Description :
Casino? CS cases? Pff. Now this game is really unfair.
Link: HERE
Solution:
After extracting the file locally , the directory contained:
so it's a containerized challenge and we have the main script gissningslek.sh so i run it :
it's interactive and reads one input.and it says:
Let's play a guessing game! Warning: You may not change your guess. :(
so i went into inspecting the content of the file :
so this script reads one value into user_guess and then put that into a loop where guess is called to compare our input with a random number generated for 1000 times and it exits on the first mismatch. with success it prints the flag at first glance the task seems impossible to brute force: guessing 1000 fresh random numbers is infeasible. but here in guess, if the user input (${1}) is the four-letter token rand, then the left operand rand in the comparison is interpreted by Bash as the numeric variable rand.
so here i tried it locally :
and it worked .
then i connected remotely to the server :
and finally /readflag runs after the 1000 iterations, giving access to the flag.
so in this challenge the weakness was that bash evaluates barewords as variable names in arithmetic comparison ( -eq ).the solution for not bypassing it was to put input validation and not accepting strings as input.