Mirrors/CTF-Writeups
2
0
Fork 0
mirror of https://github.com/AbdullahRizwan101/CTF-Writeups synced 2025-02-16 12:08:24 +00:00
Code Issues Projects Releases Packages Wiki Activity
CTF-Writeups/echoCTF/cretin.md
ARZ 9255a4198d
Create cretin.md
2021-12-04 19:25:52 +05:00

1.2 KiB
Raw Blame History

echoCTF - Cretin

We can find the first flag by printing the environmental variable envafter connecting with nc

Privilege Escalation (dribble)

Running sudo -l we can see that this user can runed binary as dribble user

So looking at GTFOBINS

Privilege Escalation (scribble)

Again running sudo -l we can see this user can now run capsh binary as scribble user

Privilege Escalation (ETSCTF)

This is the last priv esc that we need to do , we can run whiptail as ETSCTF user

Running that we will get ambiguous redirect , so this isn't actually a binary but a script which is running the actual whiptail binary

We just need to specify the file name to read as the privesc is already included here