A friend was entering a CTF he suspected was “king of the hill” style, which would require him to set and maintain control over a flag file, so he requested some techniques or ideas from me. I gave him a couple of other ideas, but this tool was the one of the products of that discussion.
It’s small, it’s simple, and it’s fast. It watches a file you give it, writes the file if it doesn’t already exist, and enters a loop checking the contents of the file every round. If the contents have changed (compares bytes), it rewrites the file. Quickly.
I told him to compile it and stick it somewhere in the $PATH with the name that wouldn’t look suspicious and probably wouldn’t be used during the event (
htop maybe?) so that someone running
ps aux wouldn’t get tipped off so easily.
Let me know what you think in the comments.