## Sunday, 21 February 2016

### Internetwache CTF 2016 TexMaker

Question :

Service : https://texmaker.ctf.internetwache.org/

Solution :
The webpage gives you to program a latex and create a pdf .

After a bit of searching for latex hacks I found the guide

http://cseweb.ucsd.edu/~hovav/dist/texhack.pdf

Well, this has a amazing article on how to use latex for malicious purpose. I went through usual approach of using \input{"ls"} as we have no clue where is the file is and what the file extension is for the flag.

we see "BLACKLISTED commands cannot be used."

I saw few evading techniques that can be used by following the above article like
\csname \begin \@@ ^^5C \cat_code , No luck though.

Lets change the view, search for commands that can execute us the shell commands.

After a bit of digging i finally found this command was not BLACKLISTED and that is \write18
which is also called shell-escape.

http://tex.stackexchange.com/questions/16790/write18-capturing-shell-script-output-as-command-variable

It was simple after to use \write18{ls ../}

and \write18{cat ../flag.php}

FLAG : IW{L4T3x_IS_Tur1ng_c0mpl3te}

#### Post a Comment

enter valid comments.Suggestions are most welcome and would be interested in correcting my mistakes.