1 00:00:00,960 --> 00:00:07,170 High within the section, where you going to solve another virtual machine, another vulnerable machine 2 00:00:07,170 --> 00:00:14,370 called freestyle leagues and again, this is in Dotcom's, so you can come over here to one half.com 3 00:00:14,370 --> 00:00:18,390 and search for foresty in order to freely reach this. 4 00:00:18,420 --> 00:00:21,690 OK, so this is freestyle leagues, one point three. 5 00:00:21,870 --> 00:00:23,880 And that's the thing that we are looking for. 6 00:00:24,600 --> 00:00:31,740 And indeed, this is a little bit similar to Mr. Robot, the previous CTF that we have sold. 7 00:00:32,130 --> 00:00:38,860 But again, this has another techniques, different techniques that we have previously learned about. 8 00:00:38,970 --> 00:00:44,190 So we going to learn new things and also re going to practice the old things that we have learned so 9 00:00:44,190 --> 00:00:48,090 far in this course and we're going to solve. 10 00:00:48,270 --> 00:00:56,280 So maybe you can try to give it a shot before you just follow along with the course and see how far 11 00:00:56,280 --> 00:00:57,570 you can get over here. 12 00:00:57,750 --> 00:01:04,590 OK, so maybe you may want to pause the video and try this one yourself and then come back and see the 13 00:01:04,740 --> 00:01:06,970 solution that I have in mind. 14 00:01:07,770 --> 00:01:11,490 So over here we are in the freestyle leagues. 15 00:01:11,490 --> 00:01:14,810 And again, this is a vulnerable machine, a virtual machine. 16 00:01:14,820 --> 00:01:18,220 Just click over here to download the OVA. 17 00:01:18,630 --> 00:01:24,300 This is around 700 megs and read the description over here. 18 00:01:24,300 --> 00:01:30,780 As you can see, the stylus it one more time enumeration following the breadcrumbs in order to find 19 00:01:30,780 --> 00:01:31,760 the solution. 20 00:01:32,190 --> 00:01:38,180 And the goal is to get the root and read the flag file. 21 00:01:39,090 --> 00:01:45,900 Here we have a small description, small virtual machine made for Dutch informal hacker meeting called 22 00:01:45,900 --> 00:01:47,420 up freestyler. 23 00:01:47,580 --> 00:01:51,030 So this is again built for Hekker meeting. 24 00:01:51,220 --> 00:01:52,610 So it's supposed to be good. 25 00:01:53,550 --> 00:01:59,580 So it's meant to be broken in a few hours without requiring debuggers, reverse engineering, etc.. 26 00:02:00,120 --> 00:02:05,820 So we don't know how many flags we have over here, but we do know that we have to get through it every 27 00:02:05,820 --> 00:02:05,970 day. 28 00:02:05,980 --> 00:02:14,960 FLAC So if you're Yamba's, you're going to have to manually that these VMS make a dress to this one. 29 00:02:15,270 --> 00:02:18,980 And of course this is also valid for virtual bucks as well. 30 00:02:19,320 --> 00:02:26,820 So if your virtual Xbox doesn't actually open this in a regular fashion, make sure you edit the mic 31 00:02:27,060 --> 00:02:30,070 over there as it's instructed like this. 32 00:02:30,370 --> 00:02:33,950 OK, so let's see if we have to do that. 33 00:02:34,170 --> 00:02:40,200 I'm going to come over here and as you can see, my colonics is running on that network. 34 00:02:40,470 --> 00:02:47,310 So what I'm going to do, I'm going to double click on the face of leaks and just import this and leave 35 00:02:47,310 --> 00:02:48,500 this as it is. 36 00:02:48,930 --> 00:02:52,200 And it says that guest OS type is a red hat. 37 00:02:52,590 --> 00:02:55,910 So I'm going to leave this as it is and see what happens. 38 00:02:56,740 --> 00:03:06,930 So seeks to forbid and come over here to settings and over there, the system has far from the max, 39 00:03:07,180 --> 00:03:10,330 so maybe I can just make it Vanik, OK? 40 00:03:10,900 --> 00:03:12,340 And it isn't necessary. 41 00:03:12,370 --> 00:03:15,540 We're not going to do much in this one as well. 42 00:03:16,390 --> 00:03:23,410 But again, I have 32 gig, so I'm going to come over here and make this Internet network and just do 43 00:03:23,410 --> 00:03:25,410 a little all for promiscuous mode. 44 00:03:25,600 --> 00:03:28,610 And here we have the Mac address, so let's check that. 45 00:03:29,290 --> 00:03:33,500 So over here, it says that your Mac address should be this one. 46 00:03:33,850 --> 00:03:36,510 So let's check and see if this is the same thing. 47 00:03:36,820 --> 00:03:37,590 And here you go. 48 00:03:37,600 --> 00:03:39,430 We have some differences over here. 49 00:03:39,610 --> 00:03:44,820 I'm going to change this, OK, as it's instructed in the page. 50 00:03:45,340 --> 00:03:53,680 So let's come over here and say, OK, so if you had any problems with that, if you tried to post the 51 00:03:53,680 --> 00:04:00,370 video and solve it on your own and had a problem with that, then now you know how to solve this. 52 00:04:00,370 --> 00:04:08,080 OK, maybe in this step you may want to post the video and give it a shot because we have learned so 53 00:04:08,080 --> 00:04:10,270 many things even now. 54 00:04:10,750 --> 00:04:13,280 Maybe you can just hectors pectus. 55 00:04:13,300 --> 00:04:17,020 OK, so here we have the IP address, which is very good. 56 00:04:17,020 --> 00:04:20,530 So I won't bother with net discover and map. 57 00:04:20,890 --> 00:04:22,690 So Tenno to 216. 58 00:04:23,110 --> 00:04:28,270 I'm going to come over here to my color Linux and if config and here you go. 59 00:04:28,270 --> 00:04:31,710 I have 10 or too far so I'm entitled to four. 60 00:04:31,780 --> 00:04:34,090 I'm going to go for 10 or two, 16. 61 00:04:34,540 --> 00:04:42,340 And you can go in like in Zenab for in Tuscon or you can just choose anything you want from here and 62 00:04:42,340 --> 00:04:44,490 run it on and map on your terminal. 63 00:04:44,740 --> 00:04:47,710 I'm going to run this on my terminal as usual. 64 00:04:47,890 --> 00:04:56,770 OK, so I'm going to place this thing over here and I'm going to run this against Anota 16 years ago. 65 00:04:57,580 --> 00:05:01,420 So I'm running a fast scan, as you can see, in a verbose mode. 66 00:05:01,870 --> 00:05:04,960 And I believe the first scan will be enough for us. 67 00:05:04,960 --> 00:05:11,500 But if it doesn't, if it isn't the case, we can always go back and search for old ports or old UDP 68 00:05:11,500 --> 00:05:12,700 or TCP ports. 69 00:05:13,390 --> 00:05:18,820 I'm going to go into my kit folder and create a new folder called Freestyle Leaks, as we have done 70 00:05:18,820 --> 00:05:22,560 before, because we're going to need to take some notes here as well. 71 00:05:23,530 --> 00:05:29,560 So inside of this folder, I'm going to NENO and not start so that we can take notes. 72 00:05:29,860 --> 00:05:30,550 Here you go. 73 00:05:30,560 --> 00:05:37,480 Our EMAP skin seems to be completed, so I'm going to copy everything over here so that if we need later 74 00:05:37,480 --> 00:05:40,290 on, we can come back and see what's going on. 75 00:05:40,840 --> 00:05:43,570 So let me choose one more time. 76 00:05:44,080 --> 00:05:49,270 And yep, it seems that I cannot do that for some reason. 77 00:05:49,660 --> 00:05:50,030 Yep. 78 00:05:50,050 --> 00:05:50,770 Here you go. 79 00:05:51,130 --> 00:05:54,580 Finally select that thing and here you go. 80 00:05:54,970 --> 00:05:59,230 I'm going to control or enter and control leaks out of this one to save it. 81 00:05:59,440 --> 00:06:00,640 And here you go. 82 00:06:00,970 --> 00:06:04,590 So let's scan the map results over here. 83 00:06:05,050 --> 00:06:08,440 So what we have over here, let me just scroll down. 84 00:06:08,440 --> 00:06:10,080 We have eighty port open. 85 00:06:10,090 --> 00:06:13,810 OK, so again, a weapon testing thingy going on. 86 00:06:14,110 --> 00:06:18,430 We have robots that texte and managed to find it as well. 87 00:06:18,850 --> 00:06:23,530 So we are going to definitely take a look at this 3D. 88 00:06:23,530 --> 00:06:26,470 I loved entries, cold beer. 89 00:06:26,470 --> 00:06:28,300 We're going to see what are those things? 90 00:06:29,230 --> 00:06:32,650 We have the Linux running over here. 91 00:06:32,650 --> 00:06:33,760 As usual. 92 00:06:34,390 --> 00:06:40,690 We have some specific kernel thingee or there like two point six. 93 00:06:41,230 --> 00:06:47,610 So let me come back and I know the eighty percent is open and it seems that nothing else is open. 94 00:06:47,620 --> 00:06:50,410 OK, we're going to take a look at this, of course. 95 00:06:50,860 --> 00:06:51,760 And here you go. 96 00:06:51,760 --> 00:06:56,680 We have sent us as a Linux operating system over here. 97 00:06:57,070 --> 00:07:02,020 So it's a little bit different than we have seen before where you get to see what we can do with it. 98 00:07:02,290 --> 00:07:05,130 And it seems that we don't have anything in the end. 99 00:07:05,140 --> 00:07:05,740 That's right. 100 00:07:05,740 --> 00:07:08,530 Because we only found eighty percent is open. 101 00:07:08,740 --> 00:07:10,660 Of course, we are going to take a look at that. 102 00:07:10,750 --> 00:07:17,260 But first, I'm going to run Ecto, OK, against Tunnel to sixteen and see what kind of information 103 00:07:17,260 --> 00:07:18,580 can we get from here. 104 00:07:19,240 --> 00:07:24,190 And again, NICTA is vulnerable to Skinner for fantastique. 105 00:07:24,670 --> 00:07:26,140 It's an entry point. 106 00:07:26,140 --> 00:07:32,320 It won't do much in real life that pantheistic scenarios, but it will do much in CTF. 107 00:07:32,320 --> 00:07:34,570 So make a note of that as well. 108 00:07:35,020 --> 00:07:36,070 So here you go. 109 00:07:36,070 --> 00:07:43,600 As you can see, we have some kind of different icons, images, folders over here that we can see. 110 00:07:44,110 --> 00:07:49,150 So it found the robots that see as well, but we already knew that. 111 00:07:49,360 --> 00:07:53,350 So I'm just going to go straight into 2016 to see the Web server. 112 00:07:53,740 --> 00:07:56,140 So here you go, the free. 113 00:07:56,320 --> 00:08:00,080 Obliques motto is keep calm and drink free stuff. 114 00:08:00,580 --> 00:08:04,960 So it seems like Free City is some kind of a drink. 115 00:08:05,380 --> 00:08:08,110 I don't know, some kind of beverage. 116 00:08:08,500 --> 00:08:11,970 So this website should be about the free Steve. 117 00:08:12,310 --> 00:08:17,470 If I click on this, it will take us to the Twitter page for some reason. 118 00:08:18,100 --> 00:08:23,380 Yeah, for the hashtag so we can see the freestyler hashtags over here. 119 00:08:23,380 --> 00:08:30,680 So I'm going to come back and we have some like credits tingay over here, I believe. 120 00:08:30,700 --> 00:08:40,270 So these these should be the holders of this VM maybe, but also they may be some kind of hint as well, 121 00:08:40,270 --> 00:08:41,470 like user names. 122 00:08:42,220 --> 00:08:48,550 So what I'm going to do, I'm going to come over here and search for the robots that we know that it 123 00:08:48,550 --> 00:08:49,300 exists. 124 00:08:49,900 --> 00:08:56,880 So I'm going to come up and just zoom in a little bit to see the disallowed content over here. 125 00:08:57,160 --> 00:09:03,030 So let's go for Kurla and say this is not the URL that you're looking for. 126 00:09:03,040 --> 00:09:04,880 Yes, starwars thingy coming up. 127 00:09:04,900 --> 00:09:12,790 OK, so I'm going to go for CCE and I don't know what CCE is, but it should be is some kind of bayridge, 128 00:09:12,790 --> 00:09:20,560 I believe, or drink because, yeah, we get the same image in everywhere and we're looking for beer 129 00:09:20,560 --> 00:09:21,990 cola ksi. 130 00:09:22,660 --> 00:09:27,100 So let's see, this image resides under the images folder. 131 00:09:27,590 --> 00:09:31,930 OK, and let's see the source for this one. 132 00:09:31,940 --> 00:09:32,230 Yep. 133 00:09:32,230 --> 00:09:38,300 They all point to same image and I believe there is nothing over here. 134 00:09:38,340 --> 00:09:39,810 Deep voice Right. 135 00:09:40,210 --> 00:09:43,930 So about the robots that should have a meaning. 136 00:09:43,930 --> 00:09:44,320 Right. 137 00:09:44,710 --> 00:09:48,580 So for maybe we can go for the images folder. 138 00:09:49,000 --> 00:09:52,990 I believe we had something else other than images. 139 00:09:53,530 --> 00:09:55,720 OK, like icons. 140 00:09:56,380 --> 00:09:58,240 Yeah, there is nothing over here. 141 00:09:58,240 --> 00:09:59,080 Maybe we can try. 142 00:09:59,080 --> 00:09:59,830 I can. 143 00:10:00,270 --> 00:10:02,830 It's not that important under the images. 144 00:10:02,830 --> 00:10:03,940 We don't have anything. 145 00:10:03,940 --> 00:10:10,750 Besides, this is not the URL that we are looking for and also the image over here. 146 00:10:11,350 --> 00:10:15,400 But again, so these robots that should do something. 147 00:10:15,700 --> 00:10:20,170 And if you pay attention over here, Freestar is a drink as well. 148 00:10:20,170 --> 00:10:20,560 Right. 149 00:10:20,860 --> 00:10:28,090 So I'm going to come over here to page source and show you that there is nothing over here as well. 150 00:10:28,090 --> 00:10:31,570 So no tip, no hints, anything. 151 00:10:31,780 --> 00:10:33,310 So it only says that. 152 00:10:33,310 --> 00:10:35,400 Yeah, your goal is to get through it. 153 00:10:35,860 --> 00:10:37,990 Yeah, we know that already. 154 00:10:37,990 --> 00:10:41,230 And it says that this should be doable in four hours. 155 00:10:41,680 --> 00:10:42,610 Great. 156 00:10:43,240 --> 00:10:51,220 So what I did over here when I first solved this CTF is to think that yeah, Freestar is a drink and 157 00:10:51,220 --> 00:10:56,110 so is cola and beer and hopefully CESI, I don't know what is Sisse. 158 00:10:56,590 --> 00:11:00,550 So I came over here and tried Foresty as well. 159 00:11:00,880 --> 00:11:02,710 It was just a hunch. 160 00:11:02,710 --> 00:11:04,960 But why not. 161 00:11:04,960 --> 00:11:08,130 Right, because we have cola, we have beer, we have C.C.. 162 00:11:08,440 --> 00:11:09,040 Why not. 163 00:11:09,040 --> 00:11:10,900 We have three and here you go. 164 00:11:11,260 --> 00:11:14,980 We are inside of the freestyle leaks admin portal. 165 00:11:15,430 --> 00:11:19,900 So of course at this point you can think that. 166 00:11:19,900 --> 00:11:20,230 Yeah. 167 00:11:20,230 --> 00:11:22,960 How the hell this is supposed to teach us something. 168 00:11:22,960 --> 00:11:25,840 Right, because we took a guess and it's worked. 169 00:11:26,350 --> 00:11:31,060 And most of the time it's the same scenario in real life examples as well. 170 00:11:31,420 --> 00:11:39,340 For example, you always have to try for slash admin or slash administrator, and I have already tried 171 00:11:39,340 --> 00:11:40,540 them in here as well. 172 00:11:41,110 --> 00:11:46,360 But again, this is maybe some kind of haunch, maybe some kind of experience. 173 00:11:46,990 --> 00:11:56,770 But eventually, anyway, we found the frisee admin portal and we don't have any other leads over here. 174 00:11:56,770 --> 00:12:02,530 I believe we have a username and password looking over there, but we don't know how to log in. 175 00:12:03,040 --> 00:12:06,370 So we're going to try various things in order to do that. 176 00:12:06,460 --> 00:12:09,520 But we're going to do that within the next lecture.