Special
AUTHOR: LT ‘SYREAL’ JONES
Description Don’t power users get tired of making spelling mistakes in the shell? Not anymore! Enter Special, the Spell Checked Interface for Affecting Linux. Now, every word is properly spelled and capitalized… automatically and behind-the-scenes! Be the first to test Special in beta, and feel free to tell us all about how Special streamlines every development process that you face. When your co-workers see your amazing shell interface, just tell them: That’s Special (TM) Start your instance to see connection details. ssh -p 51065 ctf-player@saturn.picoctf.net The password is d8819d45
Solution
This was a real rollercosta I have to say. The hint guided me on this challenge hint:Experiment with different shell syntax
- ssh to the server
ssh -p 51065 ctf-player@saturn.picoctf.net![image]()
- After logging in, I realized we can’t run normal commands as they are jumbled somehow.
![image]()
- I immedietely run to google and I had a chance to learn a lot about shell syntax, my friend @noamgariani11 really did come up to my rescue on this one.
- I followed a syntax noamgariani11 had suggested
${parameter?ls}${parameter={command}}
The syntax ${parameter='command_here'} is used for parameter expansion in shell scripting. It assigns a default value to the variable parameter if it is not already set. Learning about this new syntax , I jumped back to the challenge.
- I started with listing available folders or files and sequentially followed the following table
| Command | Output |
|---|---|
| ${parameter?ls} | parameter: ls |
| ${:ls} | Bad substitution |
| ${parameter=ls} | blargh |
| ${parameter=cat blargh} | cat: blargh: Is a directory |
| ${parameter=cd blargh} | ${parameter=cd blargh} |
| ${parameter=ls blargh} | flag.txt |
| ${parameter=cat < blargh/flag.txt} | This gave the flag |
Special thanks to noamgariani11 for helping me solve this one. I learnt alot from the challenge.
Comments powered by Disqus.