Differences
This shows you the differences between two versions of the page.
|
isc:labs:04 [2024/10/19 19:35] florin.stancu created |
isc:labs:04 [2024/10/30 12:07] (current) radu.mantu [[25p] 04. Linux ACLs] |
||
|---|---|---|---|
| Line 171: | Line 171: | ||
| * Open the container. Try to read the files in ''/etc/secret/''. There is a ''flag'' in there... can you read it? | * Open the container. Try to read the files in ''/etc/secret/''. There is a ''flag'' in there... can you read it? | ||
| - | * Go to ''/usr/local/isc/''. There is a //hidden// directory containing a **very hidden** file (its name is a **hidden number** in the ''100-10000'' range). Can you try to guess it? | + | * Go to ''/usr/local/isc/''. There is a hidden directory containing a **very hidden** file (its name is a <color #FFF>.</color>number in the ''100-10000'' range). Can you try to guess it? |
| + | * //Hint: all files are <color #FFF>.</color>hidden!// | ||
| * //Hint: you may want to filter the output a bit.. ''stderr'' redirection, maybe?// | * //Hint: you may want to filter the output a bit.. ''stderr'' redirection, maybe?// | ||
| * Finally, run ''giff-me-flag'' | * Finally, run ''giff-me-flag'' | ||
| Line 196: | Line 197: | ||
| * Inside the container, you have many existing users! | * Inside the container, you have many existing users! | ||
| - | * The starter account has the password ''hunter2''. The others have further instructions (text files) inside their home directories! | + | * The starter account (''mihai'') has the password ''hunter2''. The others have further instructions (text files) inside their home directories! |
| * Main objective: read the flag inside ''/home/.not_for_your_eyes'' by using the good ol' **u**ser <-> **s**witcher//o//o commands! | * Main objective: read the flag inside ''/home/.not_for_your_eyes'' by using the good ol' **u**ser <-> **s**witcher//o//o commands! | ||
| * //Hint: explore all homes & read the (possibly hidden!) files in there, your next step **is always** suggested in there!// | * //Hint: explore all homes & read the (possibly hidden!) files in there, your next step **is always** suggested in there!// | ||
| - | * //Note: ''sudo'', by default, tries to execute a command on behalf of the ''root'' account (this is forbidden here). Read its man page to see how you can specify another user!// | + | * //Note: ''sudo'', by default, tries to execute a command on behalf of the ''root'' account (this is forbidden here). Read its man page to see how you can specify another user! also check out ''%%--%%list'' option to see your permissions ;) // |
| * //Hint: you will need to do some unusual "path traversals" on that last binary to catch the final flag.// | * //Hint: you will need to do some unusual "path traversals" on that last binary to catch the final flag.// | ||
| * Total: **1 flag** (most difficult)! | * Total: **1 flag** (most difficult)! | ||
| Line 240: | Line 241: | ||
| * //Hint: "reverse engineer" it, again!// | * //Hint: "reverse engineer" it, again!// | ||
| * Total: **2 flags**! | * Total: **2 flags**! | ||
| + | |||
| + | <note tip> | ||
| + | In absence of [[https://github.com/pwndbg/pwndbg|pwndbg]] use vanilla **gdb** with one of its built-in layouts: | ||
| + | <code> | ||
| + | (gdb) layout asm | ||
| + | </code> | ||
| + | </note> | ||
| <solution -hidden> | <solution -hidden> | ||
