search

VimJail

hashtag
VimJail 1.0

hashtag
Description

Connect with socat file:$(tty),raw,echo=0 tcp:vimjail1.chal.uiuc.tf:1337 | 50 Points | Author: richard

Dockerfilearrow-up-right entry.sharrow-up-right nsjail.cfgarrow-up-right vimrcarrow-up-right

hashtag
Analysis

Entry file removed read access from flag and runs vim with following options: * -R: Opens Vim in read-only mode, preventing accidental modifications to files. * -M: Starts Vim in "modifiable" mode, allowing editing of text. * -Z: Restores the terminal's original screen contents upon exiting Vim. * -u /home/user/vimrc: Specifies a custom vimrc file (/home/user/vimrc) to use for Vim's configuration.

#!/usr/bin/env sh

chmod -r /flag.txt

vim -R -M -Z -u /home/user/vimrc

vimrc

# This command disables Vim's compatibility mode, ensuring that Vim uses its own enhanced features and behavior rather than emulating older versions of Vi.
set nocompatible
# This command sets Vim to always start in insert mode, allowing you to immediately start inserting text when opening a file.
set insertmode

# These commands define insert mode mappings for the specified key combinations:
inoremap <c-o> nope
inoremap <c-l> nope
inoremap <c-z> nope
inoremap <c-\><c-n> nope

hashtag
Solution

  1. Escape Insert mode: Ctrl+\ -> Ctrl+n -> Ctrl+V

    • Executing this payload was troublesome, With some delays between keys I was able to enter Visual Mode

  2. Edit flag.txt -> Press : -> Type :edit flag.txt

  3. Profit

circle-check

Flag: uiuctf{n0_3sc4p3_f0r_y0u_8613a322d0eb0628}

hashtag
VimJail2

Connect with socat file:$(tty),raw,echo=0 tcp:vimjail2.chal.uiuc.tf:1337 | 50 Points | Author: richard

Dockerfilearrow-up-right entry.sharrow-up-right nsjail.cfgarrow-up-right vimrcarrow-up-right viminfoarrow-up-right

hashtag
Analysis

Same vimfile, but now it converts almost any character in command line mode to _ with the exception of q.

hashtag
Solution

Same trick as previous.

  1. Escape Insert mode: Ctrl+\ -> Ctrl+n -> Ctrl+V

    • Executing this payload was troublesome, With some delays between keys I was able to enter Visual Mode

  2. Type :q to quit

  3. Hit enter (If flag not printed)

  4. Profit

circle-check

Flag: uiuctf{_c364201e0d86171b}

PreviousCorny KernelNextamateursCTF

Last updated