TokyoWesterns CTF 4th 2018 Writeup — Part 2

Abdelkader Belcaid
Sep 8, 2018 · 3 min read

02/09/2018 11:43 AM UTC+2

TokyoWesterns CTF 4th 2018 Writeup — Part 2

This is sunny sunday here in morocco, i’m playing TokyoWesterns in last days of my summer vacation before getting in university.

TokyoWesterns Team maked very awesome challenges, and generally one of best CTF competitions in this year. Let’s start solving the second challenge, I hope that will be easier than dec dec dec.

vimshell — 133pts

vimshell

Challenge: jail

This is diff of two files opened in vim, we have to escape from jail, it means that we have to get shell from this vim.

Hmm … that’s being cool.

vimshell challenge

I tried to put some commands and save this vim to get shell and tried to find somehow to get shell from this vim but no interesting result.

After i googled about some similar stuff and some old challenges, i found finally an interesting topic about jail escaping and getting shell from vim especially is a part of this subject.

How to get Shell from Man

The idea is that we will get Shell from Man, so firstlly i have to know how to get in man page from vim because personally i’m not vim user.

view man pages in vim

Okey, Let’s press K:

get in man page in vim

Then, let’s put the important thing we got from the topic which we read in order to get Shell:

! /bin/sh

Got Shell from Vim

Yay … let’s enjoy browsing and reading flag!

Got Flag

FLAG is: TWCTF{the_man_with_the_vim}

It was a cool and fun challenge, I enjoyed it and i hope that i will meet like this one in servers in order to get more Shells …

I would like to thanks the author of this challenge especially and TokyoWesterns Team generally. If you are interesting to read the first part of this writeup check it out and enjoy reading: TokyoWesterns CTF 4th 2018 Writeup — Part 1.

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Abdelkader Belcaid

Written by

I'm Bug Bounty Hunter & CTF Player

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew