 What's up YouTube, but my name is John Hammond and welcome back to some more Pico CTF 2018 video write-ups. This challenge is called absolutely relative It's in the general skills category. It says in a file system. Everything is relative Can you find a way to get a flag from this program? You can find it here on the shell server and we have the source So this is something that is necessary to run on the shell server So I'm just gonna go ahead and connect to it there, but I do want actually the source code So we can check out what it's doing. Let's W get this and let's open it up Alright, so character. Yes, it should be just simply yes as a constant. Yes length should be three Interesting. We have a main function that will read the flag and has a create a buffer for it for permission, etc It'll open up the absolute path to problems that location and flag dot text So flag dot text will open up an absolute location that works here It'll go ahead and read it and open it up But the permission file is actually relative. It's doing it from the current directory. So that's peculiar and something to note if File it'll okay. It'll read through the permissions and actually determine information out of it Just read it and if the string compare permission is Yes, and yes, so if the length of yes, if we've actually read the permission dot text file to say the word yes It'll say you have right permissions It'll give you the flag if you do not have specific permissions or the sufficient position permissions It will not give you the flag so because permission dot text is read out of a relative location We can control it and let's go do that cool thing here Let's go ahead and jump in we have the location on the shell server that we want to connect to so I'm going to Ssh over there. I'm just using my script that just enters the command for me In with my username so I can simply enter my password and jump in and we have the flag dot text The absolutely relative file absolutely relative that's the etc. So we can't view flag dot text. Can we view? Permission dot text. We don't even have it weird You're not of specific permissions or the sufficient permissions to view this flag. We can't create a permissions dot text. Can we? Nope permission denied. I don't have the permission to do this there. I could try and write yes, but it won't let me save the file So We can now move to someplace where we do have right permission like the temp directory. Let's try and temp jh YouTube and Let's go there temp jh YouTube Great now Let's go ahead and create a symbolic link and I've done this a lot in some bandit or Leviathan or some over-the-wire war games Where I create a symbolic link to the absolute file here The the the program that we're trying to run in its absolute location. Let's get the absolutely relative program in this directory So now I have a like a special kind of blue an absolutely relative file that is in this current directory But is a symbolic link or kind of like a shortcut to that real absolute location of the program So now I can create a permissions dot text and I can have it say yes, just fine Now if I run absolutely relative It says you have right permissions because it's trying to read the permission dot text in the current directory that I am in So I can create the permission dot text file It'll read it just fine and it'll give me the flag because of the how we read the source code So that's that right pretty simple pretty cool We can go ahead and mark that as the flag and say that this challenge is complete let's go ahead and submit it and That's just a neat thing Symbolic links are very very cool And when you have control over a shell server or you have a location where you can have your own files and have your own space It's it's really neat. So All right before I go I want to give a quick shout out to the people that support me on patreon Thank you guys so much one dollar a month on patreon or more will give you a special shout out Just like this at the end of every video five dollars or more will give you early access everything that release on YouTube before It goes live if you did like this video, please do like comment and subscribe join our discord server link in the description It's a cool community full of CTO players programmers and hackers I'm running out of breath, man. I say this every time. It's just the spiel Sometimes it's fun though. Sometimes I say really random and stupid stuff and for those of you that stay late For those of you that that hang on to this very very end of the video you get that you get that delicious treat You get that Easter egg that edible Easter egg delicious treat. I gotta see you later. Goodbye guys Thanks for watching. Hope you enjoyed this. Hope to see you on patreon. Hope to see you in the next video. Love you