Uglybash

redpwnCTF 2020
Miscellaneous
hmmm
June 26th, 2020


Enjoy the intro misc chal.

Download file: cmd_3.sh

Uglybash (Arinerron)

407 Solves, 359 Points


This bash script evaluates to echo dont just run it, dummy # flag{...} where the flag is in the comments.

The comment won't be visible if you just execute the script. How can you mess with bash to get the value right before it executes?

Enjoy the intro misc chal.


The first part(${*%c-dFqjfo} e$'\u0076'al) translates to eval. Replace this eval with echo to get the second script(in cmd2.sh). The first part("[email protected]" "${@//.WS1=|}" $BASH ${*%%Y#0C} ${*,,}) translates to /bin/bash, meaning the entire script is redirecting the herestring into bash. Replace this with echo to get echo dont just run it, dummy # flag{us3_zsh,_dummy}.

Flag: flag{us3_zsh,_dummy}