1
00:00:00,960 --> 00:00:07,170
High within the section, where you going to solve another virtual machine, another vulnerable machine

2
00:00:07,170 --> 00:00:14,370
called freestyle leagues and again, this is in Dotcom's, so you can come over here to one half.com

3
00:00:14,370 --> 00:00:18,390
and search for foresty in order to freely reach this.

4
00:00:18,420 --> 00:00:21,690
OK, so this is freestyle leagues, one point three.

5
00:00:21,870 --> 00:00:23,880
And that's the thing that we are looking for.

6
00:00:24,600 --> 00:00:31,740
And indeed, this is a little bit similar to Mr. Robot, the previous CTF that we have sold.

7
00:00:32,130 --> 00:00:38,860
But again, this has another techniques, different techniques that we have previously learned about.

8
00:00:38,970 --> 00:00:44,190
So we going to learn new things and also re going to practice the old things that we have learned so

9
00:00:44,190 --> 00:00:48,090
far in this course and we're going to solve.

10
00:00:48,270 --> 00:00:56,280
So maybe you can try to give it a shot before you just follow along with the course and see how far

11
00:00:56,280 --> 00:00:57,570
you can get over here.

12
00:00:57,750 --> 00:01:04,590
OK, so maybe you may want to pause the video and try this one yourself and then come back and see the

13
00:01:04,740 --> 00:01:06,970
solution that I have in mind.

14
00:01:07,770 --> 00:01:11,490
So over here we are in the freestyle leagues.

15
00:01:11,490 --> 00:01:14,810
And again, this is a vulnerable machine, a virtual machine.

16
00:01:14,820 --> 00:01:18,220
Just click over here to download the OVA.

17
00:01:18,630 --> 00:01:24,300
This is around 700 megs and read the description over here.

18
00:01:24,300 --> 00:01:30,780
As you can see, the stylus it one more time enumeration following the breadcrumbs in order to find

19
00:01:30,780 --> 00:01:31,760
the solution.

20
00:01:32,190 --> 00:01:38,180
And the goal is to get the root and read the flag file.

21
00:01:39,090 --> 00:01:45,900
Here we have a small description, small virtual machine made for Dutch informal hacker meeting called

22
00:01:45,900 --> 00:01:47,420
up freestyler.

23
00:01:47,580 --> 00:01:51,030
So this is again built for Hekker meeting.

24
00:01:51,220 --> 00:01:52,610
So it's supposed to be good.

25
00:01:53,550 --> 00:01:59,580
So it's meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..

26
00:02:00,120 --> 00:02:05,820
So we don't know how many flags we have over here, but we do know that we have to get through it every

27
00:02:05,820 --> 00:02:05,970
day.

28
00:02:05,980 --> 00:02:14,960
FLAC So if you're Yamba's, you're going to have to manually that these VMS make a dress to this one.

29
00:02:15,270 --> 00:02:18,980
And of course this is also valid for virtual bucks as well.

30
00:02:19,320 --> 00:02:26,820
So if your virtual Xbox doesn't actually open this in a regular fashion, make sure you edit the mic

31
00:02:27,060 --> 00:02:30,070
over there as it's instructed like this.

32
00:02:30,370 --> 00:02:33,950
OK, so let's see if we have to do that.

33
00:02:34,170 --> 00:02:40,200
I'm going to come over here and as you can see, my colonics is running on that network.

34
00:02:40,470 --> 00:02:47,310
So what I'm going to do, I'm going to double click on the face of leaks and just import this and leave

35
00:02:47,310 --> 00:02:48,500
this as it is.

36
00:02:48,930 --> 00:02:52,200
And it says that guest OS type is a red hat.

37
00:02:52,590 --> 00:02:55,910
So I'm going to leave this as it is and see what happens.

38
00:02:56,740 --> 00:03:06,930
So seeks to forbid and come over here to settings and over there, the system has far from the max,

39
00:03:07,180 --> 00:03:10,330
so maybe I can just make it Vanik, OK?

40
00:03:10,900 --> 00:03:12,340
And it isn't necessary.

41
00:03:12,370 --> 00:03:15,540
We're not going to do much in this one as well.

42
00:03:16,390 --> 00:03:23,410
But again, I have 32 gig, so I'm going to come over here and make this Internet network and just do

43
00:03:23,410 --> 00:03:25,410
a little all for promiscuous mode.

44
00:03:25,600 --> 00:03:28,610
And here we have the Mac address, so let's check that.

45
00:03:29,290 --> 00:03:33,500
So over here, it says that your Mac address should be this one.

46
00:03:33,850 --> 00:03:36,510
So let's check and see if this is the same thing.

47
00:03:36,820 --> 00:03:37,590
And here you go.

48
00:03:37,600 --> 00:03:39,430
We have some differences over here.

49
00:03:39,610 --> 00:03:44,820
I'm going to change this, OK, as it's instructed in the page.

50
00:03:45,340 --> 00:03:53,680
So let's come over here and say, OK, so if you had any problems with that, if you tried to post the

51
00:03:53,680 --> 00:04:00,370
video and solve it on your own and had a problem with that, then now you know how to solve this.

52
00:04:00,370 --> 00:04:08,080
OK, maybe in this step you may want to post the video and give it a shot because we have learned so

53
00:04:08,080 --> 00:04:10,270
many things even now.

54
00:04:10,750 --> 00:04:13,280
Maybe you can just hectors pectus.

55
00:04:13,300 --> 00:04:17,020
OK, so here we have the IP address, which is very good.

56
00:04:17,020 --> 00:04:20,530
So I won't bother with net discover and map.

57
00:04:20,890 --> 00:04:22,690
So Tenno to 216.

58
00:04:23,110 --> 00:04:28,270
I'm going to come over here to my color Linux and if config and here you go.

59
00:04:28,270 --> 00:04:31,710
I have 10 or too far so I'm entitled to four.

60
00:04:31,780 --> 00:04:34,090
I'm going to go for 10 or two, 16.

61
00:04:34,540 --> 00:04:42,340
And you can go in like in Zenab for in Tuscon or you can just choose anything you want from here and

62
00:04:42,340 --> 00:04:44,490
run it on and map on your terminal.

63
00:04:44,740 --> 00:04:47,710
I'm going to run this on my terminal as usual.

64
00:04:47,890 --> 00:04:56,770
OK, so I'm going to place this thing over here and I'm going to run this against Anota 16 years ago.

65
00:04:57,580 --> 00:05:01,420
So I'm running a fast scan, as you can see, in a verbose mode.

66
00:05:01,870 --> 00:05:04,960
And I believe the first scan will be enough for us.

67
00:05:04,960 --> 00:05:11,500
But if it doesn't, if it isn't the case, we can always go back and search for old ports or old UDP

68
00:05:11,500 --> 00:05:12,700
or TCP ports.

69
00:05:13,390 --> 00:05:18,820
I'm going to go into my kit folder and create a new folder called Freestyle Leaks, as we have done

70
00:05:18,820 --> 00:05:22,560
before, because we're going to need to take some notes here as well.

71
00:05:23,530 --> 00:05:29,560
So inside of this folder, I'm going to NENO and not start so that we can take notes.

72
00:05:29,860 --> 00:05:30,550
Here you go.

73
00:05:30,560 --> 00:05:37,480
Our EMAP skin seems to be completed, so I'm going to copy everything over here so that if we need later

74
00:05:37,480 --> 00:05:40,290
on, we can come back and see what's going on.

75
00:05:40,840 --> 00:05:43,570
So let me choose one more time.

76
00:05:44,080 --> 00:05:49,270
And yep, it seems that I cannot do that for some reason.

77
00:05:49,660 --> 00:05:50,030
Yep.

78
00:05:50,050 --> 00:05:50,770
Here you go.

79
00:05:51,130 --> 00:05:54,580
Finally select that thing and here you go.

80
00:05:54,970 --> 00:05:59,230
I'm going to control or enter and control leaks out of this one to save it.

81
00:05:59,440 --> 00:06:00,640
And here you go.

82
00:06:00,970 --> 00:06:04,590
So let's scan the map results over here.

83
00:06:05,050 --> 00:06:08,440
So what we have over here, let me just scroll down.

84
00:06:08,440 --> 00:06:10,080
We have eighty port open.

85
00:06:10,090 --> 00:06:13,810
OK, so again, a weapon testing thingy going on.

86
00:06:14,110 --> 00:06:18,430
We have robots that texte and managed to find it as well.

87
00:06:18,850 --> 00:06:23,530
So we are going to definitely take a look at this 3D.

88
00:06:23,530 --> 00:06:26,470
I loved entries, cold beer.

89
00:06:26,470 --> 00:06:28,300
We're going to see what are those things?

90
00:06:29,230 --> 00:06:32,650
We have the Linux running over here.

91
00:06:32,650 --> 00:06:33,760
As usual.

92
00:06:34,390 --> 00:06:40,690
We have some specific kernel thingee or there like two point six.

93
00:06:41,230 --> 00:06:47,610
So let me come back and I know the eighty percent is open and it seems that nothing else is open.

94
00:06:47,620 --> 00:06:50,410
OK, we're going to take a look at this, of course.

95
00:06:50,860 --> 00:06:51,760
And here you go.

96
00:06:51,760 --> 00:06:56,680
We have sent us as a Linux operating system over here.

97
00:06:57,070 --> 00:07:02,020
So it's a little bit different than we have seen before where you get to see what we can do with it.

98
00:07:02,290 --> 00:07:05,130
And it seems that we don't have anything in the end.

99
00:07:05,140 --> 00:07:05,740
That's right.

100
00:07:05,740 --> 00:07:08,530
Because we only found eighty percent is open.

101
00:07:08,740 --> 00:07:10,660
Of course, we are going to take a look at that.

102
00:07:10,750 --> 00:07:17,260
But first, I'm going to run Ecto, OK, against Tunnel to sixteen and see what kind of information

103
00:07:17,260 --> 00:07:18,580
can we get from here.

104
00:07:19,240 --> 00:07:24,190
And again, NICTA is vulnerable to Skinner for fantastique.

105
00:07:24,670 --> 00:07:26,140
It's an entry point.

106
00:07:26,140 --> 00:07:32,320
It won't do much in real life that pantheistic scenarios, but it will do much in CTF.

107
00:07:32,320 --> 00:07:34,570
So make a note of that as well.

108
00:07:35,020 --> 00:07:36,070
So here you go.

109
00:07:36,070 --> 00:07:43,600
As you can see, we have some kind of different icons, images, folders over here that we can see.

110
00:07:44,110 --> 00:07:49,150
So it found the robots that see as well, but we already knew that.

111
00:07:49,360 --> 00:07:53,350
So I'm just going to go straight into 2016 to see the Web server.

112
00:07:53,740 --> 00:07:56,140
So here you go, the free.

113
00:07:56,320 --> 00:08:00,080
Obliques motto is keep calm and drink free stuff.

114
00:08:00,580 --> 00:08:04,960
So it seems like Free City is some kind of a drink.

115
00:08:05,380 --> 00:08:08,110
I don't know, some kind of beverage.

116
00:08:08,500 --> 00:08:11,970
So this website should be about the free Steve.

117
00:08:12,310 --> 00:08:17,470
If I click on this, it will take us to the Twitter page for some reason.

118
00:08:18,100 --> 00:08:23,380
Yeah, for the hashtag so we can see the freestyler hashtags over here.

119
00:08:23,380 --> 00:08:30,680
So I'm going to come back and we have some like credits tingay over here, I believe.

120
00:08:30,700 --> 00:08:40,270
So these these should be the holders of this VM maybe, but also they may be some kind of hint as well,

121
00:08:40,270 --> 00:08:41,470
like user names.

122
00:08:42,220 --> 00:08:48,550
So what I'm going to do, I'm going to come over here and search for the robots that we know that it

123
00:08:48,550 --> 00:08:49,300
exists.

124
00:08:49,900 --> 00:08:56,880
So I'm going to come up and just zoom in a little bit to see the disallowed content over here.

125
00:08:57,160 --> 00:09:03,030
So let's go for Kurla and say this is not the URL that you're looking for.

126
00:09:03,040 --> 00:09:04,880
Yes, starwars thingy coming up.

127
00:09:04,900 --> 00:09:12,790
OK, so I'm going to go for CCE and I don't know what CCE is, but it should be is some kind of bayridge,

128
00:09:12,790 --> 00:09:20,560
I believe, or drink because, yeah, we get the same image in everywhere and we're looking for beer

129
00:09:20,560 --> 00:09:21,990
cola ksi.

130
00:09:22,660 --> 00:09:27,100
So let's see, this image resides under the images folder.

131
00:09:27,590 --> 00:09:31,930
OK, and let's see the source for this one.

132
00:09:31,940 --> 00:09:32,230
Yep.

133
00:09:32,230 --> 00:09:38,300
They all point to same image and I believe there is nothing over here.

134
00:09:38,340 --> 00:09:39,810
Deep voice Right.

135
00:09:40,210 --> 00:09:43,930
So about the robots that should have a meaning.

136
00:09:43,930 --> 00:09:44,320
Right.

137
00:09:44,710 --> 00:09:48,580
So for maybe we can go for the images folder.

138
00:09:49,000 --> 00:09:52,990
I believe we had something else other than images.

139
00:09:53,530 --> 00:09:55,720
OK, like icons.

140
00:09:56,380 --> 00:09:58,240
Yeah, there is nothing over here.

141
00:09:58,240 --> 00:09:59,080
Maybe we can try.

142
00:09:59,080 --> 00:09:59,830
I can.

143
00:10:00,270 --> 00:10:02,830
It's not that important under the images.

144
00:10:02,830 --> 00:10:03,940
We don't have anything.

145
00:10:03,940 --> 00:10:10,750
Besides, this is not the URL that we are looking for and also the image over here.

146
00:10:11,350 --> 00:10:15,400
But again, so these robots that should do something.

147
00:10:15,700 --> 00:10:20,170
And if you pay attention over here, Freestar is a drink as well.

148
00:10:20,170 --> 00:10:20,560
Right.

149
00:10:20,860 --> 00:10:28,090
So I'm going to come over here to page source and show you that there is nothing over here as well.

150
00:10:28,090 --> 00:10:31,570
So no tip, no hints, anything.

151
00:10:31,780 --> 00:10:33,310
So it only says that.

152
00:10:33,310 --> 00:10:35,400
Yeah, your goal is to get through it.

153
00:10:35,860 --> 00:10:37,990
Yeah, we know that already.

154
00:10:37,990 --> 00:10:41,230
And it says that this should be doable in four hours.

155
00:10:41,680 --> 00:10:42,610
Great.

156
00:10:43,240 --> 00:10:51,220
So what I did over here when I first solved this CTF is to think that yeah, Freestar is a drink and

157
00:10:51,220 --> 00:10:56,110
so is cola and beer and hopefully CESI, I don't know what is Sisse.

158
00:10:56,590 --> 00:11:00,550
So I came over here and tried Foresty as well.

159
00:11:00,880 --> 00:11:02,710
It was just a hunch.

160
00:11:02,710 --> 00:11:04,960
But why not.

161
00:11:04,960 --> 00:11:08,130
Right, because we have cola, we have beer, we have C.C..

162
00:11:08,440 --> 00:11:09,040
Why not.

163
00:11:09,040 --> 00:11:10,900
We have three and here you go.

164
00:11:11,260 --> 00:11:14,980
We are inside of the freestyle leaks admin portal.

165
00:11:15,430 --> 00:11:19,900
So of course at this point you can think that.

166
00:11:19,900 --> 00:11:20,230
Yeah.

167
00:11:20,230 --> 00:11:22,960
How the hell this is supposed to teach us something.

168
00:11:22,960 --> 00:11:25,840
Right, because we took a guess and it's worked.

169
00:11:26,350 --> 00:11:31,060
And most of the time it's the same scenario in real life examples as well.

170
00:11:31,420 --> 00:11:39,340
For example, you always have to try for slash admin or slash administrator, and I have already tried

171
00:11:39,340 --> 00:11:40,540
them in here as well.

172
00:11:41,110 --> 00:11:46,360
But again, this is maybe some kind of haunch, maybe some kind of experience.

173
00:11:46,990 --> 00:11:56,770
But eventually, anyway, we found the frisee admin portal and we don't have any other leads over here.

174
00:11:56,770 --> 00:12:02,530
I believe we have a username and password looking over there, but we don't know how to log in.

175
00:12:03,040 --> 00:12:06,370
So we're going to try various things in order to do that.

176
00:12:06,460 --> 00:12:09,520
But we're going to do that within the next lecture.