AlpacaHack Logo

Challenges

Sign InSign Up

Rows:

CHALLENGEAUTHORS

SOLVES

(CURRENT)

SOLVE RATE

(AT CONTEST TIME)

AlpacaHack 2100

Daily AlpacaHack

admin

1761

solves

-

Welcome

admin

1574

solves

-

a fact of CTF

Daily AlpacaHack

xornet

xornet

934

solves

-

Simple Login

AlpacaHack Round 2 (Web)

ark

ark

628

solves

Top 28%

= 84/300 users

Emojify

Daily AlpacaHack

ark

ark

623

solves

-

Leaked Flag Checker

Daily AlpacaHack

minaminao

minaminao

606

solves

-

simpleoverflow

SECCON Beginners CTF 2024

n01e0

n01e0

542

solves

Top 73%

= 683/928 teams

hit-and-miss

Daily AlpacaHack

ark

ark

409

solves

-

super-tomato

Daily AlpacaHack

kanon

kanon

406

solves

-

Xmas Login

Daily AlpacaHack

hiikunz

hiikunz

375

solves

-

Fushigi Crawler

Daily AlpacaHack

minaminao

minaminao

367

solves

-

echo

AlpacaHack Round 1 (Pwn)

ptr-yudai

ptr-yudai

363

solves

Top 32%

= 56/174 users

Alpaca Bank

Daily AlpacaHack

hiikunz

hiikunz

349

solves

-

Integer Writer

Daily AlpacaHack

mora

mora

342

solves

-

size limit

Daily AlpacaHack

jp3bgy

337

solves

-

Read Assembly

Daily AlpacaHack

xrekkusu

xrekkusu

331

solves

-

Encoding Basics

Daily AlpacaHack

kurenaif

kurenaif

331

solves

-

🐈

Daily AlpacaHack

ark

ark

323

solves

-

Bars

Daily AlpacaHack

kakur41

kakur41

318

solves

-

108

Daily AlpacaHack

admin

306

solves

-

Rows:

permission denied

Daily AlpacaHackTopic: File PermissionReleased: Apr 29, 2026

76 solves
Misc
Hard

by

minaminao

minaminao

cat: flag.txt: Permission denied

Beginner Hint 1 (AI-translated)
  • If you connect with nc, you will see that a shell starts up.
  • If you read chal.sh, you can see that flag.txt is created before the shell starts.
  • After that, the permissions of flag.txt are set to 400.
  • These commands are executed by the root user.
  • So 400 means that only the root user can read the file.
  • Then runuser -u nobody -- sh starts a shell as the nobody user.
  • However, if you run cat flag.txt, you get Permission denied, so you cannot read the flag.
  • So how can you read the flag?
Beginner Hint 2 (AI-translated)
  • This is a more meta hint, but why does chal.sh bother setting the permissions of flag.txt in the first place?
  • The permissions of chal.sh are specified in the Dockerfile.
  • In the same way, it should also be possible to set the permissions of flag.txt in the Dockerfile.
  • Think about what behavioral difference is created between setting permissions in the Dockerfile and setting them later in chal.sh.
permission-denied.tar.gz
descriptionsolveswriteups