don't forget to make a note of it.

189
00:12:46,120 --> 00:12:46,870
Here you go.

190
00:12:46,870 --> 00:12:48,460
Now, this is the right password.

191
00:12:48,460 --> 00:12:49,030
We see.

192
00:12:49,300 --> 00:12:55,270
I'm going to open a new tab and come over here and write it in my password file.

193
00:12:55,840 --> 00:13:00,520
So let's go to Bendit and the Nano password, that taxi.

194
00:13:00,910 --> 00:13:04,180
And I'm going to paste the thing that we have copied over here.

195
00:13:04,450 --> 00:13:06,550
And I'm just going to write Level six.

196
00:13:06,940 --> 00:13:10,590
So control or enter control X and here we are.

197
00:13:11,230 --> 00:13:12,510
So here we go.

198
00:13:12,580 --> 00:13:17,350
Now let's go to the tips for the level six to level seven.

199
00:13:18,490 --> 00:13:21,610
So this is again, defined command, I believe.

200
00:13:21,610 --> 00:13:29,470
So this is the password for the next level will start somewhere on the server and has all of the following

201
00:13:29,470 --> 00:13:30,370
properties.

202
00:13:31,150 --> 00:13:38,620
So either we have a folder called Somewhere on the server or it literally means that it's saved somewhere

203
00:13:38,620 --> 00:13:39,310
on the server.

204
00:13:39,310 --> 00:13:41,320
And we don't know which folder is this.

205
00:13:41,830 --> 00:13:48,310
And it's owned by the user Bendit seven, and it's owned by the group Bendat six.

206
00:13:48,580 --> 00:13:52,150
And it it's only thirty three bytes in size.

207
00:13:52,750 --> 00:13:58,120
So fairly simple because now we know how to use find comment.

208
00:13:58,300 --> 00:13:58,840
Right.

209
00:13:59,110 --> 00:14:06,340
So again without defined comment maybe we couldn't have find this or it would take so much time.

210
00:14:06,880 --> 00:14:14,230
But if you were on display, as you can see, there is no file and folder over here and it literally

211
00:14:14,230 --> 00:14:18,430
means that it's saved somewhere on the server, but we cannot see it.

212
00:14:19,000 --> 00:14:26,710
So we have seen how to use find within the current folder that we are in with the dot com and right.

213
00:14:26,710 --> 00:14:34,870
Finds dot, but we haven't seen how to use find comment for the whole server or for the whole system.

214
00:14:35,350 --> 00:14:37,300
So it's fairly easy.

215
00:14:37,300 --> 00:14:44,470
Again, rather than DOT, you can just write find space slash rather than DOT.

216
00:14:44,470 --> 00:14:48,040
We have written this like that a couple of minutes ago.

217
00:14:48,040 --> 00:14:49,480
Remember, find dot.

218
00:14:49,900 --> 00:14:55,510
Now all we got to do is to replace this with Slash and I'm not even going to do that.

219
00:14:55,510 --> 00:15:00,790
Let's try to run this like that and you will see it won't find anything so.

220
00:15:00,970 --> 00:15:08,350
Write it like this, find that and just specify the type it's going to be a file and the user this time

221
00:15:08,350 --> 00:15:14,130
it's going to be the Bendit seven and the group this time will be Bendat six.

222
00:15:14,530 --> 00:15:16,570
OK, we can specify the size.

223
00:15:16,570 --> 00:15:19,510
Obviously we can just write thirty three over here.

224
00:15:19,840 --> 00:15:27,100
OK, so the, the size of our file that we were looking for is thirty three bytes and here you go.

225
00:15:27,100 --> 00:15:32,210
It couldn't find anything because it really doesn't reside on this current folder.

226
00:15:32,410 --> 00:15:36,370
Now let me replace this dot with Slash and see what happens.

227
00:15:37,030 --> 00:15:43,800
So if you run this like that then it will find a lot of things and here you go.

228
00:15:43,810 --> 00:15:52,980
We have a lot of things but we have permission denied for many of them because it's the user to write

229
00:15:53,080 --> 00:15:53,860
the user.

230
00:15:53,860 --> 00:15:58,620
Bendat Seven owns them and we don't have permission to read them.

231
00:15:58,930 --> 00:16:03,490
And I believe we will find something that we have permission to read.

232
00:16:03,670 --> 00:16:04,740
And here you go.

233
00:16:05,080 --> 00:16:10,850
This is VAR Lip, the packaging for Bendit seven the password.

234
00:16:11,470 --> 00:16:12,180
Here you go.

235
00:16:12,190 --> 00:16:14,560
Now this is the thing that we are looking for.

236
00:16:14,570 --> 00:16:16,510
We're authorized to read this.

237
00:16:16,930 --> 00:16:19,510
As you can see, we don't see permission denied.

238
00:16:19,630 --> 00:16:21,640
Right next to it is.

239
00:16:21,640 --> 00:16:25,030
It's owned by our group but it's owned by the user.

240
00:16:25,030 --> 00:16:29,290
Bendit seven and then seven apparently made it available for us.

241
00:16:29,680 --> 00:16:34,810
So I'm going to check this out and see the password of the Bendit seven.

242
00:16:35,470 --> 00:16:36,390
Here you go.

243
00:16:36,400 --> 00:16:39,060
This is the password of the Bendit seven.

244
00:16:39,280 --> 00:16:44,020
Now, I'm going to copy this and I'm going to make a note of it.

245
00:16:44,020 --> 00:16:45,040
As usual.

246
00:16:45,550 --> 00:16:51,250
I suggest you do the same thing as well so that if you lose your connection at some point, you can

247
00:16:51,250 --> 00:16:54,460
come back and start where you're left off.

248
00:16:54,760 --> 00:17:02,500
Otherwise, it means that you're going to either start from scratch or try to just copy and paste it

249
00:17:02,500 --> 00:17:06,370
from or just try to make a note of it from my videos.

250
00:17:06,860 --> 00:17:08,170
It's hard as well, right?

251
00:17:08,590 --> 00:17:11,770
So let's try to assess each into this at seven.

252
00:17:12,070 --> 00:17:14,860
And I'm going to paste this election over here.

253
00:17:15,040 --> 00:17:16,060
And here you go.

254
00:17:16,060 --> 00:17:19,090
We are inside of the Bendit seven.

255
00:17:19,630 --> 00:17:23,240
Now, what we're going to do, we're going to try to go into the band.

256
00:17:23,240 --> 00:17:30,880
That's eight, of course, and let's do that within the next lecture, because we made this video a

257
00:17:30,880 --> 00:17:31,810
little bit longer.

258
00:17:32,080 --> 00:17:33,880
Let's see you in the next lecture.