It’s a write-up about the challenge : Ringzer0CTF - Bash Jail 3
Challenge 31 - Bash Jail 3
1. Challenge
After login into the level3 with this command : ssh -l level3 -p 10220 challenges.ringzer0team.com and this password : FLAG-a78i8TFD60z3825292rJ9JK12gIyVI5P
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
RingZer0 Team Online CTF
BASH Jail Level 3:
Current user is uid=1002(level3) gid=1002(level3) groups=1002(level3)
Flag is located at /home/level3/flag.txt
Challenge bash code:
-----------------------------
WARNING: this prompt is launched using ./prompt.sh 2>/dev/null
# CHALLENGE
function check_space {
if [[ $1 == *[bdksc]* ]]
then
return 0
fi
return 1
}
while :
do
echo "Your input:"
read input
if check_space "$input"
then
echo -e '\033[0;31mRestricted characters has been used\033[0m'
else
output=`$input` &>/dev/null
echo "Command executed"
fi
done
-----------------------------
Your input:
2. Solution
The script threw stdout and stder to /dev/null. Even if the function check_space didn’t accept some charcacters, we could use the command : eval uniq flag.txt
It exists three file descriptors : stdout (1), stderr (2) and stdin (0) We could pass the filter with a pipe to stdin.
So we wrote : eval uniq flag.txt >&0. The uniq command in Linux is a command line utility that reports or filters out the repeated lines in a file.
The flag is : FLAG-s9wXyc9WKx1X6N9G68fCR0M78sx09D3j