Tags: bash misc ssh 

Rating:

Zombie

image

This challenge allows us to SSH into a box and we see a script that we can read to better understand what is going on:

image

It seems the user runs tail on the flag and then deletes it. However, the process is still running in the background:

image

Which means we should be able to read its file descriptor by going to /proc/<pid>/fd.

image

And indeed, we get the flag:

image

flag{6387e800943b0b468c2622ff858bf744}

Original writeup (https://github.com/LazyTitan33/CTF-Writeups/blob/main/Nahamcon2023/Misc/Zombie.md).