PicoCTF2018 - Miscellaneous - ACA-Shell-A
Objective:
It's never a bad idea to brush up on those linux skills or even learn some new ones before you set off on this adventure! Connect with nc 2018shell.picoctf.com 27833.
Resolution:
OK this one is interactive
asmith85338@pico-2018-shell:/$ nc 2018shell.picoctf.com 27833
Sweet! We have gotten access into the system but we aren't root.
It's some sort of restricted shell! I can't see what you are typing
but I can see your output. I'll be here to help you along.
If you need help, type "echo 'Help Me!'" and I'll see what I can do
There is not much time left!
~/$
let's start with ls -l to see where we are and whats in there.
A couple of interesting Directory names lets check them out
cd passwords
nothing there let's try the secret folder
cd ..
Now we are cookin'! Take a look around there and tell me what you find!
~/secret$ ls
Sabatoge them! Get rid of all their intel files!
lets delete all files called index_
Nice! Once they are all gone, I think I can drop you a file of an exploit!
Just type "echo 'Drop it in!' " and we can give it a whirl!
~/secret$ echo 'Drop it in!'
I placed a file in the executables folder as it looks like the only place we can execute from!
Run the script I wrote to have a little more impact on the system!
~/secret$ cd ..
ee
Looking through the text above, I think I have found the password. I am just having trouble with a username.
Oh drats! They are onto us! We could get kicked out soon!
Quick! Print the username to the screen so we can close are backdoor and log into the account directly!
You have to find another way other than echo!
~/executables$ whoami
Perfect! One second!
Okay, I think I have got what we are looking for. I just need to to copy the file to a place we can read.
Try copying the file called TopSecret in tmp directory into the passwords folder.
picoCTF{CrUsHeD_It_17ab99f5}
Objective:
It's never a bad idea to brush up on those linux skills or even learn some new ones before you set off on this adventure! Connect with nc 2018shell.picoctf.com 27833.
Resolution:
OK this one is interactive
asmith85338@pico-2018-shell:/$ nc 2018shell.picoctf.com 27833
Sweet! We have gotten access into the system but we aren't root.
It's some sort of restricted shell! I can't see what you are typing
but I can see your output. I'll be here to help you along.
If you need help, type "echo 'Help Me!'" and I'll see what I can do
There is not much time left!
~/$
let's start with ls -l to see where we are and whats in there.
~/$ ls -l
drwxr-xr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Jul 1 2018 blackmail
drwxr-xr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Jul 1 2018 executables
drwxrwxr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Apr 13 2018 passwords
drwxrwxr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Apr 13 2018 photos
drwxr-xr-x 2 aca-shell-a_4 aca-shell-a_4 4096 Jul 1 2018 secret
~/$
A couple of interesting Directory names lets check them out
cd passwords
~/$ cd passwords
~/passwords$ ls
~/passwords$
nothing there let's try the secret folder
cd ..
~/$ cd secret
Now we are cookin'! Take a look around there and tell me what you find!
~/secret$ ls
intel_1
intel_2
intel_3
intel_4
intel_5
profile_ahqueith5aekongieP4ahzugi
profile_ahShaighaxahMooshuP1johgo
profile_aik4hah9ilie9foru0Phoaph0
profile_AipieG5Ua9aewei5ieSoh7aph
profile_bah9Ech9oa4xaicohphahfaiG
profile_ie7sheiP7su2At2ahw6iRikoe
profile_of0Nee4laith8odaeLachoonu
profile_poh9eij4Choophaweiwev6eev
profile_poo3ipohGohThi9Cohverai7e
profile_Xei2uu5suwangohceedaifohs
Sabatoge them! Get rid of all their intel files!
lets delete all files called index_
~/secret$ rm intel_*
Nice! Once they are all gone, I think I can drop you a file of an exploit!
Just type "echo 'Drop it in!' " and we can give it a whirl!
~/secret$ echo 'Drop it in!'
Drop it in!
I placed a file in the executables folder as it looks like the only place we can execute from!
Run the script I wrote to have a little more impact on the system!
~/secret$ cd ..
~/$ cd executables
~/executables$ ls
dontLookHere
~/executables$ ./dontLookHere
161f 5266 8b89 025f c8ba 5df8 846c bd7d 221a 3a38 c493 5030 ece6 87d8 6107 c8d8 803c 17a4 d2a0 7e67 3786 4502 0ec0 0e01 11
e5
b073 3cab 8fa6 4448 3738 a303 ec78 e7d9 de4d 6157 0e56 89a7 e192 930f faf0 3807 fae9 ab7f a577 c82e 91e4 534f fa05 0787 08
84
aef9 984d 996e 693b 90d4 9ace 4101 7564 7f34 e15c 6c3e d162 911f 07fb 73c4 fdb4 9dbe 0b16 95c9 a352 7b12 48bc f153 1897 b9
b3
49c4 f512 cdba 34fb a808 7e98 fd92 13e3 fe6f 744c 1404 375f 84cb d639 2edb 8296 4138 aa06 94d2 08d6 19e5 c9f5 d741 072e a3
02
335c 61bd e53b ed23 3aa1 8171 8123 35ea 92ee 9754 de5c 3898 8f8c d6e5 d192 9af8 596e 3acb 6d08 dea9 fc98 0c0d bf7b 20f0 25
ed
f1fe 06f6 18fe 03b5 2f61 da07 7499 438d 03d4 d8f1 477c 6358 ed8f a84b 63dd fb12 baf3 a670 c7cf 90d9 e573 16a9 2e34 93a4 ad
9e
2f6e a826 ae24 c3ce 615d 58c8 a453 c0be 130b c104 d346 06f8 8e6a 6a42 325d a9a2 485b d0fe 748a 442f e30b ccc3 23e3 8899 81
92
027f 3699 dc3e 0acb 4c78 0f58 9d87 6670 4e3c 3e34 169c db4e d7fa 61e4 2559 e8f6 bb72 7b15 cc2e 5107 da97 9d37 7d29 d2a4 f1
71
37c4 f061 7d6b 3cc1 6641 a8c5 d986 6a48 fa49 da6c 32b9 0537 f56b 7d55 664f 3041 1978 335b dfd3 0a6b 1940 8eab a61b ae81 45
aa
4e78 f5bb 631d d384 8172 ba33 e98a eae4 7234 8bde a617 74fc aaa4 575d 1bb8 78f2 9586 a744 e0e2 b80c 38aa a7dc ad1d 66f3 7b
90
203a 684c a570 61d9 7706 fe74 89aa 2c7e b4a6 a90d 9fdd 17a9 ea22 b641 cd28 e3c6 ab4b 3c7c c9b9 d2bb 7e3a cfbe 363d f67f 12
99
54c4 e91c cdc4 f3d5 49da 7f6c 6b3b 5c1b e5d9 390b ad2e 082a 453d cf06 bd3a 207a 6325 6722 61b4 cb3c 135b bb1b c278 e78d c2
98
367f 3795 e8fa f859 8198 1bd0 1516 1902 c5fc 8714 bca8 f1b0 56d9 0fa5 44e7 3a00 2632 40be 49a8 8287 c00e 9bf9 f5dc 88db 3c
c8
3241 88a2 ae7f f085 9c8d 1bde a96b 61bb 5b72 d5ed 5408 be05 b551 8828 3d70 945b 8507 cd0d 71de 3607 27c9 cfe5 c0b3 792e 34
b4
2c7e 52e0 57b7 01d5 1ad3 fd82 c3a8 10a2 bea2 c357 9ace 48c2 77ee b187 4c7e d092 b059 528b 6c2b 128b 89a7 325a 0c07 cbaf 90
ab
6b78 eb73 4a68 c10a a3b8 6bff cc5b 4228 52e9 44f7 4dcf eb5f 6ca6 a9c9 7f9c 6684 f09f 62bc e6dc 5355 c5ec db01 2ef6 5abe 3d
86
b09b 7d41 abf3 6781 f2ee dcab 9b40 02cb 99b1 8886 c8f6 91ed 5cbb 4172 136b 9931 feb9 ec05 ba64 d21d 964c a9e8 da01 d657 18
a3
8573 2218 3b8d 95ce 1191 5680 504c ca03 ca72 f4a2 473d d406 0c13 16ca d55c cd84 1f5e d0fa 0b9a 409f 3895 301d 6d47 3047 2d
40
d7f8 1bc2 283b 50f9 95ef 5ca1 6b1e 725f 14c7 3a95 6a8a 2acd dae1 b54f 8e7d 52ea 1d28 983b 2b45 878e 7b05 9d6a 2932 eddb db
91
7436 6481 2eb7 42af 48c0 ddf9 96cb 6d36 a1a2 8acb 6e92 91ae b13c a1d0 bc2c 27f6 d579 9da6 fe76 902c 9b8c bdfa 4c93 e53a 46
e0
8c54 e03f 3214 1d19 72c7 6d46 0c72 3931 7588 d5bc d7ee 4e51 09bf 2b39 17ed 31fc 5124 a343 9da0 a24e 7f2b 0968 b6d7 469f d5
1a
1d23 b26e 0a0e 5c62 5088 5484 fd2f 66cd f1c1 9b48 d3b1 362f dd4c 1ff8 b268 9d49 be15 db61 b71b 5d70 d494 bd1d 5222 9db9 92
df
45c5 62a5 917d 1c43 9613 d43a 1da7 bb61 1840 43d3 aa9e a74d 3c5e eb09 56fc 7541 0159 cee2 5583 f3f8 1bea 8a17 35c6 fee1 ca
b6
13b6 98f1 1735 1d3d 3e26 b410 91c8 db8b fb25 6c1c 1907 2c1f d6e7 6106 8ff2 e246 3bbc e607 ea1e 75ca 798c e93f bf2d 9d01 50
67
f126 b591 e729 56c0 be5d 39a7 605d 68c0 e54a 627d b51a a284 b159 82d2 5e9a 4134 92bc 37a4 4c1d e07d 0d6b 2ad4 e9d5 f5d6 01
33
6903 ccdd 306c 0146 99f5 f5a2 abab 90ca 4fbb 6e01 bbc0 e9d6 80af 897a aebd 521a d057 c1d2 ee05 ff3d 14a4 ddd2 346d ebb9 c1
f4
91e2 13c1 9c74 f68f 58c7 47d5 7fb9 4ded 0df3 798b 596a 3b2a 7e46 cafc 2222 7046 de5d ae98 b1d9 d6c7 c805 e2a6 5ec7 4ba0 f7
87
b8a9 fd2b 2d76 98c5 fbfc fcf8 ddfc 8957 9d7b 8ba1 8a33 5fb4 5514 58e9 fb69 e8c7 15d8 aa59 4a6e fb79 c044 13fb b947 8680 bc
c0
9344 785c 6253 302a 5725 ed13 205e 2f2a 466e f3d7 0872 90e0 d676 3076 42de 6f69 ccbc 13d0 50a7 235e 7d7a e757 5545 f8d3 43
16
6fbf 7050 2079 2bb8 075f 638c 6e52 6eb7 35b0 f6be d72a 322e d306 4294 07f1 db88 c33b 57f4 5a39 ec4e 85fc 0a15 1dec b0e3 2d
ee
Looking through the text above, I think I have found the password. I am just having trouble with a username.
Oh drats! They are onto us! We could get kicked out soon!
Quick! Print the username to the screen so we can close are backdoor and log into the account directly!
You have to find another way other than echo!
~/executables$ whoami
l33th4x0r
Perfect! One second!
Okay, I think I have got what we are looking for. I just need to to copy the file to a place we can read.
Try copying the file called TopSecret in tmp directory into the passwords folder.
~/executables$ cp /tmp/TopSecret ../passwords
Server shutdown in 10 seconds...
Quick! go read the file before we lose our connection!
~/executables$ cd ..
~/$ cd passwords
~/passwords$ cat TopSecret
Major General John M. Schofield's graduation address to the graduating class of 1879 at West Point is as follows: The disci
pline which makes the soldiers of a free country reliable in battle is not to be gained by harsh or tyrannical treatment.On
the contrary, such treatment is far more likely to destroy than to make an army.It is possible to impart instruction and g
ive commands in such a manner and such a tone of voice as to inspire in the soldier no feeling butan intense desire to obey
, while the opposite manner and tone of voice cannot fail to excite strong resentment and a desire to disobey.The one mode
or other of dealing with subordinates springs from a corresponding spirit in the breast of the commander.He who feels the r
espect which is due to others, cannot fail to inspire in them respect for himself, while he who feels,and hence manifests d
isrespect towards others, especially his subordinates, cannot fail to inspire hatred against himself.
picoCTF{CrUsHeD_It_17ab99f5}
Comments
Post a Comment