n00bz

Rörigt

Kategori

Övriga

Beskrivning

Kör kommandot för att få flaggan.

curl http://challs2.crate.nu:38994/ctf.sh -so - | bash

Lösning

Om man hämtar scriptet utan att skicka vidare det till bash så får man ut följande script.

#!/bin/bash

function connection_error()
{
    echo "No connection to Crate CTF servers, exiting..."
    exit 1
}

echo Checking connection to Crate CTF servers, please wait...
ping -c 5 127.0.0.1 > /dev/null 2>&1 || connection_error

# If there's a lot of "^@" below, remove them using: cat script.sh | tr -d "\0" > script.sh

# This is the benign version of the script, which should mean that you are viewing
# its source instead of piping it to bash. Good job!
# You should always download and examine a script before running it!

echo Welcome to the Crate CTF flag decryption service!
flag="pengrpgs{phey_gb_onfu_rirelguvat_zvtug_penfu}"
alphabet=abcdefghijklmnopqrstuvwxyz
rot=13

echo "Decrypting flag: ${flag}"
echo ""

sleep 2

for i in $(shuf -i 0-$((${#flag}))); do
    echo $flag

    flag_char=$(echo ${flag:i:1} | sed "y/${alphabet}/${alphabet:$rot}${alphabet::$rot}/")
    flag="$(echo $flag | sed "s/\(.\{$i\}\).\(.*\)/\1$flag_char\2/")"
    sleep 0.1
    printf '\e[A\e[K'

done
echo $flag

Tar man ut den krypterade flagga och kör rot13 på den så får man ut den korrekta flaggan cratectf{curl_to_bash_everything_might_crash}

n00bz

Home of the n00bz CTF team.

By n00bz, 2022-11-28