Work was really boring today, with almost no students showing up—probably because many schools were having their school anniversary events, plus midterms just ended. Since no one came to ask questions, I played a bit of CTF, and this one was the most interesting today.

Challenge

Simply put, find the flag, but you can only use numbers and most symbols.

Solution

Once connected to the test environment, text commands indeed couldn’t be used.
But we could use ? and * to see where we currently are.

After some random testing, I located the file containing the flag.
However, I couldn’t view its content directly, so I used base64 to print it out.

Why not use echo? $ /???/???? # /bin/bash or /bin/echo are both possible

If you do this, the system won’t know which command you’re trying to use, and will treat them all as invalid.
So instead, I used base64, which contains a number.

But /????64 could match either base64 or x86_64.
The system wouldn’t understand that either.
So we need to ensure the fourth character is not an underscore.
We change it to /???[!_]64.
This leaves only base64 as the valid match, so the system can interpret it correctly.

Finally, just decode the output from base64.