IceCTF 2016 - Demo
Mon 15 August 2016
Category: CTF
Challenge description:
I found this awesome premium shell, but my demo version just ran out... can you help me crack it? /home/demo/ on the shell. The source for this challenge was provided:
#define _GNU_SOURCE
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <libgen.h>
#include <string.h>
void give_shell() {
gid_t gid = getegid();
setresgid(gid, gid, gid);
system("/bin/sh");
}
int main(int argc, char *argv[]) {
if(strncmp(basename(getenv("_")), "icesh", 6) == 0){
give_shell();
}
else {
printf("I'm sorry, your free trial has ended.\n");
}
return 0;
}
So to get the flag we need to make the _ shell variable equal icesh. The _ shell variable in bash is always set to the program name of the command being run. So I decided to use a different shell to see what would happen.
sh
ls icesh; /home/demo/demo
cat flag.txt
IceCTF{wH0_WoU1d_3vr_7Ru5t_4rgV}
And there we have our flag: IceCTF{wH0_WoU1d_3vr_7Ru5t_4rgV}