CSAW 2024 CTF Writeup: Diving Into Null
Writeup for CSAW 2024 CTF Pwn Challenge Diving Into Null
Hello and welcome to another writeup, this time for CSAW'24 CTF. I participated in this CTF with my team Beasthood. I contributed to this CTF by completing the Pwn Challenge "Diving Into Null". This was a fun challenge and I learned the immense possibilities of echo
command in Linux. So, without further ado let's jump in!
I connected to the challenge's machine with netcat
. The most peculiar thing is that I couldn't run any basic commands.
The only two commands that seemed to work were cd
and echo
.
I tried to look for ls or cat commands in the /usr/bin
but it seems useless as the challenge info on CSAW's website says "Oops, I rm -rf 'ed my binaries"
. This might mean that no command will work on this machine except cd
and echo
. Great, so now I have to find the flag with just echo
. After some digging I realised that I can use echo
as ls
command by using echo *
.
Great! I am guessing the flag must be in the user's home directory so let's get in there with cd
.
I tried echo *
again but this directory seems empty. However, there might be hidden files and/or folders in here. As a hunch, I tried echo .*
and Et Voila!
Now, I have to figure out how to read this file. As cat
doesn't work I have to use echo
again. Some more digging and I found a wonderful Stackoverflow thread which lists various ways to read a file's contents with echo
.
Some users list the command echo $(cat file.txt)
but this will obviously not work in my case. The other command I tried was echo $(< .flag)
and it works!
Why did this command work? Well, echo
reads inputs from stdin
and then prints it on stdout
. When we use something like echo hello
, hello
is the content we give to echo
with stdin
which it then prints. In the above command, I am giving the contents of the file .flag
as stdin
(the <
operator) hence, echo
prints out the contents on the terminal.
This was a pretty easy but fun challenge and I still wasted 30 minutes but I learned a lot. Thanks so much for reading and I will see you next time!
Last updated