mastardet’s first challenge
Big thanks for @mastardet for the creating the challenge, a great guy with a lot of experince and a good mentor.
Category: basic binary + basic linux
Download the challenge: masterdet_challenge
So let’s begin. Choose the file that fits your operating system.
Let’s inspect the file.
We can see that the file is executable so let’s try to execute it.
So chmod +x challege_linux and run it!
We are getting a password prompt for root@cyberwizards I tried throwing a few random passowords like: root, toor, password, etc. And it did not work.
Next I tried looking at the binaries as it’s a binary challenge.
For that I used Binary.Ninja , an easy to use GUI.
There are a lot of lines in it and it is almost impossible to get anything from that as it’s written in golang.
I used a hint that masterdet gave us.
HINT 1: try searching strings with the hostname of the machine, in the binary
So let’s run strings on the binary with the host name which is cyberwizards
and there we have it! Let’s connect.
So let’s try and see what we have, oh cool the flag is right here lets cat it. As you can see we can’t cat it and it’s a restricted shell, which means there are very few commands that work.
After we run help we can see that we have few commands available. Let’s try running export.
We could try to use it.
Doesn’t look like we can use it.
let’s try running reboot, it might restart it and exit the restricted mode.
A rabbit hole.
Let’s try running the history command.
Hmm.. I am sure I ran more commands.
Here we have our second hint We are nothing without history, And linux is nothing without environment variables
After googling I found that history uses an enviroment variable HISTFILE
So we can try setting the history variable to the flag.txt and it might show it to us!, Let’s get into work.
tried to run HISTFILE=/root/flag.txt and did not get any error so it ran successfully!. So let’s run history!, same as before…
so after a bit more googling I found out that we need to refrash the hisotry by doing hisotry -r
And there it is!
