Je veux la lune
In this challenge, we have access to the file donne_moi_la_lune.sh. After reading the contents of the file, I see that we can find the flag in lune.txt. Now let’s analyze a bit of the code to find the way to get it.
I noticed that the command eval "grep -wie ^$personne informations.txt" is probably exploitable.
This command is using the grep command to search for a pattern in the file informations.txt. The pattern being searched for is the value of the variable $personne, which is assumed to be previously defined in the script. The ^ character in the pattern means that the search term should match at the beginning of a line in the file.
The w option is used to ensure that the search term matches only whole words, while the i option is used to make the search case-insensitive.
Since this command uses regex, we can dump the entire content using the pattern .* lune.txt & to get the flag. Then the command will become
grep -wie ^.* lune.txt & informations.txt
^.*, which means “any character(s) at the beginning of a line.” This effectively matches the entire line.lune.txt: This is the first file argument provided to grep. It specifies the file in which the search will be performed.&: This symbol is a command separator that allows running multiple commands concurrently.
Overall, this command will search for lines that match the pattern ^.* (i.e., any line) in both lune.txt and informations.txt, using case-insensitive and whole-word matching.
1
2
3
4
5
6
En attendant j'ai aussi obtenu des informations sur Cherea, Caesonia, Scipion, Senectus, et Lepidus, de qui veux-tu que je te parle ?
.* lune.txt &
/app/donne_moi_la_lune.sh: fork: retry: Resource temporarily unavailable
/app/donne_moi_la_lune.sh: line 11: cannot redirect standard input from /dev/null: No such file or directory
404CTF{70n_C0EuR_v4_7e_1Ach3R_C41uS}
/app/donne_moi_la_lune.sh: line 11: informations.txt: command not found
Flag: 404CTF{70n_C0EuR_v4_7e_1Ach3R_C41uS}