CrossCTF_2018: Evenflow

Category: Pwn Points: 471 Description:

Do you like shell command injection? nc ctf.pwn.sg 1601 Creator - amon (@nn_amon) evenflow.py

Write-up

This challenge involves knowing that bash returns the exit code of the previous program with $?, exactly two characters and what the program runs uninterrupted. Additionally, for the particular Linux that the challenge runs on, $? returns the exact ASCII code of the next character in the flag. However, I only found that out after the challenge, so my way of bruteforcing is a little stranger.

Essentially, when changing the last character of the flag and the exit code changes, it means that the second last character is correct. Knowing this, I whipped out good ol' Python and went ham on the bruteforcing.

Therefore, the flag is CrossCTF{I_just_want_someone_to_say_to_me}.

results matching ""

    No results matching ""