https://losfuzzys.github.io/writeup/2017/12/30/34c3ctf-minbashmaxfun/

Bash

Command	Description
`$(command)`	Command substitution
`$((arithmetic))`	Arithmetic expansion
`text{a,b,c}`	Brace expansion
`command < file`	STDIN redirection
`command <<< text`	STDIN literal redirection
`$'string with \nn and other \145scapes'`	Dollar-quoted string literals
`$'\52'`	\nn is an octal number of the ASCII char
`${#variable}`	Variable string length
`${!variable}`	Indirect variable expansion
`$#`	Number of parameters to bash
`$$`	Bash process ID
`$!`	Last process ID
`if [ -d "$DIRECTORY" ];`	If directory exists

LD_PRELOAD

#include <stdlib.h>

#include <stdio.h>
int puts(const char *s) {
    setuid(0);
	setgid(0);
	return system("/bin/cat flag.txt");
}

#include <string.h>
int strcmp(const char *s1, const char *s2) {
    return 0;
}

Compiling

gcc -fPIC -shared -ldl -o pwn.so pwn.c
LD_PRELOAD=./pwn.so ./binary

.sh - adeptex/CTF GitHub Wiki

Bash

LD_PRELOAD

Compiling

⚠️ GitHub.com Fallback ⚠️

.sh - adeptex/CTF GitHub Wiki

Bash

LD_PRELOAD

Compiling

⚠️ **GitHub.com Fallback** ⚠️

⚠️ GitHub.com Fallback ⚠️