Skip to content

mitre-cyber-academy/2012-forensics-c

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
django
django
 
 
.gitignore
.gitignore
 
 
DESCRIPTION.txt
DESCRIPTION.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
challenge.yml
challenge.yml
 
 
mesg_to_the_admins.txt
mesg_to_the_admins.txt
 
 
values.yml
values.yml
 
 

Repository files navigation

This challenge requires that the chef script be used to configure locations and permissions.

Solution: In the seach bar, type "author=sudo -u timmy cat /home/corporate_secrets/flag.txt"

The author= is found by studying the source code provided. Looking through the source code, it can be determined that the search box has a special handler for author= and that the handler passes the string to the shell.

Browsing the system using the backdoor, they can find the directory /home/corporate_secrets, which should be the obvious tartet.

To learn the contents of the directory, users must use sudo to perfrom an ls.

A simple sudo command does not grant access to the flag however. Performin a sudo ls -l /home/corporate_secrets reveals the directory can only be read by the fread group. Checking the /etc/group file, the user learns timmy is in that group.

Trying to 'cat' the file as timmy, ie, sudo -u timmy cat /home/corporate_secrets/flag.txt reveals the flag MCA-40B3E9F8.

About

Forensics C challenge from the June 2012 MITRE CTF

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages