After its abysmal performance at WPICTF 2019, suckmore shell v1 has been replaced with a more secure, innovative and performant version, aptly named suckmore shell V2.
ssh firstname.lastname@example.org pass: suckmore>suckless
made by: acurless
First off, SSH login.
Give the password when asked.
A prompt, hmmmm. Doesn’t look a normal shell, but it’s a shell. Okay, let’s see what we have now.
Whaaaaaaaat? We have found the
flag already!? Easy 200 points!
Strange. The shell was hanging after I entered the command.
That’s fine. Let’s try other ways to read the file.
grep. When I tried
less flag it even messed the console up, and I had to fire up a new terminal tab. I was wrong. It’s not easy 200 points.
I finally got lucky with
Seems it managed to read and encode that file. Let’s copy the encoded text and decode it on our own machine.
echo -n "ZWNobyAiV1BJe1NVY2ttb3JlU29mdHdhcmVOMzNkejJHM1RpdFRvZ2VUSEVSfSIK" | base64 -d
Curious. It’s a shell command in that file. Anyway, we’ve retrieved the flag.