Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2024-11-10 06:34:17 +00:00
Code Issues Projects Releases Packages Wiki Activity
CTF-Writeups/echoCTF/envil.md
ARZ a22b6ef139
Create envil.md
2021-12-04 19:24:57 +05:00

1.7 KiB
Raw Permalink Blame History

echoCTF - Anvil

This is an OS category challenge in which we are provided an IP address and a port to conenct using nc

We can find the first flag by printing the evnironmental variables using env

Privilege Escalation (silver)

Running sudo -l we can see that we are user copper and we can run /sbin/debugfs as silver user

In this user's directory we can find the first flag

Privilege Escalation (gold)

Next we can again run sudo -l to see which commands we can run as other user and here we can run /usr/bin/sftp with gold user , now in order to escalate we need to have a ssh port running but here we can't open that port as we need root privileges so we can open ssh port on our host machine

Following GTFOBINS we can spawn a bash shell

And in gold's home directory we can get the second flag.

Privilege Escalation (ETSCTF)

Doing sudo -l again we can see that this user can run /bin/bzless as ETSCTF user

bzless is similar to less binary but it's for viewing bzip2 compressed text so we can try to pass a filename to it and then privesc similar to less