Tags: unix shell

Rating: 0

**Description**

> I love cats! PS: This is NOT a web challenge. Just find the cats.
>
> http://cats.2018.teamrois.cn:1337

**Solution**

FROM ubuntu:latest
ENV TZ=Asia/Shanghai
RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo$TZ > /etc/timezone
RUN apt-get update && apt-get install -y php python3 nodejs ruby && mkdir /app
WORKDIR /app

# build: docker build -t rctf_cats .
# judge: docker run -it --rm --network none -v /tmp/yourCatFood:/app/food:ro rctf_cats bash -c "timeout 5 diff -Z <(cat food) <(eachCatNameYouProvided food)"

So, without bothering to actually set up Docker, we see that it runs the command timeout 5 diff -Z <(cat food) <(eachCatNameYouProvided food). Whatever we put into the textarea will be the contents of the file food. Then the command compares the output of cat food, i.e. the contents we provided, with 15 commands we provide in the second input invoked with the argument food.

Some other details – cat doesn't count as a cat (too obvious I guess!), and thanks to the regex we cannot provide any commandline arguments, just the names of commands that we want to run. Finally, the content of the file has to be at least 2 bytes, but no more than 1337 bytes, so an empty file is unfortunately not possible.

The solution was obtained by using a basic Ubuntu VM. In the shell I typed a, then presed tab twice to get a listing of commands that start with a, then looked for anything that might work. Same for every other letter.

The most important thing to realise for this part of the challenge was probably that we need to have 15 commands that will output the same thing as cat food *in this particular* setup. We don't actually need to find 15 commands that do the same thing as cat (why would they even exist then?).

So, the commands I provided fall into two categories:

- ones which treat the argument food as a path or filename (e.g. ls)
- ones which treat the argument food as a string (e.g. echo)

Thinking of echo food and cat food, I decided the best choice for the contents of the food file was the literal string food. Then cat food simply outputs food. Useful.

And so finally, the list of commands I chose:

- ls - normally lists directories, but given a path to a file it simply outputs its name (this is more useful when combined with other arguments)
- dir - basically the same as ls as far as I can tell
- more - normally provides an interactive terminal viewer for file contents, but when piped into a command like diff it behaves just like cat
- php - by default, PHP copies file contents to stdout, unless it finds the tag ` Wew, you've found 15 cats! Here is your flag: RCTF{you_love_cats_dont_you}. If you can find at least 4 out of 5 cats whose names in (python3, bash, php, node, ruby), I will give you another flag ._.