Log Viewer

Show TagsShow Solved

Rows:

CHALLENGE	AUTHORS	SOLVES (CURRENT)	SOLVE RATE (AT CONTEST TIME)
Welcome Misc	admin	1428 solves	-
AlpacaHack 2100 Misc Daily AlpacaHack	admin	1250 solves	-
a fact of CTF Crypto Daily AlpacaHack	xornet	737 solves	-
Simple Login Web AlpacaHack Round 2 (Web)	ark	570 solves	Top 28% = 84/300 users
Emojify Web Daily AlpacaHack	ark	499 solves	-
Leaked Flag Checker Rev Daily AlpacaHack	minaminao	480 solves	-
simpleoverflow Pwn Daily AlpacaHack	n01e0	426 solves	-
echo Pwn AlpacaHack Round 1 (Pwn)	ptr-yudai	339 solves	Top 32% = 56/174 users
super-tomato Crypto Daily AlpacaHack	kanon	325 solves	-
hit-and-miss Misc Daily AlpacaHack	ark	314 solves	-
Alpaca Bank Web Daily AlpacaHack	hiikunz	288 solves	-
Xmas Login Web Daily AlpacaHack	hiikunz	287 solves	-
Integer Writer Pwn Daily AlpacaHack	mora	283 solves	-
Fushigi Crawler Web Daily AlpacaHack	minaminao	282 solves	-
Read Assembly Rev Daily AlpacaHack	xrekkusu	278 solves	-
size limit Crypto Daily AlpacaHack	jp3bgy	277 solves	-
Encoding Basics Misc Crypto Daily AlpacaHack	kurenaif	272 solves	-
🐈 Web Daily AlpacaHack	ark	270 solves	-
Treasure Hunt Web AlpacaHack Round 7 (Web)	ark	265 solves	Top 15% = 71/458 users
108 Misc Daily AlpacaHack	admin	252 solves	-

Rows:

203 solves

Author:

tchen

Simple log viewer with regex feature.

Beginner Hint: What is an instance spawner?

In CTFs, some challenges require dynamically creating a separate challenge server for each player (or team).
For example, if a player can change the state of a challenge server, it may affect other players.
To handle such issues, an instance spawner is provided.
On AlpacaHack, clicking the "Spawn Challenge Server" button automatically creates an isolated challenge server for each user.
This challenge also uses an instance spawner.
To help reduce server load, please try to solve the challenge locally before spawning.
Note that on Daily AlpacaHack, even for challenges that do not require an instance spawner, the challenge server may be stopped after some time has passed since release, and the "Spawn Challenge Server" button will then appear.

Beginner Hint: The Starting Point of the Attack

The goal of this challenge is to read the flag file located in the root directory.
The starting point for achieving this is an OS command injection in the query part of the awk command.

Beginner Hint: Pitfalls in Payload Construction

In Python, subprocess.run method executes commands without going through a shell like Bash.
As a result, you cannot split commands using ; or perform command substitution with $(command).