Visitor Count
Home Pico CTF (Specialer)
Post
Cancel

Pico CTF (Specialer)

Posted May 12, 2023
Preview Image
By Joseph Kimiri
1 min read

Specialer

AUTHOR: LT ‘SYREAL’ JONES, ET AL.

Description Reception of Special has been cool to say the least. That’s why we made an exclusive version of Special, called Secure Comprehensive Interface for Affecting Linux Empirically Rad, or just ‘Specialer’. With Specialer, we really tried to remove the distractions from using a shell. Yes, we took out spell checker because of everybody’s complaining. But we think you will be excited about our new, reduced feature set for keeping you focused on what needs it the most. Please start an instance to test your very own copy of Specialer. ssh -p 59255 ctf-player@saturn.picoctf.net. The password is 483e80d4

Solution

This was a fun challenge, I enjoyed playing this one. Let’s get started, shall we?

  1. First we connect to the server via ssh ssh -p 59255 ctf-player@saturn.picoctf.net image
  2. I try using normal linux commands but most of the commands don’t work exept for some. image
  3. To list all the commands that the system allows, I press tab twice. image
  4. Now, lets try see how we can use the echo command to cat items.
  5. Assuming the flag is in flag.txt, I will need to improvice how I can read the file since the cat command is not available.
  6. The following command echo $(<flag.txt) can be used to print out the contents of flag.txt
  7. Back to the challenge, I now need to figure out where the flag is stored.
  8. I use cd ../.. and press tab twice to execute. image
  9. Now, let’s navigate to the home directory to see what is there. cd home/ and again press tab twice to execute.
  10. Here we get into another directory called ctf-player which has several files and folders image
  11. Let us try printing the contents of each folder.
  12. I start with the abra folder and cat the contents of the two txt files. echo $(<cadabra.txt) image
  13. I then cat cadaniel.txt using echo $(<cadaniel.txt) image
  14. I then proceed to the ala folder by backtracking one step, cd ../ala from the current folder.
  15. I then cat the kazam.txt that is there and luckily enough, that file has our flag. image

Thank you for reading through, hope you learnt something new.

CTFs, General
picoctf ctfs general cybersecurity
This post is licensed under CC BY 4.0 by the author.
Contents

Pico CTF (Hideme)

Pico CTF (Useless)

Comments powered by Disqus.