Bash injection without letters or numbers - 33c3ctf hohoho (misc 350)
Вставка
- Опубліковано 21 вер 2024
- This challange was an amazing team effort. There were multiple steps necessary for the solution and different people contributed. The final big challenge was a bash eval injection, but without using any letters or numbers.
=[ 🔴 Stuff I use ]=
→ Microphone:* geni.us/ntg3b
→ Graphics tablet:* geni.us/wacom-...
→ Camera#1 for streaming:* geni.us/sony-c...
→ Lens for streaming:* geni.us/sony-l...
→ Connect Camera#1 to PC:* geni.us/cam-link
→ Keyboard:* geni.us/mech-k...
→ Old Microphone:* geni.us/mic-at...
US Store Front:* www.amazon.com...
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Website: liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
=[ 📄 P.S. ]=
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#CTF
The biggest twist of the whole video is that 11 other teams managed to solve it.
That is the most dope ctf challenge i think i've ever seen, well done
The required "n" and "i" that are in printf sold me. Awesome builder of a challenge!
damn... I can follow what you're saying but I'd never have figured it out
Well I believe only an insanely small amount of people could resolve that on their own. Thats why they were a team lol
I would get stuck on the hanoi problem for a day. Forget about bash.
Dont say that, what you see here is the result of hours of work
That was insane. Some of these challenges are hugely complicated.
I stumbled upon this video while looking for a way to inject into a bash shell without using /lowercase/ letters (uppercase okay), but you seem to have blown that out of the water. Good job. That ö function is genius.
doing the bandit final level?
“What language did you use to write the solution?” “German”
Hahahaha amazing! The people that write these CTFs are insane
LiverOverFlow god mode activated
@@H3wastooshort liverflow
undetandable
Damn, I've learnt so much from one 11 mins. video :O
I'm glad to hear that!
The part of constructing the ascii characters by using numbers created with the amount of parameters was genius!!
Nicely done... this is one more proof that the arbitration between convenience and security is not easy.
Damn, that's really really interesting. I would've never thought about that, but I can pretty much follow what you're saying (idk a lot about Bash escape sequences and Bash in general tbh), but as you revealed each part, with the filenames, getting numbers, and getting letters, it was so interesting.
I have never smiled so much while watching a video online. BRAVO!
Damn, this was creative af hahaha. Even though I barely know any bash, this was very interesting to watch. Oh, and congrats on solving it :D
That is very clever. You essentially convert from bijective base 1 -> digits in base 8 -> ascii string. And all of this stemmed from noticing a single error when you were entering whether you were naughty or nice.
I thought I knew Linux but clearly I have so much more to learn . Well done
Well done. Reminds me in "JSFuck"
That was pure genius.... and drunk bash devs
I'm a noob linux user... just learned a whole lot more about my shell haha.
amazing!
That was insane! Very cool process!
Totally forgot about the * in bash, nice work here
This is the dopest injection I have ever seen, god, that's incredible work
this looked like it was really fun to solve.
nicely done.
That is incredibly genius. Wish I could’ve taken part in that!
Man you should be proud !! Thats amazing work . Btw how experience are those guys which wrote the CTF , are they machines :D?
Very cool. Wasn't following for a while but then you made it make sense. Thanks!
wow, what an amzing and unique ctf
0:55 club mate konsum ist stabil wie man sieht 👍
Knowing about jsfuck and Church encoding, I knew what to expect from the video title. Still learned a few things.
this really makes me want to go to a ctf
if i could talk to people that is
we are all awkward weirdos ;)
4:10 running zsh lmao
3:10
Oh I got it. You have to use a fork bomb ;)
In all seriousness I guessed using those fancy escape strings right when I saw it so like yay
This is what true madlads do.
This made realize how dumb I'm and freaking slow my brain is :(
Redstar OS, u are a genius
Brilliant!
You did it. You made SHFuck.
That... yup. I approve of this comment.
That's a parallel if I ever saw one.
me reaching 9:30 and realising what you'd done: YOU MAD LADS !
beautiful!
This was super smart! wow!
this blow my mind, never see this before in my life...thanks bro
Holy fuck... you and your teammates are insane, I love this
Amazing solution! I would never have figured that out! Any good resources on that topic to learn more about it? Kinda got hooked on the idea
well done
The letter ä is also used in Finnish
Edit: and obviously ö
Man this is brilliant!!
what the fuck the shell expansion fuckery was amazing
damn with all those drinks on-site, LiveOverflow is basically the fucking demoman from team fortress 2
that was amazing...great work indeed
pure beauty
I'm wondering if there is always just this one solution to finding the flag?
Reminds me to the programming language called "brain fuck".
Great job, TNX for sharing your experience.
i saw the Mate there, i really germany just cuz of that drink xD
Hi, are you planning to do some reversing on windows executables?
Great video, as always.
I'm a complete noob on windows. But checkout cyberspace.camp on UA-cam. He has some awesome videos about windows.
Unbelievable!
picoCTF 2024 is doing something really similar to this right now, and I cannot figure it out.
amazing!
I have a question that :
how did you knew that the name of the script that ran the /flag file was named "get_flag".
besides, how did you knew that the %s in this "get_flag" file can be provided as a program terminal argument?
Thanks a lot for the videos!
I r34lly appreciate your work!
That's such a difficult ctf
Wow! God work!
Incredible work :)
Amazing!!! Just mind blowing. One thing i would like to ask, couldn't you use "_" and "__" as function names instead of those German characters?
_ is in ascii chat set, so no
3:54 redstar-os
Mind blown.
How can you ever dislike this video?
omg! what a player!
This was awesome.
"ä and ö" xD lachflash
The best video.... thanks
As special characters are allowed (mentioned in the video) a non german could also have used characters like / and _
I had to use ???nt? instead of ???n?? because it was expanding to:
/???/???/???n??
/usr/bin/printf /usr/bin/telnet /usr/lib/kernel
here is the function definition for /
/() { /???/???/???nt? ${@}; }
/ hey
hey
Love the approach :D
Hey LiveOverflow, off-topic question: What color theme is that in the terminal?
Mind blowing
insane
Great challange. Any chance to setup this chalange on my own? Are these CTFs open after the challange?
mind blowned 🙃🙃
That's actually fucking genius
Great one.
Amazing
In what way is this going to be useful in everyday life?
Holy hell that's clever.
i wasnt sure up until now after watching some random videos of yours, but now im pretty sure you're german ^^ anyway, great solution to sth i would have given up after 10 minutes xD
It reminds me of the time when I was stuck with a single PC that would not boot properly (only text mode kinda worked) and the system had only one localisation (I was/am a linux noob and didn't know how to fix that) so I wasn't able to do some characters at all and I had to use a similar workaround to use these characters (I think it was % and maybe something else) just so I could wget and dd an .iso file to my usb flashdrive to chroot into the system and do the stuff I needed to.
Sorry my English. My dream is to be like you, I really want to learn what you know, but I do not know where to start. Can you help me where to start?
thanks! very kind of you to say. I have a binary hacking course playlist that starts at the beginning. So check those out: liveoverflow.com/binary_hacking/index.html
LiveOverflow Thank u very much
I also wish you the best of luck :) Keep learning!
hmm.....u guys crazy lah
very cool....
I missed the cingress this time :-(
I haven't ctfed in a while, but I
wow, awesome!
I'm surprised Unicode characters were allowed through, how were they doing the filtering?
They only filtered ASCII, not Unicode. At least that's what I think. Correct me if i'm wrong
[GERMAN]
Ich denke mit eurer ersten Reaktion auf das Rätsel wart ihr schon ganz richtig ich hätte auch instant äh öh gesagt....
[ENGLISH]
I think with your first reaction to the riddle you were quite right I would have said "äh öh" (German for huh?, Wait what?) immediately ...
YES 3B1B
around the 6 min mark how do you make your screen show some char in purple and the other chars in white?
Delitefully devilish seimor
omg that's insane
Wie einfach alle Club Mate konsumieren! xD
this dude is using redstar os. wow
3blue1brown ❤️
Can't you extract the password with a bunch of var=${ü#*NULL CHARACTER} or similar? Start with ü="$(that cat command you used to find it)"
Getting tha password from the file would have been easy it was the bash eval that needed to be exploited.
crazy
just wow
it must be 3500000000 points lol
Satisfactory is an actual game
ä (å too) and ö is also used in nordic languages such as Swedish
And Estonian also uses õ.