exploit.sh

#!/bin/bash

# Validate the URL format
if ! [[ "$1" =~ ^https:\/\/([A-Za-z0-9-]+\.)*picoctf\.net\/* ]]; then
    echo "Error: please provide a valid URL as an argument."
    echo "Usage: $0 <URL>"
    exit 1
fi

URL=$1

get_flag() {
	# Download the file
    wget -q "$URL" -O out
    if [ $? -ne 0 ]; then
        echo "Error: Failed to download file."
        exit 1
    fi

    # Decompress the downloaded file with upx
    upx -q -d out -o original > /dev/null 2>&1
    if [ $? -ne 0 ]; then
        echo "Error: Failed to decompress file."
        exit 1
    fi

    # Extract the flag from the decompressed file
    strings original | grep flag | cut -d ':' -f2 | head -n 1 | xxd -r -p
    if [ $? -ne 0 ]; then
        echo "Error: Failed to extract flag."
        exit 1
    fi
}

# Call the function and store the flag
flag=$(get_flag)

# Check if the flag is found and print it
if [ -z "$flag" ]; then
    echo "Error: Flag not found."
else
    echo "Flag: $flag"
    rm out && rm original
fi