Huntress CTF 2025 — ARIKA Write-up
Huntress CTF 2025 — ARIKA Write-up
The Arika ransomware group likes to look slick and spiffy with their cool green-on-black terminal style website… but it sounds like they are worried about some security concerns of their own!
Upon reading the source code given along the challenge, I learnt that the webapp was checking the incoming command against the ALLOWLIST, however, since the regular expressions were run in multiline mode (8 was sent as the flag, to re.match, with len(ALLOWLIST) being 8), I could send hostname cat flag.txt command, which would run both commands.
I created a simple python script to send the request and got the flag as a response:
This post is licensed under CC BY 4.0 by the author.