Party Cat0%

MushroomHatesLetters

Omar Mohamed
Thanks for sharing!

بِسْمِ اللَّهِ الرَّحْمَنِ الرَّحِيمِ

Mushroom Hates Letters
Welcome back to another challenge! This time, we’ve got a misc challenge, a Linux one. You have a shell, but you can’t use letters. Can you get the flag at /flag.txt?
Honestly, I overthought this challenge. I had an intended solution, but players found some easier, unintended ones. So... I’ll save the intended way for another challenge and review players' ones 🙃

Solution

Let’s start experimenting on our Linux machine.
Since you can use symbols and numbers, can we use some kind of encoding to get letters? One option is hex encoding, which we can evaluate using $'<hex>'.
  • Hex
Example:
The $'' syntax allows us to use escape sequences, including hexadecimal byte values.
But... letters are still present, so we need alternatives. Other encodings that don’t use letters are octal and decimal.

  • Decimal
Example:

  • Octal
Example:
That works as well.

Getting the flag

Now, we can use cat to read the flag:
flag
IEEE{1_t0ld_u_n0_l3tt3r5_m4n_D:}

Another creative approach is using the source command, not directly with letters, but using the . (dot) like this:
This tries to execute the contents of flag.txt, raising an error that leaks the content.
flag
Since flag.txt contains letters, we can use globbing to match the file without using letters:
This matches flag.txt, tries to execute its contents, and raises an error that leaks the content.
flag
That's it for this challenge! I hope you learned something new. Stay tuned for more Linux fun in the future! 😉

You might also like