Disclaimer for this video. The if statement conditional that determines whether or not we give a flag is just checking if the entered number == 0 (is equal to zero). I'm just an idiot. No biggie 😂
I was cracking up big time when you first couldn't spell "please", then struggled to count the letters, and then went a mile trying to figure out what that statement does, as opposed to being super precise and efficient with every step, every command, and every explanation as you usually are. Pure gold. Way too human, you are an inspiration :)
Thanks for taking more time than I took in solving this that's really an encouragement 😀😅😝❣️, for reversing any program be c or Java I look for the line that puts the flag , with this only i cracked them all.... In picoCTF2022 ❣️
I really appreciate the subtle explanations of things like terminal navigation and why, or how you're doing something while still seamlessly teaching the broader point of the video, you sir have a gift for teaching and I'm enjoying the lessons from your content, keep it up!
thank you a lot John, i found out about this thing only because of you and i solved every single challenge that's less than 500 points :D. some took a lot of time even though they were simple but i liked it a lot anyway
i think it will work either if you enter 0 and some random characters because the function "strtol" cuts the input into numbers and characters so if we enter for example "0AAA" it will return the 0 or if we enterd "123AAAA" it will return th "123" and if we either enter "AAAA" it will return 0 too because there is no numbers in the beginig of the output .
Thank you for all that you do. I want to start doing these myself and try and follow along with your videos and do all of these lol. I love how you walk through the CTFs.
One can only appreciate all the basic explanation you still add to your videos after all this time. Super fun to watch and learned a lot of things! Onto the next one! Thanks John for uploading all of these. I really feel like the unedited and "searching" part of the video makes it even more interesting for someone like me (yay pen testing students)!
I got excited when you said it was for middle school and high-school kids. I thought me and my kid could give it a try. The you went to the first challenge and opened sublime and started going through code and I was so lost it wasn't even funny. Can you recommend a ctf like this for absolute beginners.
Unfortunaly they are not really a lots of ctf for begginer and i understand that when u don't know the basics of code and all that stuff it can be really discouraging but for ethical hacking the start is always pretty hard. But if you are really motivated and really want to learn/teach ctf u should first learn network (just the basics of ip and how computer communicate), the basics of linux and bash (you can watch the playlist of Network chunk linux for ethical hacker) and finally a little bit of code like python or c++ It's totally fine to give up or just don't have the motivation but if i can give an advice of my experience you should learn/teach just a little bit but everyday and like that in one or two month this ctf will still be a little bit hard at first but you will have the skill to do some ctf Hope i helped ^^
@@sachabourel9375 I have strong programming skills, but I don't know anything about network, how hard will it be for me to become a good ethical hacker?
@@maxim2727 in reality ethical hacking is really not difficult (and it's even easier if u already know some coding skill especially if it's python or bash script) But like i said a little bit before the real difficulty it's that a lots of people (including me for a while) want to learn everything fast So just take ur time make a schedule and learn a little bit everyday with the right teacher/online ressource u can be almost an expert in a couple of month
@@sachabourel9375 Hey Buddy thanks. I have strong coding skill in Python and C/C++, can you give me a roadmap, what to learn next? with resource when possible?
I really enjoyed this! Your explanations were helpful, but not excessively drawn out. For someone like me, this type of video feels like talking to someone just slightly smarter/more experienced than you. You can understand, but they still make you think and question what you know.
I had a lot of fun with these challenges! The first live CTF I've gotten to do since getting into this sort of thing in large part thanks to you. Excited to see you go through some!!!
I didn't get this one as it took so much time. Surprised me it was the first challenge especially as last year's cat a file for the flag was a winner! The rest onwards were as expected. Still they are great challenges though. Another great video :)
Played Pico awhile back, was kind of proud of myself for doing well...until I realized the many users I was getting stomped by - were high schoolers 😑. Lol but that just got me even more motivated to get out there and learn more, so I'll head on over and play some more 🤣
Hi John. I saw you on with David Bombal and found your channel. I am the greenest of green, just starting to learn from scratch. When you first opened this up my eyes glazed over. Watching you work through it, and reading along, really made it less intimidating. I'm more confident that I can learn. Thanks for what you do. Edit: IDK where I got "Peter Hammond" from 😄
strtol converts a string into a long integer, so enter a string '0' you get a zero. But if even when you enter a string without digits you still get a zero. Only if you enter a string of digits bigger or lower than long min / max, you get the min max error. ;o)
@@logiciananimal Not really. That kind of converter function works the same in e.g. [Visual] Basic 'val()' or similarily with implicit conversions like in Perl or PHP. Only some high level languages catch letter to number conversions as an error. I think Python is one of them.
Hi John. Love your videos and took your word and played through this CTF. I would really love for you to cover the buffer overflow ones, I just couldn't get past the second one. And also the solfire one kept me captivated. Apparently very few got to solve that one...
The picoCTF organizers didn't want writeups for the first week as they get the top teams to do writeups. I'm still waiting to release my solfire (only got 5 other solves) writeup because of this.
Just an advice, if you come across some CTF event you like or challenges that might interest the crowd, release the video later, that would be helpful but atleast post it on your social media about the event. It's April 1st and I completely missed the PicoCTF challenges because I hadn't visited it's website for a long time... Sad life!! 🥺🥺🥺
Reading the man page: "If there were no digits at all, strtol() stores the original value of nptr in *endptr (and returns 0)" Longs are *signed*. LONG_MIN is far less than 0. If ( (en=strtol(entry, NULL, 10)) == 0) {...} Set en to what is returned by strtol(entry, NULL, 10), and check if it is 0 then do stuff. strtol(entry, NULL, 10) converts the number, potentially after white space and with base 10, at the beginning of the string entry and returns it. This has nothing to do with errno.
Should I get a desktop or a laptop as a student in hacking for the coming year? Is there any difference in how it can help me to set up vm, labs and heck myself having a laptop or a desktop? When you work as a professional later on are there different types of hackers, blue team, purple team etc that more often lean to using a desktop ver a laptop and vice versa? Please be serious and get back to me with a good explanation of what to think of when choosing the right computer…. Thank you for all inputs and advices you guys can give me! 😎
It doesn't matter. You want a device that is comfortable for YOU to use. Fast and stable internet, enough Ram for 1-2 VMs and your favorite host os. Some people find having 2 monitors to be helpful
In your videos, you always say that you fire up a virtual machine with Kali Linux. Do you use a full-fledged VM (vmware, virtualbox) or wsl2 with "kali-win-kex" that gives you a Kali desktop environment?
hey John i"m new to ctf's and i got the flag within 3 minutes of interacting with the program. Just wondering why you are trying to break the program first. is it because logically programs aren't built for you to do exactly what they say in order to get the flag, and this one is the exception?
Can anyone explain to me how they write the flag on specific memory address as seen here : static const char* flag = "[REDACTED]"; The memory address in this case is [REDACTED] = 5B 52 45 44 41 43 54 45 44 5D
I understand that PicoCTF should be simple for newbees to get startet and to learn from. However, from about 5.50 in this video you totally lost me, I have absolutely no idea what is going on after that! 🙄😂
Disclaimer for this video. The if statement conditional that determines whether or not we give a flag is just checking if the entered number == 0 (is equal to zero). I'm just an idiot. No biggie 😂
I was cracking up big time when you first couldn't spell "please", then struggled to count the letters, and then went a mile trying to figure out what that statement does, as opposed to being super precise and efficient with every step, every command, and every explanation as you usually are. Pure gold. Way too human, you are an inspiration :)
We learnt the either way by breaking the api which will be easier to remember later .. 🙏
Thanks for taking more time than I took in solving this that's really an encouragement 😀😅😝❣️, for reversing any program be c or Java I look for the line that puts the flag , with this only i cracked them all.... In picoCTF2022 ❣️
We are all idiots, John. Thanks for the work!
Nah John. You ain't an idiot. If you was a c programmer you would be.
I really appreciate the subtle explanations of things like terminal navigation and why, or how you're doing something while still seamlessly teaching the broader point of the video, you sir have a gift for teaching and I'm enjoying the lessons from your content, keep it up!
thank you a lot John, i found out about this thing only because of you and i solved every single challenge that's less than 500 points :D. some took a lot of time even though they were simple but i liked it a lot anyway
congratz!
You are hands down the most entertaining and best source of cybersecurity education on youtube. thank you for all the content you put out
Great Explanations even of the smaller things, really appreciate this as someone who wants to start out on cyber security! Keep up the great content!
It was honestly very comforting to see someone I look up to also maybe struggle a little bit with code at first. It makes me feel not as dumb, ha ha!
i think it will work either if you enter 0 and some random characters because the function "strtol" cuts the input into numbers and characters so if we enter for example "0AAA" it will return the 0 or if we enterd "123AAAA" it will return th "123" and if we either enter "AAAA" it will return 0 too because there is no numbers in the beginig of the output .
Thank you for all that you do. I want to start doing these myself and try and follow along with your videos and do all of these lol. I love how you walk through the CTFs.
One can only appreciate all the basic explanation you still add to your videos after all this time.
Super fun to watch and learned a lot of things!
Onto the next one! Thanks John for uploading all of these.
I really feel like the unedited and "searching" part of the video makes it even more interesting for someone like me (yay pen testing students)!
I got excited when you said it was for middle school and high-school kids. I thought me and my kid could give it a try. The you went to the first challenge and opened sublime and started going through code and I was so lost it wasn't even funny. Can you recommend a ctf like this for absolute beginners.
Unfortunaly they are not really a lots of ctf for begginer and i understand that when u don't know the basics of code and all that stuff it can be really discouraging but for ethical hacking the start is always pretty hard.
But if you are really motivated and really want to learn/teach ctf u should first learn network (just the basics of ip and how computer communicate), the basics of linux and bash (you can watch the playlist of Network chunk linux for ethical hacker) and finally a little bit of code like python or c++
It's totally fine to give up or just don't have the motivation but if i can give an advice of my experience you should learn/teach just a little bit but everyday and like that in one or two month this ctf will still be a little bit hard at first but you will have the skill to do some ctf
Hope i helped ^^
@@sachabourel9375 I have strong programming skills, but I don't know anything about network, how hard will it be for me to become a good ethical hacker?
@@maxim2727 in reality ethical hacking is really not difficult (and it's even easier if u already know some coding skill especially if it's python or bash script)
But like i said a little bit before the real difficulty it's that a lots of people (including me for a while) want to learn everything fast
So just take ur time make a schedule and learn a little bit everyday with the right teacher/online ressource u can be almost an expert in a couple of month
@@sachabourel9375 Hey Buddy thanks. I have strong coding skill in Python and C/C++, can you give me a roadmap, what to learn next? with resource when possible?
Are you still here I want to ask something?@@sachabourel9375
This was fantastic! Pico CTF has been my favorite ctf site so far.
"Virtual machine" he says, 1:51 am march 16th he says, either way I hope I could learn from this chill video!
Your curiosity makes it even more interesting! Thanks
I really enjoyed this! Your explanations were helpful, but not excessively drawn out. For someone like me, this type of video feels like talking to someone just slightly smarter/more experienced than you. You can understand, but they still make you think and question what you know.
I had a lot of fun with these challenges! The first live CTF I've gotten to do since getting into this sort of thing in large part thanks to you. Excited to see you go through some!!!
I didn't get this one as it took so much time. Surprised me it was the first challenge especially as last year's cat a file for the flag was a winner! The rest onwards were as expected. Still they are great challenges though. Another great video :)
thank you John for this amazing hands-on video, your videos help me a lot to build knowledge in this amazing field of offensive cybersecurity.
Welcome back Pico. Favorite series.
loved it, it reminds that the problems programming for different people sre very similar sometimes
Played Pico awhile back, was kind of proud of myself for doing well...until I realized the many users I was getting stomped by - were high schoolers 😑. Lol but that just got me even more motivated to get out there and learn more, so I'll head on over and play some more 🤣
Hi John. I saw you on with David Bombal and found your channel. I am the greenest of green, just starting to learn from scratch. When you first opened this up my eyes glazed over. Watching you work through it, and reading along, really made it less intimidating. I'm more confident that I can learn. Thanks for what you do. Edit: IDK where I got "Peter Hammond" from 😄
strtol converts a string into a long integer, so enter a string '0' you get a zero. But if even when you enter a string without digits you still get a zero. Only if you enter a string of digits bigger or lower than long min / max, you get the min max error. ;o)
Right, and that's a design flaw in the C standard library that's been around forever.
@@logiciananimal Not really. That kind of converter function works the same in e.g. [Visual] Basic 'val()' or similarily with implicit conversions like in Perl or PHP. Only some high level languages catch letter to number conversions as an error. I think Python is one of them.
@@jenselstner5527 This is why Option and those sorts of things was invented.
@@logiciananimal Some call it design flaw, others call it expected behaviour.
Your videos are making me more excited 😊 Thanks
You're making me really want to check out Pico CTF!
Hi Big John, love your words and there's somthing new in your tutorial s, it's always like real..
Hi John. Love your videos and took your word and played through this CTF. I would really love for you to cover the buffer overflow ones, I just couldn't get past the second one. And also the solfire one kept me captivated. Apparently very few got to solve that one...
Absolutely, the buffer overflow ones are on their way!! :)
The picoCTF organizers didn't want writeups for the first week as they get the top teams to do writeups.
I'm still waiting to release my solfire (only got 5 other solves) writeup because of this.
Just an advice, if you come across some CTF event you like or challenges that might interest the crowd, release the video later, that would be helpful but atleast post it on your social media about the event. It's April 1st and I completely missed the PicoCTF challenges because I hadn't visited it's website for a long time... Sad life!! 🥺🥺🥺
Thanks John, the outro was lit tho
Thanks John!!
I've just managed to score 4100 in this challenge.....
I really suck at binary and crypto.......
Waiting for your amazing walkthrough
how far in crypto did you get?
@@yannisvh not much....
Maybe 2 or 3 of them...
I'm really bad at it
Reading the man page: "If there were no digits at all, strtol() stores the original value of nptr in *endptr (and returns 0)"
Longs are *signed*. LONG_MIN is far less than 0.
If ( (en=strtol(entry, NULL, 10)) == 0) {...}
Set en to what is returned by strtol(entry, NULL, 10), and check if it is 0 then do stuff. strtol(entry, NULL, 10) converts the number, potentially after white space and with base 10, at the beginning of the string entry and returns it.
This has nothing to do with errno.
Should I get a desktop or a laptop as a student in hacking for the coming year? Is there any difference in how it can help me to set up vm, labs and heck myself having a laptop or a desktop? When you work as a professional later on are there different types of hackers, blue team, purple team etc that more often lean to using a desktop ver a laptop and vice versa?
Please be serious and get back to me with a good explanation of what to think of when choosing the right computer….
Thank you for all inputs and advices you guys can give me!
😎
It doesn't matter. You want a device that is comfortable for YOU to use. Fast and stable internet, enough Ram for 1-2 VMs and your favorite host os. Some people find having 2 monitors to be helpful
You broke my heart with the any of the other command line editors...
I use emacs on it and is glorious
You know I'm just going to go back in time and win the CTF for myself bahahahaha
enjoyed
!
Cool vid
Was genuinely surprised by how many i got during the comp
In your videos, you always say that you fire up a virtual machine with Kali Linux. Do you use a full-fledged VM (vmware, virtualbox) or wsl2 with "kali-win-kex" that gives you a Kali desktop environment?
Will chrome book chrosh work? Whenever I enter a line nothing shows up. Having a hard time following along
Hey John, what do you think about Spring4Shell that just surfaced and hit the Java Spring Boot framework?
hey John i"m new to ctf's and i got the flag within 3 minutes of interacting with the program. Just wondering why you are trying to break the program first. is it because logically programs aren't built for you to do exactly what they say in order to get the flag, and this one is the exception?
Can anyone explain to me how they write the flag on specific memory address as seen here :
static const char* flag = "[REDACTED]";
The memory address in this case is [REDACTED] = 5B 52 45 44 41 43 54 45 44 5D
Where is the flag variable in the code set to the actual flag???
I am using LastPass, that didn't age well 😅
How to find out about challenges before they end?
I'm looking for CTF team
Good goood
I usually play my xbox at 1:15 AM.
If you don't mind can I ask question?
First thing I did was typed in “ flag “ and it spit me out the flag and was like umm okay…
CTF equivalent of “my program works and I don’t know why”
I looked at the code and knew all it needed was a 0 or anything other than a number.
you feeling better bro? I hope so.....
Coding/ cybersecurity is just words plus commands basically right I'm a complete noob
Why you moved from Ubuntu to Kali linux
pretty sure read takes the data line by line.
@John, Kali in VM or WSL?
John is using a VM judging from the desktop environment, but WSL is enough for these challenges.
John did your discord server get compromised? I really didn't take you as someone to put CoD over valuable Cybersecurity learning 😢
strtol = str to l = string to long
Pretty sure you saw the code and entered 0 as the programmer intended and caught the flag! lol
Somebody help me copy paste link of an image in the webshell for solving it
I’m not able to paste it to webshell cntrl + V isnt working
Sir can you make course in Udemy about hack from zero to hero
I understand that PicoCTF should be simple for newbees to get startet and to learn from. However, from about 5.50 in this video you totally lost me, I have absolutely no idea what is going on after that! 🙄😂
i love y
dude i think pico is great but the fact it wants to fucking save everything to my computer or my kali linux build is soooooooooo stupid
y you use echo "picoCTF{M4K3_5UR3_70_CH3CK_Y0UR_1NPU75_1B9F5942}
" ????
what the echo dose ?