Another day, another challenge…
Today’s blog post we’re going to solve the “Just No” challenge in the PicoCTF challenge.
OK… we have a program that has access to the flag, but refuse to give it to us.
Let’s look at the hints and see what we can do.
OK.. we need to look at the absolute and relative paths, and spoof the file that the program is looking for.
Let’s go to the program.
After clicking logging into the command line and navigating to the folder we see the following:
Opening the auth file with the cat command we see:
OK. The file only as no. Let’s see how this is being used.
Opening the justno.c file with the cat command we see:
Reading the file we see we’re opening the auth file and determining if the the auth file does not have the word “no”. If that’s true then we’re presented with the flag. If the auth file does contain the word “no” then we go inside the else block which print, “auth file says no. So no. Just… no.”
As we can see when we opened the auth file it currently has the word “no”. Which means if we executed the justno program right now we would go to the else block, and receive the no message.
Now is the time to utilize the hints. We need to spoof the auth file to be ANY word except for no. How are we going to do this?
Well the challenge told us to read the difference between absolute and relative paths. Once we figured that out, then we can create a new auth file and point it to the new location.
Let’s give it a shot.
Going back to the justno.c we see that the file open is using relative paths.
We can spoof the location by creating the file structure and then calling the justno.c program and printing the flag.
Let’s do it.
Looking at the screenshot you can see we created the same directory structure and created a new auth file that was listed in the justno.c program. Once we did that and called the justno program again we were able to get the flag and acquired 40 points!