misc
Shelle
Solved by : nigamelastic
on starting the shell u see that u can only use the 7 commands
cat
, ls
, pwd
, whoami
, ps
, id
, echo
as mentioned in the txt file present
Dear Students, here are the questions for your next assignment, please finish them..
If you don't wanna do the assignment you can simply submit the flag which is in the /opt directory, but hah that would be impawsible
1) What is Linux?
2) What is the difference between UNIX and LINUX?
3) What is BASH?
4) What is Linux Kernel?
5) What is LILO?
6) What is a swap space?
7) What is the advantage of open source?
8 ) What are the basic components of Linux?
9) Does it help for a Linux system to have multiple desktop environments installed?
10) What is the basic difference between BASH and DOS?
Also do learn about following linux commands.
> whoami - Prints the user name associated with the current effective user ID.
> pwd - Prints the name of current working directory
> ls - List information about the FILEs (the current directory by default)
> ps - Displays information about a selection of the active processes.
> id - Print user and group information for the specified USER, or (when USER omitted) for the current user.
> echo - display a line of text (sometimes useful to print emotes)
> cat - concatenate files and print on the standard output
most of the
using the research from the previous integrity challenge I tried using a hex decoding via
echo -e
however everything including``(backticks) and
/ are filtered.
luckily
$()` isn’t so i crafted the payload and got the flag:
cat $(echo -e "\x2f\x6f\x70\x74\x2f\x66\x6c\x61\x67\x2e\x74\x78\x74")
flag{82ad133488ad326eaf2120e03253e5d7}
WORD CHURCH
Solved By : choco
the whole program is about solving 30 crossword puzzles with unspecified words to find. We have to use a script to find the words and a separate script to execute and get inputs of the crossword and words then output that position to the script
The program might encounter forkbombs or slow down but it works after a while
the crossword script :
import re
from itertools import islice
def find_in_list_of_list(mylist, char):
for sub_list in mylist:
if char in sub_list:
return (mylist.index(sub_list), sub_list.index(char))
raise ValueError("'{char}' is not in list".format(char = char))
def topright(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if( (i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
i-=1
j+=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def right(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if( (i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
j+=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def bottomright(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if( (i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
j+=1
i+=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def top(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if( (i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
i-=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def bottom(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if( (i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
i+=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def topleft(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if( (i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
i-=1
j-=1
print(str(i) +" "+str(j))
else:
return "nope"
st = st + "]"
return st
def left(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if((i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
j-=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def bottomleft(chara,lis,i,j):
st = "["
for k in range(len(chara)):
if((i > 15) or (j > 15)):
return "nope"
if(chara\[k]==lis[i\][j]):
st = st + "(" + str(j)+", "+str(i) + "), "
j-=1
i+=1
print(str(i) +" "+str(j))
else:
return "nope"
st =st + "]"
return st
def find(chara,lis,i,j):
st = ""
if(chara\[1] == lis[(i-1)%15\][(j+1)%15]):
st = topright(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[i\][(j+1)%15]):
st = right(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[(i+1)%15\][(j+1)%15]):
st = bottomright(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[(i-1)%15\][j]):
st = top(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[(i+1)%15\][j]):
st = bottom(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[(i-1)%15\][(j-1)%15]):
st = topleft(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[i\][(j-1)%15]):
st = left(chara,lis,i,j)
if(st != "nope"):
return st
if(chara\[1] == lis[(i+1)%15\][(j-1)%15]):
st = bottomleft(chara,lis,i,j)
if(st != "nope"):
return st
return "nope"
def maind(arg0,arg1):
content = arg1
#l = list(re.sub(r'[^a-zA-Z]', '', content))
#l1 = [l[x:x+16] for x in range(0, len(l), 16)]
l1 = arg1
strr = arg0
for i in range(len(l1)):
for j in range(len(l1[i])):
if(strr\[0]==l1[i\][j]):
print("found in " +str(i) +" "+str(j))
ans = find(strr,l1,i,j)
if(ans!="nope"):
ans1 = ans[0:(len(ans)-3)]+"]"
return ans1
return " "
if __name__ == "__main__":
maind(sys.argv[1], sys.argv[2], sys.argv[3])
The execution script:
import crossword
from pwn import *
host = 'challenge.ctf.games'
port = 30567
counter = 0
r = remote(host, port)
if __name__ == "__main__":
data = r.recvuntil('> ')
r.send(b'play')
data = r.recvuntil('> ')
wor = data.decode('ascii')
l3 = []
print(wor[20])
while True:
try:
if wor != None and '0' in wor:
s2 = "0 |"
l = list(re.sub(r'[^a-zA-Z]', '', wor[wor.index(s2) + len(s2):]))
l2 = [l[x:x+16] for x in range(0, len(l), 16)]
l3 = l2[:len(l2)-1]
print(l3)
str1 = ""
for ele in l2\[len(l2)-1\][1:]:
str1 += ele
print(str1)
ans = crossword.maind(str1,l3)
print(ans)
r.sendline(ans)
data = r.recvuntil('> ')
wor = data.decode('ascii')
print(wor)
else:
stre = re.sub(r'[^a-zA-Z]', '', wor)
print(stre)
ans = crossword.maind(stre,l3)
print(ans)
r.sendline(ans)
data = r.recvuntil('> ')
print(data)
wor = data.decode('ascii')
print(wor)
except EOFError:
print(r.recv(4096).decode())
exit()
flag{ac670e1f34da9eb748b3f241eb03f51b}
Bad Words
Solved By : bobbysox
This challenge was interesting. 99% of characters that I entered were flagged as “Bad Words” After some trial and error, i got the first message down below “bash: fg: no job control”
I tried to implement some job control with no luck. However, when trying this, I noticed it processed “#! /bin/bash” without throwing errors. It processes the “/” character!!!! This made me take a step back and think about what were in. We’re in a custom restricted shell. In the past ive usually used native binaries to escape such situations. We have two options here: prefix our commands with “/”, or, try and call native binaries since we know we can just call any path. The latter seemed like the best solution. Call /bin/bash and see what happens. It worked!!! yay!