usr: ctf, pass: canyoudoit
flag in /home/flag/flag.txt
Once logged in, there’s nothing interesting found inside the
file, although it’s good to see they’ve tried checking vulnerabilities for
example the ShellShock attack.
Likewise, we see
/home/flag has no access controls present which allow us to
read, write or execute anything in the directory. All attempts at directly
/home/flag/flag.txt file gave us access denied.
/sbin yields nothing, but if we perform
/usr/bin, there’s a file called
... which is owned by
flag, but part of
ctf. It has
s permissions, and when executed, it gives us a
Python shell, running as flag.
Here, it’s simple. We write a bit of python in the interpreter that opens
/home/flag/flag.txt, and prints it. The script is below:
f = open('/home/flag/txt', 'r') print f
This prints out the flag.