Homemade CTF Challenge: 02 "Bae's Base"
Skills:
Ethical Hacking & Pen Testing80%
Key Takeaways
Solves the Homemade CTF Challenge 02 'Bae's Base' using various cybersecurity tools and techniques
Full Transcript
all right hello everyone my name is John Hammond and I wanted to continue uh a last video that I uploaded on the local Capture the Flag competition that I put together um for my school's like cyber team as practice and as an exercise to learn a little bit more about the simple CTF skills and and and stuff so Bay's base was the name of the next challenge that I put together and it's really simple it was a picture of shibba Inu Doge and the prompt being uh he's so cute maybe he has something to say and this actually isn't a stenography challenge but I guess to suppose a little bit of it and that you have to like look at the metadata the hint here is that have you ever heard of exif tool because I use that or at least I recommend using that to look at the metadata of the file and that was uh again something that some of the newcomers either don't know or have never seen before so I wanted to Showcase that to them and let them know that that CH that that tool exists so uh for demonstration purposes we can can totally get the flag I had just downloaded that image and saved it and you would end up running exive tool on simply the file and it gets all the information for you and the comment is a special thing to notice because that is in base 64 you can see that right here so super simple super easy it would just makes sense for us to uh uh Bas 64 decode that so I will go ahead and Echo that into base 64- D to run that in the command line and we get our flag again insanely easy us CGA the best base is the base 64 um so we'll go ahead and enter that as a flag and get our 75 points nice so Lo that I ended up cooking that was that I I'll again I'll open Sublime Text to show you this code and what I ended up doing was I downloaded the file just a picture of Shiba Inu off the internet so this URL is something that I just found by like literally Google image searching uh like Doge and the the Shu dog so it saves it as a file name and then it goes ahead and takes the flag variable base 64 encodes it I actually had used for ION range for another challenge so this code is actually duplicate for a later challenge where I encoded the flag multiple times that have to keep B 64 decoding and B 64 decoding but since this only iterates one time you really don't even need this and that could uh actually just move the very front this doesn't need to be inside of a loop but that's how I ended up writing it at the time and then I actually just call exive tool to write the comment to be the new Bas 64 encoded flag and I call this with subprocess the module in Python 2 like call uh invoke other programs and I have to split it because as a shell it needs to have those arguments in the proper order so again pretty simple thing I just steal this image off the internet and then slap the metadata of the comment to be a Bas 64 encoded version of the flag super easy so our simple oneliner get flag goes to scrape out the comment section grabs the value and then it basic C4s uh it's output just like we did essentially in in in our terminal demonstration so not a hard challenge by any means but again I wanted to showcase the exive tool for newcomers that haven't seen it before so uh that was how simple that previous challenge was but it got us all the board and stuff okay thanks for watching guys I hope you're enjoying some of this you get to see for one thing a challenge and a solution and the creation of that challenge so uh please let me know if you want to see more of stuff like this or I should get into more in-depth stuff because I definitely plan to right now this is just the beginner level stuff for uh the newcomers on the team so thanks again see you soon
Original Description
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010
E-mail: johnhammond010@gmail.com
PayPal: http://paypal.me/johnhammond010
GitHub: https://github.com/JohnHammond
Site: http://www.johnhammond.org
Twitter: https://twitter.com/_johnhammond
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from John Hammond · John Hammond · 34 of 60
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
▶
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Code Commentaries? PHP to JavaScript in Bash and PHP!
John Hammond
Tutorials? MySQL connection with PHP and Bash!
John Hammond
Variable Naming in Python! Happy Birthday, Linux! Nokia N900!
John Hammond
JavaScript Splits The URL!
John Hammond
HTML Tables in Python!
John Hammond
HTML, Net Shares, GML!
John Hammond
Python 08 Programming Style and Comments
John Hammond
Python 26 Object Oriented Programming
John Hammond
75 Python Tutorials, Out Now!
John Hammond
Batch 14 Mathematical Expressions
John Hammond
Batch 85 Array Append
John Hammond
Batch 86 Array Count
John Hammond
Batch 87 Array Index
John Hammond
Batch 88 Array Insert
John Hammond
Batch 89 Array Remove
John Hammond
Batch 90 Array Reverse
John Hammond
Python [colorama] 00 Installing on Linux
John Hammond
Python [colorama] 09 Cursor Position
John Hammond
Python [hashlib] 02 Algorithms
John Hammond
Python 00 Installing IDLE on Linux
John Hammond
Python [pygame] 11 Rectangular Collision Detection
John Hammond
Python [pygame] 12 Platforming Rectangular Collision Resolution
John Hammond
Python [XML-RPC] 01 Research
John Hammond
Python [pyenchant] 03 Personal Word Lists
John Hammond
FancyURLopener Authentication and User-Agent [urllib] 03
John Hammond
Python 04: PEP8 Coding
John Hammond
Python Challenge! 17 COOKIES
John Hammond
Google CTF 2016: Ernst Echidna
John Hammond
Google CTF 2016: Spotted Quoll
John Hammond
Google CTF 2016: Can you Repo It?
John Hammond
Google CTF 2016: No Big Deal
John Hammond
Google CTF 2016: In Recorded Conversation
John Hammond
Homemade CTF Challenge: 01 "Orchestra"
John Hammond
Homemade CTF Challenge: 02 "Bae's Base"
John Hammond
Homemade CTF Challenge: 03 "Web Hunt"
John Hammond
Homemade CTF Challenge: 04 "UPX"
John Hammond
Homemade CTF Challenge: 05 "The Assumption Song"
John Hammond
Homemade CTF Challenge: 06 "A Brisk Stroll"
John Hammond
Homemade CTF Challenge: 06 "I lost my password!"
John Hammond
web25 :: Mr. Robot : EKOPARTY CTF 2016
John Hammond
web50 : RFC 7230 :: EKOPARTY CTF 2016
John Hammond
misc50 : Hidden inside EKO :: EKOPARTY CTF 2016
John Hammond
Hack The Vote 2016 CTF: Sander's Fan Club [web100]
John Hammond
Hack The Vote 2016 CTF Warpspeed [forensics150]
John Hammond
Juniors CTF 2016 :: Black Suprematic Square
John Hammond
Juniors CTF 2016 :: Six Strange Tales
John Hammond
Juniors CTF 2016 :: Lost Code
John Hammond
Juniors CTF 2016 :: Here Goes!
John Hammond
Juniors CTF 2016 :: Southern Cross
John Hammond
Juniors CTF 2016 :: Clone Attack
John Hammond
Juniors CTF 2016 :: Dirty Repo
John Hammond
Juniors CTF 2016 :: Hackers Blog
John Hammond
Juniors CTF 2016 :: Voting!!!
John Hammond
Juniors CTF 2016 :: The Good, The Bad and The Junkman
John Hammond
Juniors CTF 2016 :: Stop Thief!
John Hammond
Juniors CTF 2016 :: ROFL
John Hammond
Juniors CTF 2016 :: Restriced Area
John Hammond
Juniors CTF 2016 :: Oh SSH!
John Hammond
HackCon CTF 2017 TRIVIA and BONUS Challenges
John Hammond
HackCon CTF 2017 "Bacche" Challenges
John Hammond
Related Reads
📰
📰
📰
📰
Cyber Security:
Medium · Data Science
A Secure Mobile Handoff Checklist for Copilot Conflict Resolution
Dev.to · Roronoa
BitLocker Explained: The Feature That Protects Your Files Even If Your Laptop Is Stolen
Medium · Programming
BitLocker Explained: The Feature That Protects Your Files Even If Your Laptop Is Stolen
Medium · DevOps
🎓
Tutor Explanation
DeepCamp AI