Tags: bash reversing
Rating:
Just my exploit code. Enjoy!
```
#!/usr/bin/env python
# ooobash - defcon quals 2k20 - solution by @roman_soft
from pwn import *
p = remote("ooobash.challenges.ooo", 5000)
payload = """
OOOENV=alsulkxjcn92 /bin/bash -L -o sneaky -i 2> /dev/null << EOF #3 & #4
unlockbabylock # 0
r=\$((\$RANDOM*\$RANDOM))
set -o noclobber; echo 1 2> /tmp/badr3d1rYEAHHHHHHHH\$r
set -o noclobber; echo 1 2> /tmp/badr3d1rYEAHHHHHHHH\$r #1
rm -f /tmp/badr3d1rYEAHHHHHHHH\$r
echo > .sneaky #2
a
b
c #5
perl -e 'exit(57)' #6
echo hola > /dev/tcp/0.0.0.0/53 #7
kill -10 $\$ #8
alias yo='echo yo!'
alias yo='echo yo!' #9
declare -r ARO=ole
declare -r ARO=ole #10
function fnx { echo ; } ; fn 1 #11
echo -e 'if :\nthen\n\n\n\nfalse\nfi' > /tmp/rs\$r; source /tmp/rs\$r ; rm -f /tmp/rs\$r #12
getflag
EOF
"""
p.send(payload)
p.interactive()
```
