There's an interesting script in the user's home directory.
The work computer is running SSH. We've been given a script that performs some basic calculations, explores the script, and finds a flag.
Open up the terminal and connect with SSH to the server.
ssh picoplayer@saturn.picoctf.net -p 51135
Enter the provided password. Verify that you are inside the home directory and see the contents of that directory.
pwd
ls
cat useless
#!/bin/bash
# Basic mathematical operations via command-line arguments
if [ $# != 3 ]
then
echo "Read the code first"
else
if [[ "$1" == "add" ]]
then
sum=$(( $2 + $3 ))
echo "The Sum is: $sum"
elif [[ "$1" == "sub" ]]
then
sub=$(( $2 - $3 ))
echo "The Substract is: $sub"
elif [[ "$1" == "div" ]]
then
div=$(( $2 / $3 ))
echo "The quotient is: $div"
elif [[ "$1" == "mul" ]]
then
mul=$(( $2 * $3 ))
echo "The product is: $mul"
else
echo "Read the manual"
fi
fi
man useless
This is all that was needed. You can find the flag under 'Authors' at the end of the man page. Nice one, you've got the flag!
Subscribe to our email newsletter and unlock access to members-only content and exclusive updates.
Comments