🐉 neospace ~

📝 Latest Posts

Special

Jun 08, 20255 min read

Description

Don’t power users get tired of making spelling mistakes in the shell? Not anymore! Enter Special, the Spell Checked Interface for Affecting Linux. Now, every word is properly spelled and capitalized… automatically and behind-the-scenes! Be the first to test Special in beta, and feel free to tell us all about how Special streamlines every development process that you face. When your co-workers see your amazing shell interface, just tell them: That’s Special (TM) Start your instance to see connection details. ssh -p 55063 ctf-player@saturn.picoctf.net The password is af86add3

Steps :

╰─❯ ssh -p 55063 ctf-player@saturn.picoctf.net                               ─╯
The authenticity of host '[saturn.picoctf.net]:55063 ([13.59.203.175]:55063)' can't be established.
ED25519 key fingerprint is SHA256:tJ0wuU5yBvNO/FrkHmR9iY36VJClMhKV+Hq2sxqKFmg.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[saturn.picoctf.net]:55063' (ED25519) to the list of known hosts.
ctf-player@saturn.picoctf.net's password:
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 6.5.0-1023-aws x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
 
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
 
To restore this content, you can run the 'unminimize' command.
 
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
 
Special$ ls
Is
sh: 1: Is: not found
Special$ /*
Absolutely not paths like that, please!
Special$ ./*
./*
sh: 1: ./blargh: Permission denied
Special$ id
Id
sh: 1: Id: not found
Special$ is
Is
sh: 1: Is: not found
Special$ $
$
sh: 1: $: not found
Special$ $l
Al
sh: 1: Al: not found
Special$ #

looks like something gay :3

img

after 1-2 hrs found about parameter expansion

Time to ChatGPT

img What you’re seeing with ${parameter=ls} is the result of parameter expansion with the default value assignment syntax.

Let’s break it down:

${parameter=ls}
  1. ${parameter=ls} is an example of parameter expansion with default assignment:

  • If parameter is unset or null, it will assign the value ls to parameter.

  • If parameter is already set, it will not change its value.

  1. In your case, it seems that parameter is not set, so it assigns ls to parameter.

  2. ls is then evaluated as a command. When ls is evaluated in the shell, it lists the contents of the current directory.

  3. So, when you run ${parameter=ls}, here’s what happens:

  • It expands parameter to ls.
  • The shell then interprets ls as a command and executes it, which is why you’re seeing the list of files and directories in your current working directory.

What’s happening step-by-step:

  1. Shell Expands ${parameter=ls}:
  • parameter is not set, so it assigns ls to parameter.
  1. ls is executed:
  • Since ls is a valid command, it runs and lists the contents of the current directory.

So the result of ls is printed:

Desktop    Movies    Documents    Downloads    Files    Library    Pictures
Developer  Music     OneDrive - Victoria University    Public    Virtual Machines.localized

Key points:

  • ${parameter=ls} doesn’t directly execute ls as a command in itself. The result is that ls becomes the value of the variable parameter.

  • Since parameter is set to ls, the shell evaluates it as a command and executes it, which is why the contents of your directory are displayed.

Example:

$ echo ${parameter=ls}   # Result: This lists the contents of the directory

Output:

Desktop    Movies    Documents    Downloads    Files    Library    Pictures
Developer  Music     OneDrive - Victoria University    Public    Virtual Machines.localized

To summarize:

  • parameter=ls sets the value of parameter to the string ls, and since ls is a command, the shell executes it and lists the directory contents.

  • ${parameter=ls} effectively runs ls because ls is a valid command and the expansion happens inside the shell.

So here is what i did :

Testing out parameter expansion

╰─❯ ${parameter=ls}                                                         
Desktop				Movies
Developer			Music
Documents			OneDrive - Victoria University
Downloads			Pictures
Files				Public
Library				Virtual Machines.localized
 
╭─ ~ ───────────────────────────────────────────────── base 23:12:55 ─╮
╰─❯ ${parameter="ls"}                                                       
Desktop				Movies
Developer			Music
Documents			OneDrive - Victoria University
Downloads			Pictures
Files				Public
Library				Virtual Machines.localized
 
╭─ ~ ───────────────────────────────────────────────── base 23:14:35 ─╮
╰─❯ ${paramr="ls"}                                                   
Desktop				Movies
Developer			Music
Documents			OneDrive - Victoria University
Downloads			Pictures
Files				Public
Library				Virtual Machines.localized

TIME TO COOK

╰─❯ ssh -p 55783 ctf-player@saturn.picoctf.net                               ─╯
 
The authenticity of host '[saturn.picoctf.net]:55783 ([13.59.203.175]:55783)' can't be established.
ED25519 key fingerprint is SHA256:tJ0wuU5yBvNO/FrkHmR9iY36VJClMhKV+Hq2sxqKFmg.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:20: [saturn.picoctf.net]:55063
    ~/.ssh/known_hosts:22: [saturn.picoctf.net]:59088
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[saturn.picoctf.net]:55783' (ED25519) to the list of known hosts.
ctf-player@saturn.picoctf.net's password:
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 6.5.0-1023-aws x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage
 
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
 
To restore this content, you can run the 'unminimize' command.
 
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
 
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
 
Special$ #
#
Special$ #
#
Special$ myvar="ls"
Myvar="ls"
Special$ $myvar
Mylar
sh: 1: Mylar: not found
Special$ ./*/*
./*/*
sh: 1: ./blargh/flag.txt: Permission denied
Special$ ${command= cat ./blargh/flag.txt}
${command= cat ./blargh/flag.txt}
picoCTF{5p311ch3ck_15_7h3_w0r57_****}Special$

img

Graph View

Backlinks