Category: Exploit Points: 200 Author: Amanpreet Singh Difficulty: Solves: 25 Description:
Intrestingly enough, even though it was not expected, Chintu found a cool website to play with, though he can't get the flag. Can you? Visit this. Submit the SHA-256 hash of the flag obtained.
We are given a Clojure sandbox and have to find the flag and secret of an user named admin.
Entering valid clojure code, we can execute several functions, e.g. printing the version:
Give me some code: > (clojure-version) "1.4.0"
> (all-ns) [..see all-ns file..]
We see a namespace named
noname.people.admin, so we try to find any variables within this namespace after importing this namespace:
> (require '[noname.people.admin :as adm]) nil > (adm/flag) Ma flag is : [REDACTED] > (adm/secret) java.lang.IllegalStateException: var: #'noname.people.admin/secret is not public
Mhh, we can access the variable flag, but can't access secret. Secret must be private. Fortunately, there is a way to read private variables described here:
> (#'adm/secret) "Ma secret is: [REDACTED]"
We concat these two strings and make a sha256 hash out of them and get the flag!