PicoCTF 2022 #01 - WELCOME & Basic File Exploit
Рет қаралды 150,588
2 жыл бұрынHuge thanks to Snyk for sponsoring this video -- check if there are any vulnerabilities in YOUR projects FOR FREE: snyk.co/johnhammond
Help the channel grow with a Like, Comment, & Subscribe!
❤️ Support ➡ j-h.io/patreon ↔ j-h.io/paypal ↔ j-h.io/buymeacoffee
Check out the affiliates below for more free or discounted learning!
🖥️ Zero-Point Security ➡ Certified Red Team Operator j-h.io/crto
💻Zero-Point Security ➡ C2 Development with C# j-h.io/c2dev
👨🏻💻7aSecurity ➡ Hacking Courses & Pentesting j-h.io/7asecurity
📗Humble Bundle ➡ j-h.io/humblebundle
🐶Snyk ➡ j-h.io/snyk
🌎Follow me! ➡ j-h.io/discord ↔ j-h.io/twitter ↔ j-h.io/linkedin ↔ j-h.io/instagram ↔ j-h.io/tiktok
📧Contact me! (I may be very slow to respond or completely unable to)
🤝Sponsorship Inquiries ➡ j-h.io/sponsorship
🚩 CTF Hosting Requests ➡ j-h.io/ctf
🎤 Speaking Requests ➡ j-h.io/speaking
💥 Malware Submission ➡ j-h.io/malware
❓ Everything Else ➡ j-h.io/etc
@_JohnHammond 2 жыл бұрын
Disclaimer for this video. The if statement conditional that determines whether or not we give a flag is just checking if the entered number == 0 (is equal to zero). I'm just an idiot. No biggie 😂
@DerMichael 2 жыл бұрын
I was cracking up big time when you first couldn't spell "please", then struggled to count the letters, and then went a mile trying to figure out what that statement does, as opposed to being super precise and efficient with every step, every command, and every explanation as you usually are. Pure gold. Way too human, you are an inspiration :)
@viv_2489 2 жыл бұрын
We learnt the either way by breaking the api which will be easier to remember later .. 🙏
@git-tauseef 2 жыл бұрын
Thanks for taking more time than I took in solving this that's really an encouragement 😀😅😝❣️, for reversing any program be c or Java I look for the line that puts the flag , with this only i cracked them all.... In picoCTF2022 ❣️
@theITGuy-no3nt 2 жыл бұрын
We are all idiots, John. Thanks for the work!
@mforrest85 2 жыл бұрын
Nah John. You ain't an idiot. If you was a c programmer you would be.
@mfnmayhem86_59 2 жыл бұрын
I really appreciate the subtle explanations of things like terminal navigation and why, or how you're doing something while still seamlessly teaching the broader point of the video, you sir have a gift for teaching and I'm enjoying the lessons from your content, keep it up!
@JeffNoel 2 жыл бұрын
One can only appreciate all the basic explanation you still add to your videos after all this time. Super fun to watch and learned a lot of things! Onto the next one! Thanks John for uploading all of these. I really feel like the unedited and "searching" part of the video makes it even more interesting for someone like me (yay pen testing students)!
@dank_meme01 2 жыл бұрын
thank you a lot John, i found out about this thing only because of you and i solved every single challenge that's less than 500 points :D. some took a lot of time even though they were simple but i liked it a lot anyway
@yannisvh 2 жыл бұрын
congratz!
@dimike96 2 жыл бұрын
I had a lot of fun with these challenges! The first live CTF I've gotten to do since getting into this sort of thing in large part thanks to you. Excited to see you go through some!!!
@thelegomas9301 2 жыл бұрын
Great Explanations even of the smaller things, really appreciate this as someone who wants to start out on cyber security! Keep up the great content!
@wannaberacer2700 2 жыл бұрын
You are hands down the most entertaining and best source of cybersecurity education on youtube. thank you for all the content you put out
@nathanbolen7624 Жыл бұрын
Thank you for all that you do. I want to start doing these myself and try and follow along with your videos and do all of these lol. I love how you walk through the CTFs.
@charlieisacatwithseizures 2 жыл бұрын
This was fantastic! Pico CTF has been my favorite ctf site so far.
@brian.-_393i3.-_ 2 жыл бұрын
Your curiosity makes it even more interesting! Thanks
@MrYeune 2 жыл бұрын
Welcome back Pico. Favorite series.
@errorcode778 2 ай бұрын
Your videos are making me more excited 😊 Thanks
@PenaltyKillman 9 ай бұрын
It was honestly very comforting to see someone I look up to also maybe struggle a little bit with code at first. It makes me feel not as dumb, ha ha!
@BorisNVM Жыл бұрын
loved it, it reminds that the problems programming for different people sre very similar sometimes
@elevatecyber5031 2 жыл бұрын
You're making me really want to check out Pico CTF!
@mr.picklesworth 2 жыл бұрын
I got excited when you said it was for middle school and high-school kids. I thought me and my kid could give it a try. The you went to the first challenge and opened sublime and started going through code and I was so lost it wasn't even funny. Can you recommend a ctf like this for absolute beginners.
@sachabourel9375 2 жыл бұрын
Unfortunaly they are not really a lots of ctf for begginer and i understand that when u don't know the basics of code and all that stuff it can be really discouraging but for ethical hacking the start is always pretty hard. But if you are really motivated and really want to learn/teach ctf u should first learn network (just the basics of ip and how computer communicate), the basics of linux and bash (you can watch the playlist of Network chunk linux for ethical hacker) and finally a little bit of code like python or c++ It's totally fine to give up or just don't have the motivation but if i can give an advice of my experience you should learn/teach just a little bit but everyday and like that in one or two month this ctf will still be a little bit hard at first but you will have the skill to do some ctf Hope i helped ^^
@maxim2727 2 жыл бұрын
@@sachabourel9375 I have strong programming skills, but I don't know anything about network, how hard will it be for me to become a good ethical hacker?
@sachabourel9375 2 жыл бұрын
@@maxim2727 in reality ethical hacking is really not difficult (and it's even easier if u already know some coding skill especially if it's python or bash script) But like i said a little bit before the real difficulty it's that a lots of people (including me for a while) want to learn everything fast So just take ur time make a schedule and learn a little bit everyday with the right teacher/online ressource u can be almost an expert in a couple of month
@maxim2727 2 жыл бұрын
@@sachabourel9375 Hey Buddy thanks. I have strong coding skill in Python and C/C++, can you give me a roadmap, what to learn next? with resource when possible?
@radamesrodriguesneto4505 Жыл бұрын
thank you John for this amazing hands-on video, your videos help me a lot to build knowledge in this amazing field of offensive cybersecurity.
@nelaina 2 жыл бұрын
Hi John. I saw you on with David Bombal and found your channel. I am the greenest of green, just starting to learn from scratch. When you first opened this up my eyes glazed over. Watching you work through it, and reading along, really made it less intimidating. I'm more confident that I can learn. Thanks for what you do. Edit: IDK where I got "Peter Hammond" from 😄
@heybigjohnthakyouforsharin2399 2 жыл бұрын
Hi Big John, love your words and there's somthing new in your tutorial s, it's always like real..
@blankspace1959 8 ай бұрын
enjoyed !
@greyether777 2 жыл бұрын
Thanks John!!
@JustClem001 11 ай бұрын
"Virtual machine" he says, 1:51 am march 16th he says, either way I hope I could learn from this chill video!
@LowPolySkull8303 2 жыл бұрын
Hi John. Love your videos and took your word and played through this CTF. I would really love for you to cover the buffer overflow ones, I just couldn't get past the second one. And also the solfire one kept me captivated. Apparently very few got to solve that one...
@_JohnHammond 2 жыл бұрын
Absolutely, the buffer overflow ones are on their way!! :)
@kartibok001 2 жыл бұрын
I didn't get this one as it took so much time. Surprised me it was the first challenge especially as last year's cat a file for the flag was a winner! The rest onwards were as expected. Still they are great challenges though. Another great video :)
@MrabetOussama0 2 жыл бұрын
i think it will work either if you enter 0 and some random characters because the function "strtol" cuts the input into numbers and characters so if we enter for example "0AAA" it will return the 0 or if we enterd "123AAAA" it will return th "123" and if we either enter "AAAA" it will return 0 too because there is no numbers in the beginig of the output .
@abimbolaobadare6691 2 жыл бұрын
Thanks John, the outro was lit tho
@jpierce2l33t 2 жыл бұрын
Played Pico awhile back, was kind of proud of myself for doing well...until I realized the many users I was getting stomped by - were high schoolers 😑. Lol but that just got me even more motivated to get out there and learn more, so I'll head on over and play some more 🤣
@gliiterr Жыл бұрын
I really enjoyed this! Your explanations were helpful, but not excessively drawn out. For someone like me, this type of video feels like talking to someone just slightly smarter/more experienced than you. You can understand, but they still make you think and question what you know.
@nikolacekov9099 2 жыл бұрын
Cool vid
@jenselstner5527 2 жыл бұрын
strtol converts a string into a long integer, so enter a string '0' you get a zero. But if even when you enter a string without digits you still get a zero. Only if you enter a string of digits bigger or lower than long min / max, you get the min max error. ;o)
@logiciananimal 2 жыл бұрын
Right, and that's a design flaw in the C standard library that's been around forever.
@jenselstner5527 2 жыл бұрын
@@logiciananimal Not really. That kind of converter function works the same in e.g. [Visual] Basic 'val()' or similarily with implicit conversions like in Perl or PHP. Only some high level languages catch letter to number conversions as an error. I think Python is one of them.
@logiciananimal 2 жыл бұрын
@@jenselstner5527 This is why Option and those sorts of things was invented.
@jenselstner5527 2 жыл бұрын
@@logiciananimal Some call it design flaw, others call it expected behaviour.
@thecyborg802 2 жыл бұрын
Just an advice, if you come across some CTF event you like or challenges that might interest the crowd, release the video later, that would be helpful but atleast post it on your social media about the event. It's April 1st and I completely missed the PicoCTF challenges because I hadn't visited it's website for a long time... Sad life!! 🥺🥺🥺
@reductor_ 2 жыл бұрын
The picoCTF organizers didn't want writeups for the first week as they get the top teams to do writeups. I'm still waiting to release my solfire (only got 5 other solves) writeup because of this.
@YesYes-ko9qj 2 жыл бұрын
Good goood
@4_real_bruh 2 жыл бұрын
Hey John, what do you think about Spring4Shell that just surfaced and hit the Java Spring Boot framework?
@erikp6614 2 жыл бұрын
Reading the man page: "If there were no digits at all, strtol() stores the original value of nptr in *endptr (and returns 0)" Longs are *signed*. LONG_MIN is far less than 0. If ( (en=strtol(entry, NULL, 10)) == 0) {...} Set en to what is returned by strtol(entry, NULL, 10), and check if it is 0 then do stuff. strtol(entry, NULL, 10) converts the number, potentially after white space and with base 10, at the beginning of the string entry and returns it. This has nothing to do with errno.
@teqnify63 2 жыл бұрын
Was genuinely surprised by how many i got during the comp
@mjtonyfire 2 жыл бұрын
You know I'm just going to go back in time and win the CTF for myself bahahahaha
@fufonecarter2489 2 жыл бұрын
Will chrome book chrosh work? Whenever I enter a line nothing shows up. Having a hard time following along
@framestomind7548 2 жыл бұрын
Should I get a desktop or a laptop as a student in hacking for the coming year? Is there any difference in how it can help me to set up vm, labs and heck myself having a laptop or a desktop? When you work as a professional later on are there different types of hackers, blue team, purple team etc that more often lean to using a desktop ver a laptop and vice versa? Please be serious and get back to me with a good explanation of what to think of when choosing the right computer…. Thank you for all inputs and advices you guys can give me! 😎
@y.vinitsky6452 2 жыл бұрын
It doesn't matter. You want a device that is comfortable for YOU to use. Fast and stable internet, enough Ram for 1-2 VMs and your favorite host os. Some people find having 2 monitors to be helpful
@micleh Жыл бұрын
In your videos, you always say that you fire up a virtual machine with Kali Linux. Do you use a full-fledged VM (vmware, virtualbox) or wsl2 with "kali-win-kex" that gives you a Kali desktop environment?
@dfelo93 2 жыл бұрын
You broke my heart with the any of the other command line editors... I use emacs on it and is glorious
@lockdowndb4863 Жыл бұрын
hey John i"m new to ctf's and i got the flag within 3 minutes of interacting with the program. Just wondering why you are trying to break the program first. is it because logically programs aren't built for you to do exactly what they say in order to get the flag, and this one is the exception?
@kaziabbas3537 2 жыл бұрын
I usually play my xbox at 1:15 AM.
@johnvardy9559 Жыл бұрын
i love y
@Child0ne 2 жыл бұрын
First thing I did was typed in “ flag “ and it spit me out the flag and was like umm okay…
@FurikuriYugi 2 жыл бұрын
How to find out about challenges before they end?
@NotoriousPyro 2 жыл бұрын
strtol = str to l = string to long
@xerrion Жыл бұрын
I am using LastPass, that didn't age well 😅
@davidlima1525 8 ай бұрын
Where is the flag variable in the code set to the actual flag???
@Death_User666 2 жыл бұрын
you feeling better bro? I hope so.....
@skills528 2 жыл бұрын
Coding/ cybersecurity is just words plus commands basically right I'm a complete noob
@AXE0710 2 жыл бұрын
I'm looking for CTF team
@picious 2 жыл бұрын
@John, Kali in VM or WSL?
@opposite342 2 жыл бұрын
John is using a VM judging from the desktop environment, but WSL is enough for these challenges.
@Vazzible_gaming Жыл бұрын
pretty sure read takes the data line by line.
@mforrest85 2 жыл бұрын
I looked at the code and knew all it needed was a 0 or anything other than a number.
@user-eh1vi3jz1c 9 ай бұрын
Can anyone explain to me how they write the flag on specific memory address as seen here : static const char* flag = "[REDACTED]"; The memory address in this case is [REDACTED] = 5B 52 45 44 41 43 54 45 44 5D
@alisenjary 2 жыл бұрын
Sir can you make course in Udemy about hack from zero to hero
@heybigjohnthakyouforsharin2399 2 жыл бұрын
If you don't mind can I ask question?
@random_guy1024 2 жыл бұрын
I've just managed to score 4100 in this challenge..... I really suck at binary and crypto....... Waiting for your amazing walkthrough
@yannisvh 2 жыл бұрын
how far in crypto did you get?
@random_guy1024 2 жыл бұрын
@@yannisvh not much.... Maybe 2 or 3 of them... I'm really bad at it
@tripsix2186 Жыл бұрын
Pretty sure you saw the code and entered 0 as the programmer intended and caught the flag! lol
@viv_2489 2 жыл бұрын
Why you moved from Ubuntu to Kali linux
@abaoaweikago3092 2 жыл бұрын
John did your discord server get compromised? I really didn't take you as someone to put CoD over valuable Cybersecurity learning 😢
@bennyengstrm1325 Жыл бұрын
I understand that PicoCTF should be simple for newbees to get startet and to learn from. However, from about 5.50 in this video you totally lost me, I have absolutely no idea what is going on after that! 🙄😂
@Child0ne 2 жыл бұрын
dude i think pico is great but the fact it wants to fucking save everything to my computer or my kali linux build is soooooooooo stupid
@papsnap9724 2 жыл бұрын
y you use echo "picoCTF{M4K3_5UR3_70_CH3CK_Y0UR_1NPU75_1B9F5942} " ???? what the echo dose ?
Low Level Learning
Рет қаралды 1,2 МЛН
John Hammond
Рет қаралды 34 М.
Grant Collins
Рет қаралды 671 М.