From 853acb8ecf7152bb7ce821655658ca2945e7e414 Mon Sep 17 00:00:00 2001
From: jc <jc@git.server>
Date: Fri, 15 Nov 2024 23:47:54 +0300
Subject: [PATCH] C code

---
 blockctf_2024/only_ws/only_ws.c | 43 +++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 blockctf_2024/only_ws/only_ws.c

diff --git a/blockctf_2024/only_ws/only_ws.c b/blockctf_2024/only_ws/only_ws.c
new file mode 100644
index 0000000..c61ea31
--- /dev/null
+++ b/blockctf_2024/only_ws/only_ws.c
@@ -0,0 +1,43 @@
+#include <seccomp.h>
+#include <syscall.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <unistd.h>
+
+#include <string.h>
+
+typedef void shellcode();
+char flag[64];
+
+int main(int argc, char **argv) {
+  setvbuf(stdout, NULL, _IONBF, 0);
+  setvbuf(stdin, NULL, _IONBF, 0);
+  setvbuf(stderr, NULL, _IONBF, 0);
+  FILE *f = fopen("flag.txt", "r");
+  if (f == NULL) {
+    printf("error reading flag");
+    return -1;
+  }
+
+  fscanf(f, "%s", flag);
+  printf("Flag is at 0x%x\n", (void *)flag);
+  fclose(f);
+
+  char shellcode_buf[4096];
+  int bytes_read = read(STDIN_FILENO, shellcode_buf, sizeof(shellcode_buf));
+
+  void *shellcode_ptr =
+      mmap((void *)shellcode_buf, 1, PROT_READ | PROT_WRITE | PROT_EXEC,
+           MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
+  memcpy(shellcode_ptr, shellcode_buf, bytes_read);
+
+  scmp_filter_ctx ctx = seccomp_init(SCMP_ACT_KILL_PROCESS);
+  seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
+  seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(exit), 0);
+
+  seccomp_load(ctx);
+  seccomp_release(ctx);
+  ((shellcode *)shellcode_ptr)();
+}