Challenge link
- Download the file and open it in a text editor.
- Immediately we can see that the script requires a
flag.txtfile in the same directory. Create it and make it something easy to spot. I’m going for the following:
echo ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>" > flag.txt- Running the script, we can see that it prints lyrics of a song and asks us for an input at the
CROWDprompt.
4. On further analysis of the file, we can figure out that the flag is embedded into secret_intro. We have to print the song including this secret_intro, but something seems to be preventing that from happening.
5. Delving into the printer loop, we can see that the following line allows us to pass arbitrary line numbers by injecting ;RETURN <line_number>. The lines are also being split with ; character.
- For ease of use, we will remove the
time.sleep(0.5). It does not affect the execution, rather it delays it. - Enter
;RETURN 0at the crowd prompt to go to the first line. - And we have the flag
