Once we log into the virtual machine above using ssh, we can view the contents of the home directory using the ls command and cat the file we find.
picoplayer@challenge:~$ ls
useless
picoplayer@challenge:~$ cat useless
#!/bin/bash
# Basic mathematical operations via command-line arguments
if [ $# != 3 ]
then
echo "Read the code first"
else
if [[ "$1" == "add" ]]
then
sum=$(( $2 + $3 ))
echo "The Sum is: $sum"
elif [[ "$1" == "sub" ]]
then
sub=$(( $2 - $3 ))
echo "The Substract is: $sub"
elif [[ "$1" == "div" ]]
then
div=$(( $2 / $3 ))
echo "The quotient is: $div"
elif [[ "$1" == "mul" ]]
then
mul=$(( $2 * $3 ))
echo "The product is: $mul"
else
echo "Read the manual"
fi
fi
picoplayer@challenge:~$
It appears to be a bash script for a simple calculator. Playing with the calculator isn't really going to help us find the flag though.
We do see at the end of the script it states to "Read the manual". This gives us a hint... that there is a manual.
If you didn't know or aren't familiar with Linux, the man command is used to view the manual of a command or tool. Now we can use it to give us the manual of the useless command.
picoplayer@challenge:~$ man useless
useless
useless, -- This is a simple calculator script
SYNOPSIS
useless, [add sub mul div] number1 number2
DESCRIPTION
Use the useless, macro to make simple calulations like addition,subtraction, multiplication and division.
Examples
./useless add 1 2
This will add 1 and 2 and return 3
./useless mul 2 3
This will return 6 as a product of 2 and 3
./useless div 6 3
This will return 2 as a quotient of 6 and 3
./useless sub 6 5
This will return 1 as a remainder of substraction of 5 from 6
Authors
This script was designed and developed by Cylab Africa
picoCTF{us3l3ss_ch4ll3ng3_3xpl0it3d_5562}
picoplayer@challenge:~$
Flag
And at the bottom of the man page we can see the flag picoCTF{us3l3ss_ch4ll3ng3_3xpl0it3d_5562}