Library

Library - THM

Two ports open, and one is clearly the better choice to start snooping around. Not too much to look at, you can probably detect there are some useful informations displayed on the page (if we consider Lorem Ipsum useless, what is the only customized content on the page?). Use this information and the generous hint on robots.txt to start the most boring attack there is (sit and wait, go grab something to eat or drink or whatever suits you).

Once you are in, the flag is there. And that's not the only thing there. Check your permissions, that file right there can run as the most privileged user in the world (UNIX world, but still). Now it's time to refresh your class on Linux permissions: you cannot write the file, that's true. But you OWN the directory. You can destroy it and make a new one, as evil as you want. Mine, not particularly exotic, was as follows:

import os;
os.system('/bin/bash -p');

Happy root, and merry hacking!


You'll only receive email when they publish something new.

More from emacab98