Tags: pwn 

Rating:

ssh [email protected]
password is:[email protected]

connect, do ls and notice that there's a flag.txt, but only a few allowed commands and "cat flag.txt" prints something else.
Assume that flag.txt actually contains flag but something weird is going on, so instead of connecting to the remote server I just run the command "cat flag.txt" remotely, so that the output is printed unmodified on my own machine. This is done with ```ssh [email protected] cat flag.txt```, and sure enough after giving the password, the flag is printed.

#RaziCTF{th3r3_!s_4_c4t_c4ll3d_fl4g}.

Original writeup (https://github.com/TophatHackers/writeups/blob/master/2020/RaziCTF/cat.md).