The Kringle Kiosk was beside my friend Shinny Upatree in the Castle Approach. In describing the kiosk, Shinny made me aware of some issues when printing out a badge. Hmmm...
Upon launching the terminal, I was presented with a challenge to launch /bin/bash. Challenge accepted!
Looking thru the menu items I see a map of the castle...
A code of conduct and ToS (very important in this day)...
A directory of folks I can expect to meet. I'm happy to see some familiar names here! (gotta keep this list in mind)
And finally the ability to print a badge... Printing a badge with my name doesn't make anything bad happen, but the comments mention to not use special characters (that makes me think it's not doing escaping appropriately). The main menu also makes mention of any input other than 1-5 having unintended consequences. Time to start doing what we're not supposed to do! :-)
First I tried some basic invalid data entry by entering numbers or letters in the main menu, which just responded with Error. Nothing interesting initially, so I went to the badge print to play around some...
When I went to the print badge screen and tried to embed a command by printing glutious `/bin/bash` foobar I was promptly (rimshot) dropped to a shell. Zonks! A quick recon (ls, pwd, whoami) didn't show stdout being returned directly (which made sense, since it is command substitution), but when it executed exit, I was greated with my badge, but with all that stdoutcontent embedded.
However, the automagic system didn't seem to recognize the hash codes, so I closed out the window and relaunched. This time I tried printing just with `/bin/bash`, but still no recognition. Hmmm... So I tried executing with `/bin/bash -c whoami', which responded 'shinny'. Interesting! `/bin/bash -c pwd` showed '/home/shinny'.
Next I tried `/bin/bash -c ls -las`, which shows the only file in the directory is welcome.sh. Lets see if we can see the contents of that file. `/bin/bash -c cat ./welcome.sh`. This showed no response... Foo... Lets try something else... Executing foo $(cat welcome.sh) bar got me what I was looking for.
At this point, I was invoked a bash shell, but I could read the input until it was embedded within the badge. I was in, but not in the way the auto-scoring system (and experts) would expect. So how the heck can I invoke a shell in a command substitution and get stdout to the terminal? Googling didn't provide me an answer (somedays, the wordsmithing muse of G is fickle).
Looking at the contents of /opt/reindeer.cow show some ascii for the reindeer...
Looking at the content of /usr/games/cowsay shows this to be a perl script called Cowsay...
Reviewing the contents of the directory again, I see a .bashrc, so lets see whats in that. Hmmm, mentions a /opt/success.txt. Let's look at that. It's part of the content that is only getting displayed on exit.
So I thought about redirecting stdout to stderr to see if I could "see" that since failed commands were being returned. I executed the initial commands from .bashrc - $(/home/elf/runtoanswer WelcomeToSantasCastle 1>&2). Boom! The auto-score system reported I'd achieved the challenge. But... I still didn't see anything in the terminal...
This is one of those circumstances where I did it, but there's gotta be a much better way of going about doing it... I accepted by status for the time being, and decided to move on for now. But I do want to revisit this to learn other techniques on how I could have approached this challenge.
Looking through the menu script, I did notice that there was a 'surprise' function that cat /opt/plant.txt, so I tried directly displaying the file using $(cat /opt/plant.txt) and it shows something slightly interesting, but the ascii art is getting mangled because command substition is removing all the newlines. Looking back at the script, I see that the command is 'plant', so I ran that...
More shenanigans were behad in the Castle Approach.
