Welcome back to another challenge! This time, we’ve got a misc challenge, a Linux one. You have a shell, but you can’t use letters. Can you get the flag at /flag.txt?

Honestly, I overthought this challenge. I had an intended solution, but players found some easier, unintended ones. So... I’ll save the intended way for another challenge and review players' ones 🙃

Let’s start experimenting on our Linux machine.

Since you can use symbols and numbers, can we use some kind of encoding to get letters? One option is hex encoding, which we can evaluate using $'<hex>'.

Example:

The $'' syntax allows us to use escape sequences, including hexadecimal byte values.

But... letters are still present, so we need alternatives. Other encodings that don’t use letters are octal and decimal.

Example:

Example:

That works as well.

Now, we can use cat to read the flag:

Another creative approach is using the source command, not directly with letters, but using the . (dot) like this:

This tries to execute the contents of flag.txt, raising an error that leaks the content.

Since flag.txt contains letters, we can use globbing to match the file without using letters:

This matches flag.txt, tries to execute its contents, and raises an error that leaks the content.

That's it for this challenge! I hope you learned something new. Stay tuned for more Linux fun in the future! 😉