pure-cij is a misc challenge that was part of the 2022 DefCamp CTF qualifiers. The only Hint: “What are your system specs?”.

Task

nc 35.242.226.178 31986
/tmp/tmpogswkqmn
helloworld
       _,met$$$$$gg.          ctf@dctf22-quals-pure-cij-65864bdfb5-vdfs2 
    ,g$$$$$$$$$$$$$$$P.       ------------------------------------------ 
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 11 (bullseye) x86_64 
 ,$$P'              `$$$.     Host: Google Compute Engine 
',$$P       ,ggs.     `$$b:   Kernel: 5.10.127+ 
`d$$'     ,$P"'   .    $$$    Uptime: 2 hours, 45 mins 
 $$P      d$'     ,    $$P    Packages: 278 (dpkg) 
 $$:      $$.   -    ,d$$'    Shell: bash 5.1.4 
 $$;      Y$b._   _,d$P'      Terminal: socat 
 Y$$.    `.`"Y$$$$P"'         CPU: Intel Xeon (4) @ 2.200GHz 
 `$$b      "-.__              Memory: 1395MiB / 15000MiB 
  `Y$$
   `Y$$.                                              
     `$$b.                                            
       `Y$$b.
          `"Y$b._
              `"""

We get the output of the command “neofetch” after sending “helloworld” to the server. Any other random string gets us the same output. The server also gives us a random file name “/tmp/tmpogswkqmn” but we can’t do anything with it.

Then we send “ls”:

nc 35.242.226.178 31986
/tmp/tmpdpm00o4n
ls
flag.txt
server.py
       _,met$$$$$gg.          ctf@dctf22-quals-pure-cij-65864bdfb5-vdfs2 
    ,g$$$$$$$$$$$$$$$P.       ------------------------------------------ 
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 11 (bullseye) x86_64 
 ,$$P'              `$$$.     Host: Google Compute Engine 
',$$P       ,ggs.     `$$b:   Kernel: 5.10.127+ 
`d$$'     ,$P"'   .    $$$    Uptime: 2 hours, 47 mins 
 $$P      d$'     ,    $$P    Packages: 278 (dpkg) 
 $$:      $$.   -    ,d$$'    Shell: bash 5.1.4 
 $$;      Y$b._   _,d$P'      Terminal: socat 
 Y$$.    `.`"Y$$$$P"'         CPU: Intel Xeon (4) @ 2.200GHz 
 `$$b      "-.__              Memory: 1395MiB / 15000MiB 
  `Y$$
   `Y$$.                                              
     `$$b.                                            
       `Y$$b.
          `"Y$b._
              `"""

Well, we can see the flag.txt file. Let’s try to read it:

nc 35.242.226.178 31986
/tmp/tmp35slt3py
cat flag.txt
CTF{56c5ed0e0c3246493cc03801a05e4deb0328e31c7bfe75edee5c89553e58781a}
       _,met$$$$$gg.          ctf@dctf22-quals-pure-cij-65864bdfb5-vdfs2 
    ,g$$$$$$$$$$$$$$$P.       ------------------------------------------ 
  ,g$$P"     """Y$$.".        OS: Debian GNU/Linux 11 (bullseye) x86_64 
 ,$$P'              `$$$.     Host: Google Compute Engine 
',$$P       ,ggs.     `$$b:   Kernel: 5.10.127+ 
`d$$'     ,$P"'   .    $$$    Uptime: 2 hours, 48 mins 
 $$P      d$'     ,    $$P    Packages: 278 (dpkg) 
 $$:      $$.   -    ,d$$'    Shell: bash 5.1.4 
 $$;      Y$b._   _,d$P'      Terminal: socat 
 Y$$.    `.`"Y$$$$P"'         CPU: Intel Xeon (4) @ 2.200GHz 
 `$$b      "-.__              Memory: 1392MiB / 15000MiB 
  `Y$$
   `Y$$.                                              
     `$$b.                                            
       `Y$$b.
          `"Y$b._
              `"""

We aren’t sure if this is intended, but we get the flag.

Flag

The flag is “CTF{56c5ed0e0c3246493cc03801a05e4deb0328e31c7bfe75edee5c89553e58781a}”.