Challenge Description

After its abysmal performance at WPICTF 2019, suckmore shell v1 has been replaced with a more secure, innovative and performant version, aptly named suckmore shell V2.

ssh smsh@smsh.wpictf.xyz pass: suckmore>suckless

made by: acurless

Poking Around

First off, SSH login.

ssh smsh@smsh.wpictf.xyz

Give the password when asked.

A prompt, hmmmm. Doesn’t look a normal shell, but it’s a shell. Okay, let’s see what we have now.

ls -la

Whaaaaaaaat? We have found the flag already!? Easy 200 points!

cat flag

Strange. The shell was hanging after I entered the command.

That’s fine. Let’s try other ways to read the file.

Not even string or grep. When I tried less flag it even messed the console up, and I had to fire up a new terminal tab. I was wrong. It’s not easy 200 points.

I finally got lucky with base64 command.

base64 flag

Seems it managed to read and encode that file. Let’s copy the encoded text and decode it on our own machine.

echo -n "ZWNobyAiV1BJe1NVY2ttb3JlU29mdHdhcmVOMzNkejJHM1RpdFRvZ2VUSEVSfSIK" | base64 -d

Curious. It’s a shell command in that file. Anyway, we’ve retrieved the flag.