Tags: bash reversing 

Rating:

Just my exploit code. Enjoy!

```
#!/usr/bin/env python
# ooobash - defcon quals 2k20 - solution by @roman_soft

from pwn import *

p = remote("ooobash.challenges.ooo", 5000)

payload = """
OOOENV=alsulkxjcn92 /bin/bash -L -o sneaky -i 2> /dev/null << EOF #3 & #4

unlockbabylock # 0

r=\$((\$RANDOM*\$RANDOM))
set -o noclobber; echo 1 2> /tmp/badr3d1rYEAHHHHHHHH\$r
set -o noclobber; echo 1 2> /tmp/badr3d1rYEAHHHHHHHH\$r #1
rm -f /tmp/badr3d1rYEAHHHHHHHH\$r

echo > .sneaky #2

a
b
c #5

perl -e 'exit(57)' #6

echo hola > /dev/tcp/0.0.0.0/53 #7

kill -10 $\$ #8

alias yo='echo yo!'
alias yo='echo yo!' #9

declare -r ARO=ole
declare -r ARO=ole #10

function fnx { echo ; } ; fn 1 #11

echo -e 'if :\nthen\n\n\n\nfalse\nfi' > /tmp/rs\$r; source /tmp/rs\$r ; rm -f /tmp/rs\$r #12

getflag
EOF
"""

p.send(payload)
p.interactive()
```