1.6 KiB
| title | date | tags | ||
|---|---|---|---|---|
| WolvCTF 2024 - Misc: Made Harder / Misc: Made With Love | 2024-03-20 |
|
Task
the third makejail
the final makejail
Author: doubledeletePoints: 181, 277Solves: 68, 57 / 622 (10.932%, 9.164%)
Writeup
In Made Harder, we can add a single rule to a Makefile, with the restriction that our target name matches [A-Za-z0-9]+ and our code matches [\!\@\#\$\%\^\&\*\(\)\[\]\{\}\<\> ]+.
Then, the following Makefile is generated and our target is run:
SHELL := /bin/bash
.PHONY: {name}
{name}: flag.txt
{content}
We can use the $@ and $^ Makefile variables to specify the target name and dependencies respectively, while still following the regex.
Therefore, we can set the target name to cat and the code to $@ $^, which will expand to cat flag.txt, getting us the flag:
stdout:
b'cat flag.txt\nwctf{s0_m4ny_v4r14bl35}\n'
stderr:
b''
In Made With Love, the only difference is that the PATH variable is cleared, so we cannot run cat. We also cannot use /bin/cat since / will not match the regex.
Instead we can use the shell builtin source, which will try to run flag.txt as a shell script, giving us the flag:
stdout:
b'source flag.txt\n'
stderr:
b'flag.txt: line 1: wctf{m4d3_w1th_l0v3_by_d0ubl3d3l3t3}: No such file or directory\nmake: *** [Makefile:5: source] Error 127\n'