Category: Pwn Points: 471 Description:
Do you like shell command injection?
nc ctf.pwn.sg 1601Creator - amon (@nn_amon) evenflow.py
This challenge involves knowing that bash returns the exit code of the previous program with
$?, exactly two characters and what the program runs uninterrupted. Additionally, for the particular Linux that the challenge runs on,
$? returns the exact ASCII code of the next character in the flag. However, I only found that out after the challenge, so my way of bruteforcing is a little stranger.
Essentially, when changing the last character of the flag and the exit code changes, it means that the second last character is correct. Knowing this, I whipped out good ol' Python and went ham on the bruteforcing.
Therefore, the flag is