PicoCTF 2017 – Just No

Another day, another challenge…

Today’s blog post we’re going to solve the “Just No” challenge in the PicoCTF challenge.

Let’s start.

PicoCTF_Just_No_1

OK… we have a program that has access to the flag, but refuse to give it to us.

Let’s look at the hints and see what we can do.

PicoCTF_Just_No_2

OK.. we need to look at the absolute and relative paths, and spoof the file that the program is looking for.

Let’s go to the program.

After clicking logging into the command line and navigating to the folder we see the following:

PicoCTF_Just_No_3

Opening the auth file with the cat command we see:

PicoCTF_Just_No_4

OK. The file only as no. Let’s see how this is being used.

Opening the justno.c file with the cat command we see:

PicoCTF_Just_No_5

Reading the file we see we’re opening the auth file and determining if the the auth file does not have the word “no”. If that’s true then we’re presented with the flag. If the auth file does contain the word “no” then we go inside the else block which print, “auth file says no. So no. Just… no.”

As we can see when we opened the auth file it currently has the word “no”. Which means if we executed the justno program right now we would go to the else block, and receive the no message.

Now is the time to utilize the hints. We need to spoof the auth file to be ANY word except for no. How are we going to do this?

Well the challenge told us to read the difference between absolute and relative paths. Once we figured that out, then we can create a new auth file and point it to the new location.

Let’s give it a shot.

Going back to the justno.c we see that the file open is using relative paths.

We can spoof the location by creating the file structure and then calling the justno.c program and printing the flag.

Let’s do it.

PicoCTF_Just_No_6

Looking at the screenshot you can see we created the same directory structure and created a new auth file that was listed in the justno.c program. Once we did that and called the justno program again we were able to get the flag and acquired 40 points!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s