Post

0xL4ugh CTF 2024 - TerraMeow

Posted
By Nolliv22 1 min read

Description

Category: Misc

Easy challenge to get you learn basics of IAC with Terraform.

Author: zAbuQasem

nc 172.190.120.133 50002

Attachment:

Solution

The flag is in the main.tf file:

1
2
3
4

resource "local_file" "flag" {
  content = "Hello-world!"
  filename = var.FLAG
}

The command to get the flag: local_file.flag.filename

But it will blocked by the server:

1
2
3
4
5
6
7
8
9

def execute_terraform_commands(commands):
    for command in commands:
        cmd = f"echo '{command}' | terraform console"
        output = os.popen(cmd).read()
        if "0xL4ugh{F4k3_Fl4G_F0r_T4stIng}" in output:
            print(monkey)
            exit(1337)
        else:
            print(output)

We encode the flag in base64 so we avoid it: base64encode(local_file.flag.filename)

And we got it: MHhMNHVnaHtUZl9zVDR0M19BbkRyMF9UNHQzfQ==

Flag: 0xL4ugh{Tf_sT4t3_AnDr0_T4t3}

Writeups, 0xL4ugh CTF 2024
Misc
This post is licensed under CC BY 4.0 by the author.