siunam's Website

My personal website

Home Writeups Blog Projects About E-Portfolio

Background

background1

background2

In this challenge, pretty much just like one of the challenge in NahamCon CTF 2022! Breaking out of the shell!

Solution

solution1

First, as usual, netcat into the docker instance. Then we can see there are 4 components. Let’s choose one of them.

Next, there are 7 actions we can choose!

1. Create artifact (Create a file)
2. List directory (pwd; ls -la)
3. Read artifact (cat ./<name>)
4. Compress artifact (zip <name>.zip <name> <options>)
5. Change directory (cd <dirname>)
6. Clean directory (rm -rf ./*)
7. Exit

Let’s create a file then.

After the process of overthinking, I found maybe we can do something peculiar to this machine via zip! As it can parse an argument!

solution3

Hmm… According to GTFOBins, we can break out the shell via -T -TT 'sh #'! Let’s try this!

solution2

Yes!!! It works! Let’s find and cat the flag!

flag

Flag

HTB{GTFO_4nd_m4k3_th3_b35t_4rt1f4ct5}